Font Size Print Download Reader HHS Home|HHS News|About HHS

CDC Privacy Impact Assessments

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH/ATS ATSDR Geographical Information System (GIS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Dec 1, 2003

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-01-1011-02

Privacy Act System of Records (SOR) Number: N/A -System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: ATSDR Geographic information System (GIS)

System Point of Contact (POC). The S ystem POC is the person to whom questions about the system and the responses to this PIA may be addressed: Andrew L. Dent

Provide an overview of the system: Geographic Information Systems (GIS) can provide a visual tool for identifying the location of events, the spatial relationship between incidents and the population they may impact. Mapping technology can also assist in the collection of information from exposed individuals to help identify the source of an unknown release. Proximity assessment, demographic characterization, and local resource identification (e.g., postal facilities, health care, fire, national guard) are also available through the use of spatial analysis techniques.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH/ATS Hazardous Substance Releas e/ Health Effects Database System (HazDat) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-23-01-1000-00

Privacy Act System of Records (SOR) Number: 09-19-0001

OMB Information Collection Approval Number: N/A

Other Identifying Number (s): N/A

System Name: HazDat

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lori Franklin

Provide an overview of the system: HazDat was initiated for tracking and analyses of ATSDR’s legislated responsibilities. HazDat is ATSDR’s scientific and administrative database developed to provide rapid access to information on the release of hazardous substance from Superfund sites or emergency events. The database provides information on the effects of hazardous substances on the health of human populations. This management information system allows ATSDR staff to locate information on the release of hazardous substances into the environment and ascertain the effects of hazardous substances on health with improved uniformity, efficiency, and precision.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass throug h IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not share or disclose IIF.

The system is regularly used to obtain information about specific sites, documents, studies, substances, and activities. In addition, HazDat is indispensable for the timely generation of information provided in agency reports, testimony, and presentations, as well as responses to requests from Congress, other agencies, and the public. The IIF is collected to show who is requesting that work be done at sites. It is also used to track costs incurred by the agency at hazardous waste sites, so that those costs may be recovered from the responsible parties. Following enactment of CERCLA, EPA developed the Comprehensive Environmental Response, Compensation, and Liability Information System (CERCLIS) identifying Superfund sites and tracking EPA activities. Development of HazDat was initiated in 1989 for tracking and analyses of ATSDR’s legislated responsibilities. The HazDat system was carefully developed to assure compatibility of site-specific data between EPA and ATSDR (for common data elements) and to prevent the proliferation within ATSDR of limited-user, program-specific databases lacking consistent and compatible data elements. The goal is to provide high-quality scientific and administrative information that is readily accessible, accurate and consistent with source documents and agency activities, and responsive to the information needs of the agency.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Data is collected from private citizens by the scientists and entered into the system at the site. Individuals are informed of data uses at the site. The consent form provides Privacy Act notification elements, including the identifiable information sharing. Consent regarding the information being collected is implied when individuals voluntarily provide information. If major system or data disclosure changes occur that would require individuals being notified, a process would be put into place at that time.

32. Does the system host a website?: Yes

37. Does the website have any information or p ages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative , technical, and physical controls.: Administrative Controls: In order to ensure least privilege and accountability, read only access is given by default. Add/modify access must be requested by User's manager/supervisor. Requests must be made to system steward. Technical Controls: User ID, passwords, firewall, IDS, SDN certificates and roles. Physical Controls: Guards, ID badges, key cards, locked offices. Must have user id and password to access the system. The IIF can only be viewed by the user that enters it. The IIF is never contained in any output. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCHS National Health And Nutrition Examination Survey (NHANES) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Mar 30, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 00920012101104000110030

Privacy Act System of Records (SOR) Number: 09-20-0164

OMB Information Collection Approval Number: 0920-0237

Other Identifying Number(s): N/A

System Name: National Health and Nutrition Examination Survey (NHANES)

9. System Point of Contact (POC). The System POC is the person to whom quest ions about the system and the responses to this PIA may be addressed: Clifford L. Johnson

10. Provide an overview of the system: The long-term goals and objectives of NHANES are as follows: 1. To estimate the number and percent of persons in the U.S. population and designated subgroups with selected diseases and risk factors; 2. To monitor trends in the prevalence, awareness, treatment and control of selected diseases; 3. To monitor trends in risk behaviors and environmental exposures; 4. To analyze risk factors for selected diseases; 5. To study the relationship between diet, nutrition and health; 6. To explore emerging public health issues and new technologies; 7. To establish a national probability sample of genetic material for future genetic research; and 8. To establish and maintain a national probability sample of baseline information on health and nutritional status.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), dis seminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for wha t purpose(s): IIF is not disclosed or shared.

h. To establish and maintain a national probability sample of baseline information on health and nutritional status. The data are used for statistical purposes only. Dissemination within the Department include the preparation of aggregated data in the form of statistical tables for publication, analysis, and interpretation, to meet the legislative mandates of 42 U.S.C. 242k, i.e., to determine levels of illness and disability and their effects on the population, health and nutrition, and the like. Participation is voluntary and participants are asked to sign consent documents prior to the dust collection, interview, health examination, and collection of blood for future research.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Bri efly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: Role based access to data and requirements for data sensitivity ensure least privilege and accountability. Technical Controls: User ID, passwords, firewall, encryption, IDS, routers used to restrict access by address and segment to the site. Physical Controls: Guards, ID badges, key cards for certain locations, cipher locks, closed circuit TV. PIA Reviewer App roval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Postin g (Form) / CDC CCHIS NCHS National Health Interview Survey (NHIS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-01-1020-02

Privacy Act System of Records (SOR) Number: 09-20-0164

OMB Information Collection Approval Number: 0920-0214

Other Identifying Number (s): N\A

System Name: National Health Interview Survey

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anne Stratton

Provide an overview of the system: The National Health Interview Survey (NHIS) is a multi-purpose health survey of the civilian non-military population conducted by the National Center for Health Statistics (NCHS), which has produced annual data since 1957. NHIS data are used to describe the health of the US population, monitor trends in national health objectives, set and evaluate health policies, and perform methodological and epidemiological research on important health issues. Findings are generalizable to the US household population but have also been used to explore issues at the regional and state level. Since 1960, the NCHS has had the objective of producing vital and health statistics for the United States. NCHS has legislative authority under 42 U.S.C. 242k, Section 306(b) of the Public Health Service Act to collect statistics on the extent and nature of illness and disability of the population; environmental, social and other health hazards; determinants of health; health resources; and utilization of health care. The NHIS is a multipurpose health survey conducted by NCHS in support of this legislative charge. It is the principal source of information on the health of the civilian, non-institutionalized population of the United States. Data from NHIS are used to assess agency and NCHS objectives, and initiatives such as Healthy People. Other strategic goals of NCHS are to increase the quality of the data collected and to make it more timely.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

NCHS/OAEHP for National Death Index Matching & AHRQ for MEPS sample. The customers of the NHIS

are government agencies (federal, state, and local level), international, national, state and community organizations, private researchers, academia, consumer groups, companies, and health care providers. Examples of federal agencies who are recent customers include: the Centers for Medicare and Medicaid Services, the Environmental Pollution Agency, the Food and Drug Administration, General Accounting Office, National Cancer Institute, the National Institute on Aging, the National Institute for Mental Health, and the Veterans Administration. Many organizations have a vested interest in assuring the success and continuity of the NHIS. These organizations include; the Department of Health and Human Services (DHHS), the Agency for Healthcare Research and Quality (AHRQ), and others such as the Bureau of Census(BoC) and policy makers. Through partnerships with NCHS, other agencies within DHHS are able to piggyback on the NHIS infrastructure, expressing the NHIS as a significant DHHS asset. One example is the collaborative efforts between NCHS/DHIS and other DHHS agencies to collect data on topical public health subjects by fielding NHIS Supplements. The AHRQ follows up with half of the NHIS sample on its Medical Expenditure Panel Survey (MEPS). By NHIS providing the MEPS sample, AHRQ was able to save an estimated eight million dollars on its 1996 reengineering project and continues to save budget by forgoing annual listing and other sampling costs. Sharing a sample also allows for a NHIS/MEPS linkage file which enables users to link persons in the MEPS public use file to the records of the same person in the NHIS data file. This adds the broad array of NHIS information to the more specific MEPS data and allows for broad multivariate analyses. The agency shares the information with the public by posing all cleaned, edited, and de-identified data on the CDC website for public access.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: NHIS policy does not permit disclosure rule changes and/or data use changes after the time of data collection and consent. The consent procedures in place for a given year continue to guide the use of the data in subsequent years. Any desired changes in data uses or disclosure must be put in place prior to data collection and apply only to that year's data collection. At no point has any disclosure change or data use change occurred in the NHIS after the time of data collection and consent. There are three separate points in the NHIS collection process where we notify and obtain consent from individuals regarding the collection of information in identifiable form (IIF) and inform said participants of the usage of this IIF. First, a written advance letter is mailed to all households selected for the NHIS sample. This letter informs the potential participant that his/her participation is voluntary and that all data collected will be kept strictly confidential in accordance with the prevailing laws. The letter also informs the participant that his/her personal information will only be received by NCHS employees and contractors, the U.S. Census Bureau, and NHIS collaborators and that by law; we cannot release information that could identify the participant and participant’s family to anyone else without the participant’s consent. A copy of the 2007 NHIS Advance Letter is available upon request. Second, when the interviewer makes contact with the potential respondent, there is a standard consent protocol that the interviewer is required to follow which includes displaying the interviewer’s proper credentials and introducing his or herself as an interviewer for the department of the Census conducting the NHIS. The interviewer is then instructed to hand the respondent a copy of the Advance Letter and allow time for the respondent to read it. After the respondent has read the Advance Letter, the interviewer is then instructed to ask "Do you have any questions about anything (you have read/I have read to you) about the National Health Interview Survey?" Following this, the interviewer is to ask "Are you willing to participate in the survey?" A copy of the 2007 NHIS Interviewer Informed Consent Procedures is available upon request. Third, in the survey instrument itself, text informing the respondent about the reasons for collecting Social Security Number and Medicare Number is read prior to asking these questions. The respondent is asked specific questions asking permission to link NHIS data with data from other sources. These questions detail what the data will be used for and reiterate to the participant that answering these questions is voluntary. A copy of these linkage questions is included within the 2007 NHIS Permission to Link Questions, which is available upon request.

32. Does the system host a website?: No

37. Does the website have a ny information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: In order to ensure least privilege and accountability, each user name is assigned limited access rights to files and directories at varying levels. The CD's and hard copy printouts of records are stored in locked files or offices when not in use. Technical Controls: User ID, passwords, firewall, encryption. Physical Controls: Guards, Identification badges. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCHS National Vital Statistics System (NVSS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Su bmission: May 18, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-01-1030-02

Privacy Act System of Records (SOR) Number: 09-20-0166

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: National Vital Statistics System (NVSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: James A. Weed

Provide an overview of the system: The National Vital Statistics System (NVSS) is one component of NCHS's health data collection program and is operated by NCHS to fulfill its legislatively mandated mission to produce national vital statistics based on data from the nation's birth and death records. The NVSS is a cooperative, decentralized system in which data from over 6 million vital event records are collected each year by all States and U.S. territories and transmitted to the NCHS for processing and dissemination. NCHS is responsible for administering the NVSS, which produces the nation's official vital statistics. These data are provided through State owned and operated registration systems, which collect the data on birth and death records submitted to State Registrars by physicians, medical examiners, coroners, hospitals, and funeral homes. The data are used only for statistical purposes in issues or activities relating to public health and population. Uses within the Department include the preparation of aggregated data in the form of statistical tables for publication, analysis, and interpretation to meet the legislative mandates of 42 U.S.C. 242k, i.e., to determine the extent and nature of illness and disability of the population of the U.S., including life expectancy and levels of infant and maternal mortality, environmental and other health hazards, trends in family formation and population change, to expand the scope of data that NCHS can collect from the national registration system, to make the registration system more responsive to changing needs for data, and to evaluate the quality of data collected on the birth and death records. Authority for maintenance of the system: Public Health Service Act, Section 306(h) (42 U.S.C. 242k). Most States submit vital statistics data on computer tape or PC-to-PC via modem, showing the State file number for each case but no names or addresses. A few States submit microfilm copies of certificates of death, and statistics are extracted from them. These microfilms contain individual identifiers; they are the only individually identified records in the system.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any datab ase(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Special data releases approved by State vital registration officials Census Bureau for Population projections and estimates. Published reports prepared by NCHS staff or contractors are available to the public generally. Electronic microdata files containing no personally identifiable information are provided to the public as well. With the permission of the data provider (e.g. State Registrars) in a restricted data access program, electronic files containing additional detail is provided to qualified researchers who have signed a Restrictive Confidentiality Agreement. The Department occasionally contracts with a private firm for the purpose of collecting, analyzing, aggregating, or otherwise refining records in this system. Relevant records are disclosed to such a contractor. The contractor is required to maintain Privacy Act safeguards and to strictly follow Section 308(d) of the Public Health Service Act. NCHS may disclose selected identifiable information to authorized recipients such as the Social Security Administration for statistical analysis purposes only, consistent with the requirements of Section 308(d) of the Public Health Service Act and the Privacy Act.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The NCHS receives either machine-readable data or microfilm of records prepared by States from records collected under the laws of each State for births, deaths, and fetal deaths. The records contain the demographic characteristics of individuals associated with each event. In addition, the birth records include information on the characteristics of each live birth, the health status of the infant, and socioeconomic characteristics of the parents. The death records contain socioeconomic characteristics of the deceased and medical information relating to cause of death; the fetal death record contains socioeconomic characteristics of the parents and medical information relating to cause of death. Through the NVSS, national data on vital events (births, deaths, and fetal deaths) are produced in both published and electronic form, including the annual report Vital Statistics of the United States, National Vital Statistics Reports (formerly the Monthly Vital Statistics Report), and other reports on selected topics. Standard forms for the collection of the data referred to as the U.S. Standard Certificates of Birth and Death and Fetal Death--and model procedures for the uniform registration of vital events throughout the U.S. are developed and recommended for State use through cooperative activities of the States and the NCHS. These standard certificates have been revised every decade since 1900 with the goal of updating the content of these records to reflect current public health issues as well as medical practice and knowledge. Collaboration in these decennial review processes is provided by representatives from professional organizations, including the American Medical Association, the College of American Pathologists, the American College of Obstetricians and Gynecologists, the American Hospital Association, the National Association of Medical Examiners, and the National Association of Funeral Directors. The information provided on the standard certificates is regarded by the public health community as the minimum data that should be collected with respect to all births, deaths, and fetal deaths occurring in the U.S. Content of the standard certificates is approved by the Secretary, DHHS. The data are used only for statistical purposes in issues or activities relating to public health and population. Uses within the Department include the preparation of aggregated data in the form of statistical tables for publication, analysis, and interpretation to meet the legislative mandates of 42 U.S.C. 242k, i.e., to determine the extent and nature of illness and disability of the population of the U.S., including life expectancy and levels of infant and maternal mortality, environmental and other health hazards, trends in family formation and population change, to expand the scope of data that NCHS can collect from the national registration system, to make the registration system more responsive to changing needs for data, and to evaluate the quality of data collected on the birth and death records. Data are collected on birth and death certificates according to State laws that regulate and mandate the content of these legal administrative records. Under State laws, hospitals and funeral directors are required to report the information contained in these certificates for vital registration purposes. IIF received by NCHS includes only date of birth and the State certificate number. Content of these certificates is regulated by State legislatures, which determine what IIF is to be collected and how it will be

used. State Legislation and Regulations are available to the public describing the birth and death registration process, as well as the content of IIF required by the State. NCHS has no control over these legal administrative procedures. A few States submit microfilm copies of certificates of death, and statistics are extracted from them. These microfilms contain individual identifiers; they are the only individually identified records in the system. Submission of personal information is mandatory.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the ret ention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: The manual portions of the records are stored in locked files or offices when not in use. Building security in Hyattsville, MD includes the use of identification badges by employees and a card key system used to enter NCHS occupied space. In the Research Triangle Park, North Carolina facility access is controlled by a security guard, a card key system, and the use of identification badges by employees. Protection for computerized records both on the mainframe and the CIO Local Area Network (LAN) includes programmed verification of valid user identification code and password prior to logging on to the system, mandatory password changes, limited log-ins, virus protection, and user rights/file attribute restrictions. Password protection imposes user name and password log-in requirements to prevent unauthorized access. Each user name is assigned limited access rights to files and directories at varying levels to control file sharing. There are routine daily backup procedures and Vault Management System for secure off-site storage is available for backup tapes. Technical Controls: User ID, passwords, firewall, encryption, controls on read/write access to mainframe files. Physical Controls: Guards, ID badges, key card, cipher locks. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Pri vacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCPHI Biosense (Item) PIA SUMMARY AND APPROVAL COM BINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Nov 13, 2003

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-21-01-1163-00-110-030

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: BioSense

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lynn Steele

Provide an overview of the system: BioSense is a national program intended to improve the nation’s capabilities for conducting near real-time biosurveillance and health situational awareness through access to existing data from healthcare organizations across the country and national data sources. BioSense is developing and implementing enhanced capabilities for early event detection and real-time health situational awareness. The primary objective is to expedite event recognition and response coordination among federal, state, and local public health and healthcare organizations by providing each level of public health access to the same data, at the same time. BioSense receives, analyzes, and evaluates health data from numerous data sources. National data sources include Department of Defense and Veterans Affairs hospitals and ambulatory care clinics, and a large commercial clinical laboratory. In addition, local hospitals and healthcare systems transmit real-time data to BioSense. The data transmitted to BioSense includes anonymized demographic information, diagnoses, chief complaint, microbiology orders/results, radiology orders/results, and medication orders. The data are used for public health purposes to help identify and characterize naturally occurring disease outbreaks or bioterrorism events using electronic biosurveillance techniques. The information transmitted to BioSense does not contain IIF. Participation by data sources is voluntary

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), dissemin ate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpo se(s): System does not contain IIF.

Does the system host a websi te?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: System does not contain IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO

Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCPHI Data Message Brokering (DMB) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Dec 1, 2003

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-00-01-0908-00 (009-20-01-00-01-0909-00)

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Public Health Information Network (PHIN) 9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lynn Gibbs-Scharf

10. Provide an overview of the system: The Public Health Information Network (PHIN) is a set of guidelines, standards, specifications, and collaborative relationships that will enable the consistent and reliable exchange of response, health, and disease tracking data between public health partners. Currently there are multiple systems in place that support communications for public health labs, the clinical community, and state and local health departments. Each has demonstrated the importance of being able to exchange health information. However, many of these systems operate in isolation, not capitalizing on the potential for a cross-fertilization of data exchange. A crosscutting and unifying framework is needed to better monitor these data streams for early detection of public health issues and emergencies. The Public Health Information Network (PHIN) is this framework. Through defined data and vocabulary standards and strong collaborative relationships, the Public Health Information Network will enable consistent exchange of response, health, and disease tracking data between public health partners.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s ) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system

Please describe in deta il any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not host a website. PIA Reviewer Approval: Promote Comments: PIA R eviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCPHI Hea lth Alert Network (HAN) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 18, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-23-01-1020-00

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. Information collected is on officials for emergency notification, and data are retrieved by role (position). See additional comments in Question 30.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Health Alert Network (HAN)

System Point of Contact ( POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Calvin Hightower

Provide an overview of the system: In the event of Bioterrorism or other public health emergent event or response, the HAN Messaging System is utilized to broadcast information about the event, public health guidelines and recommendations, precautions, interventions, and other guidance. The Health Alert Network (HAN) Messaging System is a Microsoft Outlook-based email and broadcast fax system designed to rapidly distribute official CDC Health Alerts, Advisories, and Updates regarding Bioterrorism and other emergent threats to Public Health, operated and updated by Public Health Advisors (PHAs) in the Informatics and Knowledge Systems Branch, Division of Public Health Systems Development and Research, Public Health Practice Program Office, Centers for Disease Control, DHHS. Data contained within the system include email and fax distribution lists of Public Health officials at the state and local levels, specific CDC and HHS personnel, and contacts within 139 public health and private provider partner organizations, utilized to address and rapidly distribute HAN messages developed by subject matter experts (SME) throughout CDC. Since September 11, 2001, 165 Health Alert Network messages have been distributed on a Special, Regional or National basis. Information collected is on officials for emergency notification, and data are retrieved by role (position).

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s) , record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No23. If the system shares or discloses IIF please specify with whom and for what purpose(s): EPO, for use with Epi-X . To date, the CDC has not shared, and has no intention of sharing, the collected information outside the agency. The intent is to maintain the contact information of these Public Health officials within the HAN system, as part of the overall PHIN

initiative. Within the agency, the information has only been shared with the Director's Emergency Operations Center, Epi-X, and the PHIN initiative.

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The HAN PHAs contact their assigned states to collect contact information, including Name, Title, Position, Email Address(s), Phone Number(s), Fax Number(s), Mobile/Wireless Contact, and Mailing Address for State Public Health Officials. The officials at the State level include the State Health Officer, State Epidemiologist, State Lab Director, State Weapons of Mass Destruction Coordinator, State Public Health Information Officer, and State Health Alert Network Coordinator, and in most cases, backups for each position. In addition, HAN PHAs also utilize a listing of local health officials provided by the National Association of City and County Health Officials (NACCHO) to distribute HAN messages to Local Health Departments, when recommended by the SME, the Office of the Director, or the Office of Communications. The collected information is input into the appropriate distribution lists within the Outlook-based system. The distribution lists are accessed and maintained ONLY by authorized personnel within the CDC HAN program, and is only shared with similar systems in CDC, specifically the Epidemiology Exchange (Epi-X) system and the Public Health Information Network (PHIN), for use in similar notifications of emergent health events. The distribution lists are not shared outside of CDC, or outside the auspices of the overall PHIN initiative. The data collected are required to meet the strategic and mission-critical goal of rapidly disseminating urgent CDC guidance and information to the Public Health officials responsible for the response to an emergent health event. In order to meet this goal, all of the data collected are necessary, yet minimal. The information is being collected to ensure that vital CDC information reach front-line Public Health officials during an emergency response or other emergent health event. In order to meet this goal, the HAN staff collects only the information needed to contact these officials as quickly as possible. The intent of the HAN Messaging System is to reach the primary recipients, listed above, within one hour of the moment a HAN message is initiated. It has been officially determined that the Privacy Act does not apply. Individual is in the system only because she/he is a health officer / health department director, etc. Information collected is on officials for emergency notification, and data are retrieved by role (position). No SORN is necessary, and there is no PIA weakness.

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: There is no written process for notifying individuals or obtaining consent. The distribution lists are populated by the HAN PHAs, who obtain the information on State officials through their regular contacts within the State Health Departments assigned to them. In most cases, this information is provided by the State HAN Coordinator. Local contacts are collected from a list of local health officers, provided and updated by NACCHO. In some cases, the local health officials or the State HAN Coordinator provide updated contact information for a local contact directly to CDC HAN staff via email or phone call. The Associations list is obtained from the Office of Communication, other Centers/Institutes/Offices (CIOs), and the Director's Emergency Operations Center. The listing of selected DHHS and CDC personnel is maintained by HAN staff, but provided by the Office of Communication, other Centers/Institutes/Offices (CIOs), and the Director's Emergency Operations Center. Therefore, the individual is not given an opportunity to consent -- his/her being in the position of being an emergency notification contact requires that this information be sent to CDC. Further, they would not be asked to consent about what information is collected on them or how it would be used, or on data use changes. If there were major changes to the system requiring notification, a process would be put into place at that time.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Brie fly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: To ensure least privilege and accountability, only trained/certified HAN staff are authorized to utilize the system. Technical Controls: User ID, passwords, firewall, smart cards. Physical Controls: Guards, ID badges, key cards, metal detectors, restricted messaging. The Health Alert Network Messaging system utilizes Microsoft Outlook which is part of the CDC enterprise infrastructure and therefore adheres to same security provisions for data & information contained in these systems. PIA Reviewer Approval: Promote

Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

The world leader in 06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCPHI National Electronic Disease Surveillance System (NEDSS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Nov 29, 2003

OPDIV Name: CDC

Unique Project Identifi er (UPI) Number: 009-20-01-21-01-1010-00

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

Syst em Name: NEDSS - National Electronic Disease Surveillance System - Base System (NBS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wayne Brathwaite

Provide an overview of the system: NEDSS is designed as the next iteration of CDC's disease surveillance systems. The system will allow many of the current silo electronic surveillance systems to become part of an integrated, standards-based whole, an initiative strongly supported by OMB and Congress. NEDSS is part of the Public Health Information Network (PHIN). The specific system addressed in this summary is the CDC-developed iteration of NEDSS, called the NEDSS Base System (NBS). Most states have elected to utilize the NBS while some states have decided to develop their own system using the same data models and standards.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (st ore), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): n/a

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will And be secured on the system using administrative, technical, and physical controls.: This system does not collect IIF. PIA Reviewer Approval: Only Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote C omments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCPHI Outbreak Management System (OMS) (Item) And even PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 14, 2007

OPDIV Name:

Unique Project Identifi er (UPI) Number: 009-20-01-03-02-1088-00-110-218

Privacy Act System of Records (SOR) Number: 09-20-0136; 09-20-0113

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Outbreak Management System

System P oint of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Scott McNabb

Provide an overview of the system: During a public health investigation, the Outbreak Management System (OMS) will be utilized by field staff in order to accumulate, analyze, and report, data related to diseases outbreaks and emergency response in a consistent manner. Field staff will accumulate possible case, contacts, possible threats, facility, geospatial, specimen, prophylaxis, vaccination and other emergency response data. They will securely connect to corresponding systems developed at the CDC to store and present these data to public health emergency response decision makers. They will also facilitate field access to communication tools and CDC polices, protocols and other support information.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research the and an an in an subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If they system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): During a public health investigation, information in the system is shared with state/local partners in the jurisdiction where the persons reside or become ill. This information is only shared for the purposes of outbreak investigation and containment and only in conjunction with activities supporting the state/local partners.

containment. Some follow up studies may be done on data in the system but these studies are done using de-identified data unless specific IRB approvals are attained. The Outbreak Management System is only used during a public health investigation. Personally identifiable information is collected to track cases and contacts during a disease outbreak investigation and follow-up to an outbreak. Information in the system is cleared from the database when investigation is completed. Field staff will accumulate possible case, contacts, possible threats, facility, geospatial, specimen, prophylaxis, vaccination and other emergency response data. Submission of personal information is voluntary at the time of the outbreak.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured o n the system using administrative, technical, and physical controls.: Administrative Controls: To ensure least privilege and accountability, user name and password and access control views on data tables. Technical Controls: User ID, passwords, firewall, encryption. Physical Controls: Guards, ID badges, key cards. System information is stored in a Microsoft SQL server database with user level authentication and authorization constraints in place. This database is self-contained on remote hardware without a persistent connection to the Internet. Since the system is field deployed, file level encryption protects the database files from unauthorized access. Information exchanged is secured via encrypted transmissions using public/private key encryption. PIA R eviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr.Official for Privacy Approval: Promote

Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Po sting (Form) / CDC CCHIS NCPHI Secure Data Network (SDN) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 18, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-0581-00-404-140

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. System contains only business information on individuals.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Secure Data Network (SDN)

System Point of Contact (POC). The System POC is the person to whom q uestions about the system and the responses to this PIA may be addressed: Toby Slusher

Provide an overview of the system: SDN provides secure data exchange infrastructure for CDC. The SDN is a set of tools implementing the policy requirements for authentication using industry standard X.509 certificates, secure tokens, and other applicable means as identified; an encryption engine; and access control through the firewall by data routing to programs using an application server. This network is intended to allow field staff, researchers, and public health partners to securely exchange confidential, Privacy Act, proprietary and other sensitive or critical data with Center/Institute/Office (CIO) programs. The SDN also

provides secure access to critical CDC/ATSDR Internet tools, program applications software and sensitive or critical data resources that can be conveniently implemented by CIO programs. SDN is the online or web hosting system that provides secure access to the CDC Extranet and other secure applications. This system does not constitute a "System of Records" under the Privacy Act because only business information is contained within the CDC system. Although information is retrievable by name, consideration is given to the role the individual will play, i.e., user of sensitive information.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The data will be shared with VeriSign to issue Digital Certificates for user enrollment, after which it is deleted. At CDC the information is kept in an encrypted SQL database accessible to only 4 staff. No IIF information is shared between SDN client programs. The SDN Agency Certificate Administrator sends the appropriate CDC SDN Program Administrator notification of applicants approved for digital certificates for the respective programs.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: Security controls manage access to data at system and application level. Technical Controls: Firewall, IDS, PKI; The data collected is secured via application, database, network, and server control mechanisms including user ID and password, digital certificates, encryption during transport and storage, and physical restrictions for access to infrastructure components. Physical Controls: Guards, ID badges, key cards. PIA Reviewer Approval: Promote

Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval : Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCPHI Specimen Tracking and Results Reporting System (STARRS) (Item) PI A SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Nov 28, 2003

OPDIV Name: CDC

Unique Project Identifi er (UPI) Number: 009-20-01-02-02-1081-00-110-218

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Specimen Tracking and Results Reporting System (STARRS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Emory Meeks

Provide an overview of the system: Specimen Tracking and Reporting. The anthrax events in the fall of 2001 clearly brought into focus the difficulties that investigators experienced in rapidly associating laboratory test results with other clinical and environmental data. This deficiency resulted from inconsistent numbering of specimens and an inability to link data when re-associating multiple data components with a specific source, thus impacting response efforts of epidemiologists and other public health officials in rendering prevention and intervention schemes. Though more apparent during the anthrax events, CDC has long experienced difficulty in rapidly associating data generated from multiple sources for a specimen and has, on occasion, experienced difficulty in locating specimens. Specimen Tracking and Results Reporting System (STARRS) will address the imminent need to consistently and unambiguously track specimens received and tested at the CDC. The major goal of this system is to provide a central portal for CDC investigators to link specimen data received or generated from multiple sites, including but not limited to field investigations, internal laboratories, state health departments, contract laboratories, and other public health partners.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system? PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Publis hed: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCPHI Web Public Web Portal (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Dec 1, 2003

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-23-01-1015-00

Privacy Act System of Recor ds (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC Web Redesign

System Point of Contact (POC). The Syste m POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jason Bonander

Provide an overview of the system: The CDC Web Redesign system is CDC's main Internet Web presence serving more than 150,000 pages over 8 million average visits per month. The system consists of a content management system, a search engine, a Web server, and a portal server. All content presented through this system is cleared through a scientific clearance process, is for public use, and does not contain any personally identifiable information.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system does not collect personally identifiable information.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirt een?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Revi ewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCPHI Wide-ranging Online Data for Epidemiological Reseach System (Wonder) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: May 6, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-1010-00-110-246 (009-20-01-21-01-1010-00)

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: WONDER

System Point of Contact (POC). The System POC is the person to whom questions about the s ystem and the responses to this PIA may be addressed: Sigrid Economou

Provide an overview of the system: The CDC WONDER system provides data dissemination and web-based analysis, visualization and reporting for scientific datasets (collections) produced by CDC programs and partners. Access to information, summary statistics and micro-data is provided to the general public, public health policy makers and analysts, epidemiologists and researchers. The data collections on the public web site are public use data. No user accounts or registrations are required to access the public use data or public web site. The web site and data collections are relied on by state, local and community health programs, and CDC programs and partners for publication of these data collections, data sharing and analysis. An average of 20,000 persons, measured as "distinct hosts" or unique computer addresses, access the web site each week.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does /Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discl oses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote C omments: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: May 6, 2008 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCI D NCID National Molecular Subtyping Network for Foodborne Disease Surveillance (PulseNet) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Nov 26, 2003

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-0172-00-110-219

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: PulseNet

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Balasubra Swaminathan, Ph.D.

Provide an overview of the system:

Early Warning System for Foodborne Disease Outbreaks. The PulseNet Network serves as a national early warning system that detects foodborne disease clusters and facilitates timely epidemiologic investigation of common source outbreaks. Public health laboratories in all 50 states, six large county and city public health laboratories, and 9 laboratories of the U.S. Food and Drug Administration and U.S. Dept. of Agriculture - Food Safety and Inspection Service, Agricultural Research

Service and Agricultural Marketing Service participate in the network. Participating laboratories routinely perform DNA "fingerprinting" of human clinical isolates of foodborne disease causing bacteria and submit the DNA "fingerprints" electronically to a national database established and maintained at CDC. Incoming data are reviewed and evaluated continually at CDC to detect clusters of disease isolates that have indistinguishable DNA "fingerprints." DNA "fingerprints" of food isolates of these bacteria that are submitted by the food regulatory agencies to PulseNet are compared with the clinical isolates to identify any food-patient matches that may require further investigation.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), dissemina te and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpos e(s): N/A

Please des cribe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: This system does not collect personally identifiable information.

Does the system host a website? : No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comment s: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCID Public Health Laboratory Information System (PHLIS) (Item) PIA SUMMARY AND AP PROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Dec 1, 2003

OPDIV Name: CDC

Unique Project Identifier (UPI) Number : 009-20-01-06-02-2045-00-110-246

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: PHLIS - Public Health Laboratory Information System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: E. Kathleen Maloney

Provide an overview o f the system: PHLIS collects public health laboratory surveillance data from approximately 100 sites in the U.S. Data screens (modules) can be created and updated then rapidly distributed to all reporting sites electronically without programmer involvement. Reporting sites can enter public health surveillance data and report it electronically. The system allows sites to set up and run imports which allow them to collect data from their LIMS systems. PHLIS provides the capacity for a hierarchical reporting scheme involving data transmission to multiple, successively higher reporting levels, and ultimately to a single central site. PHLIS allows sites to create their own questions and modules for their own independent disease surveillance activities.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not contain IIF, so no IIF is shared or disclosed

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NIP Vaccine Adverse Event Reporting System (VAERS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 18, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Numbe r: 009-20-01-02-01-1050-02

Privacy Act System of Records (SOR) Number: 09-20-0136

OMB Information Collection Approval Number: System is Exempt

Other Identifying Number(s): N/A

System Name: Vaccine Adverse Event Reporting System (VAERS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Scott Campbell

Provide an overview of the system: VAERS functions as the national passive surveillance system that allows CDC and FDA to monitor vaccine safety as mandated by the National Childhood Vaccine Injury Act of 1986. The goal of VAERS is to monitor vaccine safety by receiving reports of adverse events following vaccination. VAERS is the national passive surveillance vaccine safety monitoring system in the United States. VAERS is jointly operated by the Centers for Disease Control and Prevention, National Immunization Program and Food and Drug Administration, Center for Biologics Research and Evaluation to monitor the safety of vaccines licensed for use in the United States. It allows CDC and FDA to monitor vaccine safety as mandated by the National Childhood Vaccine Injury Act (NCVIA) of 1986 (P.L. 99-660), the Code of Federal Regulations Title 21, Part 600.80, and under statutory authority from the Public Health Service Act, section 301 (42 USC 241). VAERS receives reports of adverse events following vaccination from health care providers, vaccine manufacturers, state health departments, vaccine recipients and/or their parents/guardians, and other parties interested in vaccine safety. Health care providers by law, and manufacturers additionally by regulation, are required to report certain types of events that occur within specific time frames after vaccination.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this syste m?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): VAERS is jointly operated by the CDC/National Immunization Program and FDA/Center for Biologics Research and Evaluation to monitor vaccine safety IAW P.L. 99-660 and 21 CFR 600.80. Both agencies receive different versions of the VAERS database as well as access to the primary VAERS database and imagebase maintained by the contractor. CDC and FDA coordinate VAERS related research and surveillance activities. FDA has the authority to take regulatory action based on potential vaccine safety problems detected by VAERS and conducts reviews of the safety of individual vaccine lots using VAERS, and receives PII for VAERS reports to allow for specific follow-up of reports for this purpose. The Centers for Disease Control and Prevention, National Immunization Program jointly operates VAERS with the Food and Drug Administration, Center for Biologics Research and Evaluation to monitor vaccine safety in accordance with P.L. 99-660 and 21 CFR 600.80. Both agencies receive different versions of the VAERS database and have access to the primary VAERS database and imagebase maintained by the VAERS contractor. CDC and FDA coordinate VAERS related research and surveillance activities. FDA has the authority to take regulatory action based on potential vaccine safety problems detected by VAERS and conducts reviews of the safety of individual vaccine lots using VAERS. Pursuant to the Standards for Privacy of Individually Identifiable Health Information promulgated under the Health Insurance Portability and Accountability Act (HIPAA)(45 CFR Parts

160 and 164), covered entities including CDC may disclose protected health information to public health authorities "authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, including, but not limited to, the reporting of disease, injury, vital events such as birth or death, and the conduct of public health surveillance, public health investigations, and public health interventions." The definition of a public health authority includes "a person or entity acting under a grant of authority from or a contract with such public agency" The VAERS Contractor will act under contract with the CDC to carry out the Vaccine Adverse Event Reporting System which is authorized by the statutory authority from the Public Health Service Act, section 301 (42 USC 241), the National Childhood Vaccine Injury Act (NVCIA), P.L. 99-660, and 21 CFR 600.80 and therefore may be considered a public health authority under the Privacy Rule for purposes of this project. Further, CDC considers this to be a disease/injury reporting system for which disclosure of protected health information by covered entities is authorized by section 164.512(b) of the Privacy Rule [45 CFR 164.512(b)].

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: VAERS collects information specific to the VAE on the Form VAERS-1, including information identifying the person who received the vaccine, the vaccine provider, and the reporter of the VAE, demographic information on the patient, a description of the VAE, information about the vaccine(s) being reported, information about vaccinations received during the previous month and any pre-existing illnesses, and information about previous VAEs experienced. The completed Form VAERS-1 can be submitted to the VAERS program by mail or fax; an electronic version of the Form VAERS-1 is also available on the Internet allowing secure web-based reporting. The information gathered is monitored and analyzed by Agency staff to ensure that vaccines are used appropriately and VAEs are recognized and appropriate measures taken. The information collected by VAERS is the minimum required for assessment and analysis of potential VAEs and for follow-up activities as required for evaluation of VAEs, for FDA's responsibilities for licensing and regulating vaccines, and for coordination with reporting entities to include local and state health authorities. The Department of Health and Human Services (DHHS) established VAERS to provide a single system for the collection and the analysis of reports on all VAEs associated with the administration of any U.S. licensed vaccine, in all age groups. To meet the needs for monitoring vaccine safety, the CDC and the FDA have worked together since 1989 to sponsor VAERS. These needs relate to CDC's responsibilities for the national control of vaccine-preventable diseases, ensuring vaccine safety, and for providing assistance to public sector vaccine programs, and FDA's responsibilities for licensing and regulating vaccines, and ensuring vaccine safety. The information collected by VAERS is required for assessment and analysis of potential VAEs, and for follow-up activities, for meeting FDA's responsibilities for licensing and regulating vaccines, and for coordination with reporting entities. Information being collected contains IIF. Health care providers and manufacturers are required by law to report reactions to vaccines listed in the Table of Reportable Events Following Immunization. Reports for reactions to other vaccines are voluntary except when required as a condition of immunization grant awards.

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: VAERS collects information specific to the VAE using the Form VAERS-1; completed forms are submitted to the VAERS program by mail or fax; an electronic version of the Form VAERS-1 is also available on the Internet allowing secure web-based reporting. VAERS receives reports of adverse events following vaccination from health care providers, vaccine manufacturers, state health departments, vaccine recipients and/or their parents/guardians, and other parties interested in vaccine safety. Health care providers are required by law under the NCVIA, and manufacturers additionally by regulation, to report certain types of events that occur after vaccination. The Form VAERS-1 provides information and instructions about the form, provides written notice regarding which VAEs are required to be reported, and indicates that reports for other VAES are voluntary "except when required as a condition of immunization grant awards". The form additionally provides information regarding the use of the VAERS data to increase understanding of adverse events following vaccination. The Form provides users notification of the Privacy Act System of Records in which records existing in VAERS are maintained. The form provides information regarding protection of information identifying the person who received the vaccine, and indicates that such information is not made available to the public but may be available to the vaccinee or their legal representative. The electronic version of Form VAERS-1 for web-based reporting provides similar notification. A letter of acknowledgment of receipt of the report is sent to individuals who submit the hard copy Form VAERS-1, and a facsimile of the VAERS form completed with all submitted information to electronic direct reporters for verification.

Acknowledgment letters include a request for missing data and data needed to resolve possible discrepancies.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Measures include but are not limited to maintaining the system and information contained in secured buildings with controlled access, using secured storage of all system data and forms, secure access to system operational and storage areas, using computer system protection with Technical controls (User ID, passwords, firewalls, VPN, encryption, IDS, virus protection, and password restriction of user access, employing routine system security audits and periodic risk and vulnerability assessments; Physical security controls (guards, ID badges, key cards & cipher locks), personnel security controls, and data backup and recovery, and transmission of information secured using encryption and Secure Socket Layer (SSL) technology, including data submitted using the web-based reporting form. Administrative controls: role based access. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NIP Vaccine Ordering and Distribution System (VODS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Dec 1, 2003

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-01-01-1030-02

Privacy Act System of Records (SOR) Num ber: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Vaccine Ordering and Distribution System (VODS)

System Point of Contac t (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Terry Boyd

Provide an overview of the system: To allow grantees to order vaccine from the federal contract. VODS is a Database Management System (DBMS) used by 59 state, city, and territorial government Immunization Programs (called Projects). Only these Projects, designated by CDC, are eligible to use VODS (the application is not designed or accessible for any agency other than these 59 Projects). The Projects use VODS to order, and optionally to track and record information relating to vaccine purchases with public funds (e.g., Vaccines For Children program (VFC), Section 317 Grant funds, and State general funds).

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of II F?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER Etiological Agent Import Permit Program (EAIP) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 18, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-8121-00-110-218

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. IIF collected is not personal and data are not retrieved by personal identifiers. See Question 30 for additional comments.

OMB Information Collection Approval Number: 0920-0199

O ther Identifying Number(s): N/A

System Name: Etiological Agent Importation Permit System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Indira Srinivasan

Provide an overview of the system: EAIPS stores the minimum data required to support USPHS 42 CFR - Part 71 Foreign Quarantine, Part 71.54 Etiologic agents, hosts, and vectors which recognizes etiologic agents, vectors and material containing etiologic agents as hazardous materials which must be accompanied by a U.S. Public Health Service importation permit when imported into the United States of America. The system consists of a Microsoft Access database stored on a single, stand-alone Windows PC. No personal information is collected. Applicants provide their business related information. This does not constitute a "System of Records" under the Privacy Act.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the s ystem collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the

public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The information stored in EAIPS is not shared.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are the re policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: To ensure least privilege and accountability, user actions are audited by the system; audit logs are periodically reviewed by the system's Security Steward. Technical Controls: User ID, passwords, firewall, Secure Spaces compliant with Defense Security Services Standards. Physical Controls: ID badges, key cards, cipher locks, housing in a classified secure lab. EAIPS stores the data in a password protected database hosted on a single stand-alone Windows PC. The system and supporting paper documents are located within secure spaces compliant with Defense Security Services (DSS) standards. All personnel with access to the data will have current DoD Secret level clearances (or equivalent). PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER NSAR (Select Agent II) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Apr 7, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-21-01-03-01-0547-00

Privacy Act System of Records (SOR) Number: 09-20-0170

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: National Select Agent Registry (NSAR)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Barry Copeland

Provide an overview of the system: The NSAR mission is to provide the regulated community with a secure public web interface for the submission of required registration and related forms. Separately, it provides the Select Agent (SA) Program with document and records management support in compliance with National Archives and Records Administration (NARA) standards. It also provides for a secure national database and processing environment, to include data entry and complex reporting capability in support of national incident response or appropriate law enforcement queries. NSAR stores the minimum data required to support 42 C.F.R Part 73, 7 C.F.R. Part 331, and 9 C.F.R. Part

121.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Yes, APHIS, for compliance with federal mandates.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NSAR stores data in a series of password protected databases hosted in secure environments. The system and supporting paper documents are located within secure spaces compliant with Defense Security Services (DSS) standards. All personnel with access to the data will have current DoD Secret level clearances (or equivalent). PIA Reviewer Approval: Promote Comments:

PIA Reviewer Na me: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: May 8, 2008 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC Global (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 17, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-0984-00-404-142

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDCGlobal

System Po int of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Doris Riggs

Provide an overview of the system: The Coordinating Office of Global Health (COGH) maintains a variety of access databases and interfaces to those databases to support management of approximately 1,500 plus overseas persons working in some capacity for CDC. Due to the private nature of much of the data (passport, social security number, dependent information, etc.), the need to house the data in a secure manner and to ensure accessibility and availability of the data both for daily operations and in an emergency, the COGH has requested a consolidation of the existing data stores and business processes this data supports in an effort to create a streamlined approach to monitor and approve international travel and resources. In addition, the system will provide an interactive interface allowing persons working abroad to update and manage their profiles.

13. Ind icate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not share IIF

collected is voluntary, but required for the approval for international travel. The information is not disseminated to those not involved in the routing and approval of international travel.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the r etention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical Controls – User ID, Passwords, Firewall, Encryption Physical Controls – Guards, Identification Badges, Key Cards, Cipher Locks Administrative Controls – Passowrds expire after a set periof of time, accounts are locked after a set period of inactivity, Minimum length of passwords is eight characters, Passwords must be a combination of uppercase, lowercase, and special characters, Accounts are locked after a set number of incorrect attempts. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 30, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC IS Directory (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-0984-00-404-137

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC IS Directory

System Point of Contact (POC). The System POC is the person to whom questions a bout the system and the responses to this PIA may be addressed: Tracy Hollis

Provide an overview of the system: CDC IS DIRECTORY provides the capability to create and update CDC/IS Directory Profiles for CDC employees and non-employees who work in association with CDC. The Profiles within the Directory serve as a resource for employee and non-employee information, and are used to access CDC’s network and applications.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares o r discloses IIF please specify with whom and for what purpose(s): Emergency Coordinators have the ability to view emergency contact information. Supervisors, managers, and directory maintainers can view work-related information. Directory maintainers can view and update emergency contact information if given permission by the person.

Submission of emergency contact information is voluntary. The IIF is used for emergency preparedness and deployment for critical health and CDC-mission related activities only.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

Passwords Firewalls Physical Controls: Guards ID Badges Card Keys IIF can only be accessed by authenticated users behind the firewall. Access is limited by user roles and access ranges. Contact and address information can only be entered and viewed by the user, unless the user has explicitly given permission to authorized admin staff to enter and update information. Physical access to the hardware is monitored and controlled according to ITSO Network policies and procedures.. PIA Reviewer Approval: Promote Comments: PIA R eviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 30, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Internet Ser vices (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Jun 29, 2006

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-01-1152-00-404-139

Privacy Act System of Records (SOR) Number: N/A- System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Internet Services

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: James D. Seligman

Provide an overview of the system: CDC Internet Services provides the following: Video servers streaming non-sensitive content for Internet/Intranet access as required, including Public Health education purposes; E-mail List-Server functionality for the CDC, affiliated agencies, and the general public as a form of information distribution; Public and Private (secure) File Transfer Protocol (FTP) Internet access; Internet caching services and content filtering for security purposes. The Internet Services system is comprised of 12 Windows-based servers running commercial-off-the-shelf (COTS) products. Several servers are deployed in pairs for functionality, redundancy and load-sharing.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (stor e), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and f or what purpose(s): This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system

Does the system host a websi te?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Publis hed: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO MAINFRAME - ENTERPRISE EXTENDER (Mainframe EE) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 6, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-01-1152-00-404-139

Privacy Act System of Records (SOR) Number: 09-20-0136

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Mainframe – Enterprise Extender (EE)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: James H. Landers

Provide an overview of the system: The CDC Mainframe provides a secured repository and platform for user's data enabling each user to perform their legal governmental function. Numerous systems reside on the CDC Mainframe. The system does not collect, maintain or disseminate the information stored by the individual systems with the exception of grant data to NIH and financial data to the Treasury Department. The

system owner of each system housed on the Mainframe is responsible for preparing a PIA for the respective system and is responsible for setting policies and procedures.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares o r discloses IIF please specify with whom and for what purpose(s): Data shared with National Institutes of Health to process and provide for grant applications

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: RACF - a security tool used on the Mainframe to restrict access to specific files. Technical Controls: User ID, passwords, firewall, VPN, encryption, Smart Cards. Physical Controls: Guards, ID badges, key cards, CCTV. PIA Reviewer A pproval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: May 17, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Post ing (Form) / CDC OCOO ITSO MID-TIER DATA CENTER (MTDC) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 10, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-01-1152-00

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. See comments in Q. 30 re PA determination.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Mid-Tier Data Center (MTDC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Steve Warren

Provide an overview of the system: MTDC provides hosting and operations functions for CDC mission critical systems. MTDC systems include server and system monitoring, backup/recovery, failover, and disaster recovery applications layered on top of hosted systems. See comments in Question 30 regarding Privacy Act determination.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or p ass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): MTDC hosting systems do not share or disclose IIF.

Please describe in detail a ny processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: 31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access controls in place are Administrative -Role based access; Technical - User ID, passwords, firewall, encryption, IDS; Physical - Guards, ID badges, key cards. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Wide Area Network (WAN) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Jun 29, 2006

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-01-1152-00-404-139

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): N/A

System Name: Wide Area Network (WAN)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kenny McKneely

Provide an overview of the system: The CDC WAN provides connectivity between each Domestic CDC campuses, International CDC campuses, and to the world at large

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system does not host a website. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HH S PIA Summary for Posting (Form) / CDC OCOO PGO Integrated Contracts Expert (ICE) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-01-01-2017-00-405-143; (09-20-01-04-01-1020-02)

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. See further comments in Question 30.

OMB Information Collection Approv al Number: N/A

Other Identifying Number(s): Account Title/Code: Control, Research and Training, 7520943

System Name: Integrated Contracts Expert (ICE)

System Point of Contact (POC). The System POC is the person to whom questions about the system a nd the responses to this PIA may be addressed: Terrance Perry

Provide an overview of the system: The ICE system provides to the Centers for Disease Control and Prevention (CDC) a single system for managing the full procurement cycle from procurement request to closing out a contract for all type of procurements. The ICE systems' function is to meet the following Integrated Acquisition objectives: Modern, integrated acquisition automation tool and streamlined processes; Reduced cycle times for all types of procurement actions; Accurate, real-time acquisition-related information that can be used by management to make strategic and planning decisions; Ability to interface with CCR/IVPN; Ability to integrate with government-wide standard requirements; Ability to perform standard electronic procurement transactions (EDI). Information collected is on Vendors. These are institutions and the Privacy Act does not apply to institutions or organizations.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): PGO's system must comply with mandatory federal and department (HHS) reporting requirements (FPDS-NG federally and DCIS departmentally, for example). Consequently, the information collected is required so that those reporting requirements above are met and for the purposes of interface with the local financial management system so that the payment of invoices is made using data sent via ICE.

30. Please describe in det ail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Data collected are vendor/instution information required for CDC business transactions. Data collected:

vendor/institution name and address, financial account information, email address, taxpayer ID number (TIN) which could be the vendor's SSN, and the DUNS number. The data collected will be shared with internal CDC offices (financial management; material management, program office); the Department; and, any federal agency requiring the information to be available. PGO’s system must comply with mandatory federal and department (HHS) reporting requirements, e.g., Federal Procurement Data Systems—Next Generation (FPDS-NG) and HHS Departmental Contracts Information System (DCIS). Consequently, the information collected is required so that those reporting requirements above are met and for the purposes of interface with the local financial management system so that the payment of invoices is made using data sent via ICE. It has been officially determined that the Privacy Act does not apply. System does not constitute a "System of Records" under the Privacy Act because information is collected on vendors. These are institutions and the Privacy Act does not apply to institutions. No SORN is necessary. Therefore there is no PIA weakness.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: The ICE system will adhere to the Automated Information System Security Plan (AISSP) to secure the information. The ICE system uses Active Directory/Windows Authentication for granting access to each user of the system. In addition, users are restricted to limited information in the system based on the role(s) assigned to them by the system administrator. The ICE database is maintained in a secure environment at CDC’s Mid Tier Data Center (MTDC). Technical Controls: User ID, passwords, firewall, VPN, encryption. Physical Controls: Guards, ID badges, key cards. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Dat e: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD Finance Directory (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 26, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-0984-00-404-137

Privacy Act System of Records (SOR) Number: 09-90-0018; OPM GOVT-1

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC Directory

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be address ed: Sandy Chapman

Provide an overview of the system: The CDC Directory provides the capability to create and update CDC/IS Directory Profiles for CDC employees and non-employees who work in association with CDC. The

Profiles within the Directory serve as a resource for employee and non-employee information. Upon initial profile entry, the CDC Directory assigns User ID, which is used for access to CDC 's network and applications.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the syste m shares or discloses IIF please specify with whom and for what purpose(s): System serves as a repository of information for other CDC systems: Active Directory (provides network authentication), PHINDIR (Maintains a directory for contact of individuals in public health), PWMS (manages personnel responding to public health emergencies), and UFMS (travel related payments) .

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls: IIF can only be accessed by authenticated users behind the firewall. Access is limited by user roles and access ranges based on administrative codes. Contact and address information can only be entered and viewed by the user, unless the user has explicitly given permission to authorized admin staff to enter and update information. Technical controls: user id, passwords, firewall, VPN and IDS. Physical controls: guards, id badges, key cards; access to the hardware is monitored and controlled according to ITSO Network policies and procedures. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Date: Feb 14, 2007 Date Publish ed: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD Finance GMIS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-04-00-02-0093-00

Privacy Act System of Records (SOR) Number: 09-25-0036

OMB Information Collection Approval Number: 0920-0428; 0348-0043, 0044, 0040, 0041,0046

Other Identifying Number(s): N/A

System Name: Grants Management Information System (GMIS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Terrance Perry

Provide an overview of the system: GMIS provides end-to-end tracking of Grants and Cooperative Agreements funded by the CDC. Upon determination of funding approval, data provided by applicants for CDC funds are input into the GMIS system and retained for the purposes of obligating grant dollars, issuing Notice of Grant Award documents, and enabling the government to perform oversight and monitoring of awardee activities. Upon completion of a grant program, GMIS also facilitates performing a final closeout of the award program.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares o r discloses IIF please specify with whom and for what purpose(s): HHS, Congress and the White House for tracking and reporting purposes

The Privacy statement disclosed 8 instances in which identifiable data would be shared. Therefore completion of the application form indicates implied consent.

32. Does the system host a website?: No

37. Does the website ha ve any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the syst em using administrative, technical, and physical controls.: All data pertaining to CDC grant awards are secured variously by physical security measures including security guards in relevant buildings and campuses, CardKey and id badges to access CDC areas, and closed circuit TV; Technical controls including firewalled network domains, password controls, and VPN; and administrative controls including access limits based on user role and principle of least privilege. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Date: Feb 14, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD Finance Traini ng (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 14, 2007

OPDIV Name: CDC *3. Unique Project I dentifier (UPI) Number: 009-20-01-09-02-1015-00 (Part of CDC Management of Employee Resources)

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: OD Finance Training

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Higbie

Provide an overview of the system: The Training System allows a user to request training provided by CDC Corporate University or outside vendors. The system initiates the requests for acquisition of training. The system maintains the training records for employees in accordance with the requirements specified by OPM. It also provides the mechanism to track training records of CDC contractors. Included are data elements regarding the request for training, training attendance, and results of the training. It also contains a catalog of CDC Corporate University courses. System does not host a website and only a small portion of the Training System is web-enabled for reporting Individual Learning Accounts (ILAs).

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with who m and for what purpose(s): Shared with HHS System to provide training records for tracking employee courses taken.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The Training System is installed on the CDC Mainframe in a specific Logical Partition LPAR). Administrative Controls: Access to the LPAR is protected through the use of IBM RACF. The data access is role based. The access role and access data range have to be approved and established in a separate system. Technical controls in place are User ID, passwords, firewall, VPN. Physical controls PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date : Feb 14, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD Finance Travel (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 25, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-01-02-0042-00

Privacy Act System of Records (SOR) Number: GSA/GOVT-4; 09-90-0024

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC Travel System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Betty Miller-Barnard

Provide an overview of the system: The CDC Travel System supports all activities involved with the official travel of CDC employees and non-employees who work in association with CDC through the automated preparation, approval and financial processing of travel orders and vouchers. The CDC Travel System application is the means by which CDC official travel is prepared, processed, and stored. The CDC

Travel System was replaced by GovTrip in the Summer of 2006. However, the IIF in this system will remain for finalization of travel payments for trips already in the system and for historical reporting.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Financial Management - UFMS – for payment of expenses; Airline – booking agents; Vendors (hotels/car rentals) – purpose of booking

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of I IF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: Roles and access privileges are defined within the CDC mainframe system. Technical controls: User ID, password, VPN (Virtual Private Network) and firewall control. Passwords expire after set period of time, accounts are locked after multiple invalid attempts; minimum password lengths are required. Physical Controls: Guards are in place, key cards are used and ID badges are required. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy A pproval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Feb 14, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD Finance Tuskegee (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jan 25, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-09-02-1000-00-402-125 (Part of larger system - NCHSTP Admin Systems)

4. Privacy Act System of Records (SOR) Number: 09-20-0096

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Finance Tuskegee Health Benefits System (THBS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tonya Martin

Provide an overview of the system:

THBS was incorporated into the CDC operations in the fall of 1994. It was developed internally by the Participant Health Benefits Program at the CDC to track medical expenses and payments. The primary purpose of the system is to automate the recording of money paid on claims submitted by beneficiaries of the Tuskegee Health Benefits Program. THBS maintains a database of vendors who provide services to THBS beneficiaries. It also maintains a database of original study participants and their survivors with tracking information for each individual including their SSN, name, address, city, start and end date of service, and due date status. This information is mandatory for paying claims submitted by beneficiaries.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the sys tem collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF pl ease specify with whom and for what purpose(s): IIF is shared with a limited number of vendors and health care providers that are involved with the process of making beneficiary medical payments. Vendors/health care providers submit invoices for beneficiary medical payments. (Vendor banking info is transmitted such as company name, SSN or Taxpayer ID and checking/savings routing & account name);

The CDC makes payments to vendors for beneficiary claims after invoices are received (Beneficiary name and SSN included)

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Privacy Act statements are included in writing on the data collection form indicating that the data will be used by CDC and the Treasury Department to transmit payment data, and that furnishing the information is voluntary, but failure to provide the requested information may delay or prevent the receipt of payments. If IIF disclosures or data uses change, individuals will be notified in writing through modification of the Privacy statement. Submission of the form implies consent., but in another sense, submission is mandatory if beneficiaries wish to receive payment for medical services.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative: To ensure the confidentiality, integrity and accountability of the system data, administrative staff assign each user of the system specific access authorization based on the need of the user. A System and Data Access Application is required for each individual requesting access to one of the CDC/ATSDR servers. Technical controls: User ID, Accounts locked after a set period of inactivity and/or incorrect attempts, minimum length of passwords, passwords combinations. Physical controls: guards, ID badges, key cards, records stored in a secure computer mainframe, locked cabinets in locked rooms. PIA Reviewer Approv al: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Date: Feb 14, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD Finance Warehouse (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 23, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: System is included in Exhibit 53 for CDC Management of Employee Resources

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. Authorized users access the system with their CDC User ID. The system retrieves employee information from CDC Neighborhood (Directory) to facilitate printing the order and delivery of items. Employee information is not maintained in the system once the view is closed.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC Warehouse Inventory System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Terrence Perry

Provide an overview of the system: This application is used to provide CDC with an efficient means of ordering, tracking and distributing supplies, thus allowing for the identification of supply costs and expenditure for the purpose of budget planning. Similar to a property book system this system maintains data elements describing warehouse inventory, requests for property from the warehouse and tracking the disposition of restock requirements. Authorized users access the system with their CDC User ID. The system retrieves employee information from CDC Neighborhood (Directory) to facilitate printing the order and delivery of items. Employee information is not maintained in the system once the view is closed. UFMS stores information by CAN.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system c ollect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is not shared with UFMS. UFMS stores information by CAN.

Does the system host a website?: No

37. Does the website have any information or pages direc ted at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical , and physical controls.: No IIF is retained in the system. The elements in the system (not IIF) are secured through technical controls (user id, password controls, firewall, and VPN); administrative controls (data access is role based); physical controls (guards, ID badges, key cards). PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Feb 14, 2007 Date Publis hed: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD FMO ACCPAC (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 25, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-01-02-0281-00-403-132

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Visiting Fellows Payroll System (ACCPAC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kelly H. Cook

Provide an overview of the system: The Visiting Fellows Payroll System consists of a commercial off-the-shelf (COTS) software package (ACCPAC) that has been customized for the CDC environment, and is designed to produce payroll functions. The system is used to: Process payment for Visiting Fellows and EIS Officers; Calculate federal, state, FICA and unemployment taxes; Create year end W-2’s for tax purposes; Generate earnings statements, check register, state tax report, reverse checks and other payroll related reports.

13. Indicate if t he system is new or an existing one being modified: Existing

Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the s ystem subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF will only be shared electronically for tax purposes with the Social Security Administration (SSA) and with the Revenue Divisions of the states in which the Visiting Fellows and EIS Officers are employed, as is required by law. This is not data matching and there is no matching agreement.

Does the system host a we bsite?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The IIF is secured by numerous methods. Administrative controls: A very small number of users have access to the IIF. All requests for access to the data pass through appropriate management approval chains and are tightly scrutinized. Technical controls: user ID, passwords, and firewall. Physical controls: The data are kept within a controlled access facility, which includes security guards, card key access, and identification badges. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Feb 14, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD FMO HI.net/IRIS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: May 4, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-01-02-0117-00-402-125

4. Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. See full comments in Q. 30.

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: HI.net / IRIS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Teresa Kinley

Provide an overview of the system: HI.net is an important step towards a suite of web-enabled tools for agency-wide planning, execution, and performance. The system contains budget, strategy and extramural information. HI.net extends the functionality of IRIS to a .net enviornment and is designed to transparently provide CDC leaders with the basic information they need to manage complex portfolios of public health activities to achieve CDC's Health Protection Goals and implement CDC's Strategic Imperatives. Records are not primarily retrieved by IIF; most often retrieved by Project ID, National Center or Administrative Code, which is not IIF.

13. Indicate if the system is new or an e xisting one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Priv acy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not share nor disclose IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: Role based access. Technical Controls: User ID, Firewall, VPN, Encryption, Windows authentication. Physical Controls: Guards, ID badges, key cards PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007

Date Published: Jun 26, 2008

06.3 HHS PIA Summa ry for Posting (Form) / CDC OD FMO IVR (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 25, 2007

OPDIV Name: CDC

U nique Project Identifier (UPI) Number: 009-20-01-02-1348-00-402-139

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identi fying Number(s): N/A

System Name: Interactive Voice Response System (IVR)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kelly Cook

Provide an overview of the system: IVR is an automated response system that enables vendors and travelers to check the status of invoices and payments through the use of touch-tone options. IVR is an inbound and outbound system with the Department of Health and Human Services (DHHS) Unified Financial Management System (UFMS), where some interfaces are in real time. IVR provides automated information for: Invoice and payment activity for a specific invoice; Invoice and payment activity for the most recent ten transactions; Invoice and payment activity for the last 60 days via a faxed report. This includes paid invoices, invoices scheduled for payment, and cancelled invoices. For payment status of a specific invoice or the last ten, the IVR System will receive real-time information from UFMS. For Fax-back information, the information is “quasi-real-time”, since the information is faxed after the information is submitted, and there could be a delay in the time of the transmission.

No IIF is collected, maintained, or disseminated by the IVR system.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) o r website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF in system

individuals regarding what IIF is being collected from them and how the information will be used or shared: System contains no IIF.

32. Does the system host a website?: No

50. Are there policies or guidelines in place with regard to the retention a nd destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: System contains no IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Feb 14, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD FMO TOPS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Mar 27, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-01-02-1020-00-402-124

Privacy Act System of Records (SOR) Number: 09-90-0024

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Total On-line Processing System (TOPS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Daniel Hardee, Kelly Cook

Provide an overview of the system: The Total Online Processing System (TOPS) processes grants related transactions and serves as a repository for all CDC historical accounting activity, i.e., data that are older than April, 2005. TOPS was formerly CDC’s core financial accounting system. Everything that CDC paid went into TOPS – purchases, travel, course fees, grants, etc. However, as of April, 2005, the Unified Financial Management System (UFMS) became the CDC financial system of record. Nevertheless, TOPS continues to process grants transactions (given to institutions, not individuals), which are then fed into UFMS. In 2007 it is expected that UFMS will begin receiving grants information directly.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system colle ct, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please spec ify with whom and for what purpose(s): System does not share or disclose IIF

The IIF in this system is historical and cannot be changed. There will be no major changes made to this system that involves IIF and requiring notification or consent.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrati ve, technical, and physical controls.: The IIF is secured by numerous methods. Administrative controls: No users, outside of CDC's FMO, have access to the IIF. All requests for access to the data pass through appropriate management approval chains and are tightly scrutinized. For example, only two CDC employees are authorized to query IIF from the TOPS Vendor table. Technical controls: user ID, passwords, and firewall. Physical controls: The data are kept within a controlled access facility, which includes security guards, card key access, and identification badges. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO OCISO_Electronic Foodborne Outbreak System_Umbrella_eFORS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 16, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9721-00-110-246

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Electronic Foodborne Outbreak Reporting System 2.0 (eFORS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Chris Braden

Provide an overview of the system: eFORS is a National Outbreak surveillance system. The information collected is aggregate foodborne outbreak data used to analyze outbreaks from 50 states and 14 U.S territories. eFORS contains data about the outbreak as a whole and approximate percentages of cases in broad age groups and estimated percentages of the total number of cases that were male and female. No individual case information is collected; therefore no IIF is collected through this system. The information stored is used by both the states and CDC. Due to the complex language of the data in eFORS, another

module called aFORS will extract the data from eFORS into a format for internal CDC use in a database type program.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s ): System does not contain IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: System does not contain IIF. PIA Reviewer Approval: Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: May 18, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summar y for Posting (Form) / CDC OD OCOO OCISO_Global Aids Program Reseach_Umbrella_GAP RC (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of thi s Submission: Apr 13, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-02-00-02-9509-00-404-142 - 009-20-02-00-02-9509-00

4. Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. IIF is employee business contact information and retrieval is not by IIF.

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Global Aids Program Research (GAP RC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Debra Mosure

Provide an overview of the system:

The GAP RC project will provide a compendium of research projects that the Global Aids Project (GAP) conducts in 25 countries around the world. This database will consist of a catalogue of the projects that can be searched by country, technical area, and other variables. Utilizing the catalogue will allow CDC staff to share research information more efficiently and effectively across countries and enable CDC staff in different countries to be aware of projects that others staff members have completed elsewhere. This should improve the efficiency and effectiveness of GAP initiatives by preventing staff from starting new projects that have originated in other regions or countries. A total of 60 users (local, U.S. nation-wide and international users) will access this system with write and read access to existing and future GAP projects. Public Health Impact – By increasing the ability of staff in participating GAP countries to share project information, successful projects can be more easily repeated or enhanced in other locations. Staff members will also experience simplified ways to identify areas where specific project types are missing, and more efficiently address the HIV/AIDS needs across all of the GAP countries. System does not constitute a "System of Records" under the Privacy Act. The IIF collected is employee business contact information. The Primary method of retrieval is by project title, project ID, or IRB protocol number.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store) , disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Protocol Number

IRB classification

Research status

IRB Deferral

Project title

Project description

Principal Investigator

Technical area

Country

-Start date

-End date

Related publication

first Author

-URL link

- Meeting where the abstract was referenced The system is used to store information more efficiently and avoid duplication of effort The information contains IIF and submission is mandatory for IRB requests. Otherwise, users are able to create and voluntarily submit their name into the system. IIF is employee business contact information and retrieval is not by IIF. It has been officially determined that the Privacy Act does not apply because IIF is employee business contact information and retrieval is not by IIF. Therefore, there is no potential weakness.

Please describe in detail an y processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A - No process or consent required as system functions for work purposes only and only name is collected. Because IRB requires a name, this constitutes implied consent. Otherwise, users have the ability to create project with their name. The Primary method of retrieval is by project title, project ID, or IRB protocol number. If major changes to the system required contacting users, there would be a system-wide notification process.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Access Controls: The IIF will be secured by logical access controls. User ID and passwords will be given to CDC/GAP staff only to limit access to the system. Technical Access Controls: User ID, Passwords, Firewall, VPN, IDS, CAC. Physical Access Controls: Guards, ID badges, key cards. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO OCISO_Laboratory Response Network_Umbrella_LRN (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 10, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-0881-00-110-031

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: LRN version 2.0

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sherrie Bruce

Provide an overview of the system: The Laboratory Response Network (LRN) was created in response to Presidential Decision Directive 39 and has become a national asset in terrorism preparedness and response. Since it began in 1999, the LRN has responded to thousands of terrorism-related and high-profile public health events and emergencies. The LRN played a pivotal role in the detection and investigation of the anthrax attacks in 2001, SARS and monkeypox outbreaks in 2003; and provided technical assistance and laboratory surveillance during multiple National Security Special Events, including the 2004 national political conventions and 2002 Winter Olympics.

The LRN continues to address the nation's needs for terrorism preparedness and response by providing and improving critical laboratory capacity for threat agent detection and identification. Originally, the LRN concept was to network state and local public health laboratories. However, vulnerabilities beyond the scope of clinical laboratories extended the LRN's capacity. The LRN has moved beyond state and local PH labs and now includes international, federal, military, food, environmental and veterinary labs. Because the Bioterrorism Preparedness and Response Program/Laboratory Response Branch (BPRP/LRB) provides network coordination, technology transfer, reagents and supplies, proficiency testing, and technical guidance for the LRN, continued funding is crucial to the LRN's success. Funding is also needed to expand and refine the LRN. The LRN expects to increase its capacity, expanding its food, veterinary and environmental testing

capability. The LRN Website is used to provide the members of the LRN with a central repository of information on protocols, reagent ordering, and training. No IIF is collected, maintained or disseminated.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

LRN does not collect, maintain or disseminate IIF. System is used to provide members of the Laboratory Response Network with a central repository of information on protocols, reagent ordering, and training.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is collected. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 16, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Congenital Anomaly Surveillance Electronic System_Umbrella_CASES (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 6, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-1032-00

Privacy Act System of Records (SOR) Number: 09-20-0136

OMB Information Collection Approval Number: N/A

Othe r Identifying Number(s): CDC IRB 1955

System Name: Congential Anomoly Surveillance Electronic System (CASES)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed : MICHAEL ATKINSON

Provide an overview of the system: The system collects and maintains surveillance data on birth defects in the Atlanta Metropolitan area. MACDP has been collecting, analyzing and interpreting birth defects surveillance data since 1968, following the Thalidomide tragedy. Cases are identified by medically trained abstractors at birth hospitals, pediatric hospitals, laboratories, prenatal clinics, and other sources. Because data comes from multiple sources, it is necessary to be able to recognize when the same case has been identified in two different places. For this reason, sufficient identifying information is collected to recognize duplicates, even in the case of twins. Once cases come into the office, they receive multiple levels of review, including clinical review by a dysmorphologist and geneticist. Possible trends in birth defect prevalence are monitored using a Cumulative Sum (CUSUM) technique.

13. Indicate if the system is new or an existing one being modified: New

17. Doe s/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Emory Down Syndrome Study National Birth Defects Prevention Study (NBDPS) Georgia Department of Human Resources They use the data to provide services. Our authority to collect the data comes from their designation of birth defects as a reportable condition, and their designation of us as their agent to monitor birth defects. Metropolitan Atlanta Developmental Disabilities Surveillance Program (MADDSP) We are a source of case ascetainment for their surveillance system. Health and Environment Linked for Information Exchange (HELIX) and Air Pollution and Heart Defects Study This is a collaborative project. It also provides some GIS coding. We send them addresses, and they return the latitude and longitude. They do not retain the identifiers. Also, our staff use DOB, and may use other fields, but identifiers do not go to other researchers outside of our surveillance staff.

31 . Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: As a surveillance system, the data is collected without the knowledge or consent of the patients. Is this correct?

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and de struction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.:

ADMINISTRATIVE - ROLE BASED ACCESS TECHNICAL - USERID, PASSWORD, FIREWALL, ENCRYPTION, BIOMETRICS PHYSICAL - GUARDS, ID BADGES, KEY CARDS, BIOMETRICS PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 23, 2007 Da te Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Corrections and Substance Abuse Activities_Umbrella_CSAA Lead (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Mar 22, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

(FY07): 009-20-01-01-02-1000-00-402-125 (FY08): 009-20-01-01-02-1000-00

Privacy Act System of Records (SOR) Number: No – System does not constitute a “system of Records” under the privacy Act. Records are not retrieved by IIF

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: CSAA Lead (Corrections Substance Abuse Activities Lead)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Terry Bolden

Provide an overview of the system: CSAA Lead is a CDC-wide portfolio of all CSAA related projects. It is primarily used by NCHSTP to monitor the funding of CSAA projects and respond to congressional inquiries related to CSAA spending. The system tracks the distribution of CSAA funds by fiscal year, stores selected programmatic data related to each project and links this information to strategic goals and objectives. Although the system contains the name of the project officier/investegator associated with each project, records are not retrieved by name.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system? : Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Obligated and supplemental funding per fiscal year

CSAA Strategic Plan objectives and activities

-Project functional area or mission category

- Target population descriptors

-Project location (city and state) No IIF is collected. Submission is voluntary.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Though logical/technical controls (passwords and UserIDs) physical controls (no badges) and administrative controls (security policies and rules of behavior)

PIA Reviewer Approval: Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Electronic Staff Tracking System_Umbrella_eStaff (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PI A 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 11, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

FY 07: 009-20-01-09-02-0544-00-403-250 FY 08: 009-20-01-09-02-0544-00

P rivacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Electronic Staff Tracking (eStaff)

System Point of Contact (POC). The System POC is the person to wh om questions about the system and the responses to this PIA may be addressed: Tonya Martin

Provide an overview of the system: eStaff is used by NCHSTP personnel specialist to track detailed personnel and organizational information. Personnel and vacancy information is updated within E-Staff automatically via nightly downloads of CDC directory information and mainframe personnel data. Additional organizational and unit specific information is entered into the system manually. The resulting data set is used by E-Staff to generate up-to-date personnel reports for HRMO and Center senior staff. It is also used for populating the NCHSTP organizational chart available on the CDC Intranet.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the s ystem shares or discloses IIF please specify with whom and for what purpose(s): This information is only shared among NSHHSTP administrative staff specialists to track NCHHSTP open and vacant positions.

-Staffing number

Admin Code

Category

Field position (Y/N)

-SSN

Name

Position Title

-Pay Plan

Grade

Vacancy Description

Reports to

Duty station

Expiration date

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: CDC approved User ID’s and passwords are used to access this system. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr . Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 30, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Equal Employment Opportunity Tracking_Umbrella_EEO Tracking (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: May 16, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number:

(FY07): 009-20-01-01-02-1000-00-402 (FY08) 009-20-01-01-02-1000-00

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: no

Other Identifying Number(s): no

System Name: Equal Employment Opportunity Tracking (EEO Tracking)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tonya Martin

Provide an overview of the system: The EEO Tracking System automates the complaint process for NCHHSTP. The Prevention and Support Office (PSO) serves as a coordinator of documentation requests for these complaints. Complaints and documentation requests help PSO determine which issues to address in future training sessions for employees and management. The scope of the EEO Tracking System will include a data entry vehicle for NCHHSTP/PSO to store EEO complaints and reporting capability for all information entered.

13. Indicate if the system is new or an existing one being mod ified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Date Reported

Date assigned

Complaint type

Name (Complainant)

Organization

-City, State

Complaint against (Name)

Case number

Due date

Resolution

Comments

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: role based access. Technical Control: User ID, passwords firewall, VPN, CAC, Physical Controls: Guards, ID badges, key cards.

PIA Reviewer Approval: Comments: PIA Reviewer Name: Alice M. Brown

Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 15, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_International Cable Processing_Umbrella_INCA (Item) PIA SUMMARY AND APPRO VAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Apr 20, 2006

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-0984-00-404-142

Priv acy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: International Cable Processing System (INCA)

System Point of Contact (POC). The System POC is the per son to whom questions about the system and the responses to this PIA may be addressed: Doris Riggs

Provide an overview of the system: The International Cable System (INCA) is used to send unclassified, and sensitive but unclassified (SBU) international cables, as the primary means of official communications between CDC and its field posts, Department of State (DOS) embassies. The system provides users the ability to create and approve new budget, travel, and personnel cables. Users will also be able to process and approve existing Notification of Foreign Travel system cables. A membership model and AD user roles are built into the accounts to allow access to information based on role. The system will be used by FTE and Contractor staff. This requirement is derived from the country authority of Ambassadors and Chiefs of Mission, 22 U.S.C. 3927 and E.O. 10893, Part II, 11/8/60.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

STATE Department for travel clearance HHS/OGHA for travel clearance

the sense that the information is mandatory in order for the FTE to travel, his/her providing it is also mandatory. Travelers submit a completed travel request form to travel preparers. The travelers are told that the information will be used for country clearance cables and HHS. Travelers are told by written, electronic, fax notice where applicable. The information is shared with HHS, DOS and traveler.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured o n the system using administrative, technical, and physical controls.: The system is backed up regularly by ITSO. The data will be maintained for 2 years before it is to be destroyed. However, certain CIO’s may require SLA/MOU agreements with ITSO to retain data longer than 2 years. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 23, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Manuscript Tracking System_Umbrella_MTS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 1, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9323-00

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: N/A

Other Identifying Number( s): N/A

System Name: Manuscript Tracking System - (MTS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Salaam Semaan

Provide an overview of the system: Manuscript Tracking System - (MTS) Servers the purpose of automating and enhancing the submission and clearance of manuscripts, abstracts, posters, articles, etc. It produces computer-generated versions of the CDC 0.567 Clearance form, the Division Cross-Clearance Memo. the Routing and Transmittal Form and the Cross Clearance Memo. MTS is the designed to expedite, through partial automation, the process of approving manuscript publication and presentation clearances for the Coordinating Center of Infectious Diseases (CCID) NCHHSTP and other Centers within the Agency. It enables authors/users to track the status of particular clearances and provides a permanent electronic history of the manuscript.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If t he system shares or discloses IIF please specify with whom and for what purpose(s): MTS does not share nor disclose IIF

Active Author: an author that appears in the MTS database under the Authors list and can be affiliated with a clearance

Branch: Branch refers to the location where the approver of the clearance works (for example, Behavioral Interventions and Research Branch)

Classification: classification refers to the class where the approver works

Clearance: A Clearance is an article, poster, abstract, slide and any other document required for review prior to public release

Cross Clearance: A clearance that flows across divisions for approval

Division/Office: Division/Office refers to the office from which the journal/article was originated (for example, DHAP, HIV Intervention)

Forms: Forms are documentation required for clearance approval

Inactive Author: An author that will appear in the MTS database under the Authors list, but can not be affiliated with a clearance

Medium: Medium refers to the way that the information in the project will be presented (for example, an audiovisual exhibit or an article in a publication)

Origin/CIO: Origin/CIO refers to the location in which the clearance was produced (for example, EPO)

Publication/Presentation Clearance Form (CDC 0.576): MTS generates a CDC 0.576 form to accompany documents and other items requiring clearance. All items except that intended for publication in the CDC MMWR Series should have this form. This form contains all the information provided in an existing Clearance

Routing and Transmittal Slip: MTS generates the Routing and Transmittal Slip to accompany documents or other items requiring clearance. This slip is used when forwarding a clearance between individuals. The individuals would sign and date the slip then forward to the next recipient

Report: A list of clearances, usually printed, that can be filtered and sorted by MTS users

Section: Section refers to specific area within the Branch where the approver of the clearance works (for example, Epidemiological Studies Section)

Status: Located on the Status Maintain Authors page. If the author is active then they can be entered on a project that they have helped to write. If the author is inactive then they are entered in the system, but they can not be entered as an author on a project

Title: Title refers to the name of the article or journal on the General Information tab. It also refers to the title of the approvers (for example, Chief, ESB) on the Approvers tab and the Cross-Clearance tab under the Clearance page

Journal: Journal refers to the journal in which the project will be published

Meeting: The meeting at which the project will be presented

Primary Author: The First author affiliated with a clearance (not in all situations). MTS is currently being used by several divisions of NCHHSTP which includes the Division of Tuberculosis (TB), the Division of Sexually Transmitted Diseases and Prevention (DSTDP), the Division of HIV, AIDS Prevention (DHAP), and the Office of the Director, NCHHSTP (OD).

changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No opportunities for consent; however, authors are notified through automatically generated email messages. In the event that major changes occurred in the system which required notification, a process would be put into place at that time.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative / Technical / Physical controls: User ID's, Firewalls, Guards, ID Badges, Key Cards. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign -off Date: Oct 23, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Program Annual Reports and Progress Assessment_Umbrella_PAPA (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Apr 20, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-04-00-02-1036-00-402-124

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Program Annual Progress Assessments (PAPA)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert Avey

Provide an overview of the system: The system provides an electronic interface for 64 grantees to use to provide annual immunization program management and performance data. This reporting is a required component of the grant process. See comments in Question 30 regarding Privacy Act determination

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through I IF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

3. If the system shares or discloses IIF please specify with whom and for what purpose(s): Data collected by the system is available within CDC National Center for Immunization and Respiratory Diseases (NCIRD) and to Public Health officials in state health departments. The program managers’ name, phone number and email are the only IIF that is collected and available to other NCIRD and grantees, as a point of contact for further information about the program.

Please describe in detail any processes in place t o: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Program managers at state health departments enter IIF in system. They are aware of how the IIF is used. They voluntarily submit data and there is implied consent that data will be available to other grantees and CDC NCIRD.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls include digital certificate access granted only to approved users. Technical Controls: User Id, passwords, encryption and public key infrastructure. Physical controls: Security guards, ID badges and key cards. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 3, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Public Comment Review Website_Umbrella _NPCRW (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Oct 12, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9523-00-110-246

Privacy Act System of Records (SOR) Number: No. System does not constitute a 'system of records" under the Privacy Act

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: NCPDCID Public Comment Review Website (NPCRW)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jeff Wages

Provide an overview of the system: CDC’s Travelers’ Health information currently resides statically at: www.cdc.gov/travel/destinat.htm. The system referenced in this PIA will redeploy that same information as a dynamic web site using .NET. The information stored is CDC cleared web content and will be stored in a SQL DB. No personal information of any kind is collected, stored or reported in this process. The content stored is information about the current state of affairs within each destination/country that may effect a travelers’ health. This includes but is not limited to recommended vaccinations, travel notices and specific diseases that are of concern in each country (e.g., Malaria).

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not contain IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: System does not contain IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 24, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summ ary for Posting (Form) / CDC OD OCOO_Public Health Information Network Vocabulary Services_Umbrella_PHIN VADS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jun 5, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-01-0908-00-110-246

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifyin g Number(s): CDC Internal 0920-0423X

System Name: Public Health Information Network Vocabulary and Distribution System (PHIN VADS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mamie Mabery

10. Provide an overview of the system: The PHIN VADS system consists of a multi-tiered web site environment. All content served by PHIN VADS is public, non-sensitive information. All PHIN VADS components are located in the PWP environment in the MTDC. The PHIN VADS system is comprised of specific devices, components, and subsystems that are critical to the functionality of the system as a whole. Each PHIN VADS component has a separate role in delivering PHIN VADS content.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF wit hin any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of II F?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF collected by the system. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Officia l for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Dec 10, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Statistical Analysis System Licensing Activities Progr am_Umbrella_SAS License (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 1, 2007

OPDIV Name: CDC

U nique Project Identifier (UPI) Number: 009-20-02-00-02-9509-00-404-142

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Statistical Analysis System (SAS) License

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tonya Martin

10. Provide an overview of the system: SAS License is a web-based on-line ordering and approval system that is accessible vis CDC Intranet and the extral internet. SAS License was developed in coolaberation with IRMO to facilitate three main functions:

-Ordering SAS Software licenses

Approve SAS software licenses

Shipment of SAS licenses

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Grant or Cooperative Agreement Numbers and Title

Grant or Cooperative Agreement Holder Institutional Name

Principle Contact Information (business name, title, email address, and phone number)

-SAS Products used

Location of use (business address)

Number of users ( in the case of a server product, include remote users)

Number of processors the server has on it, if SAS is installed as an "Application Server" The information contains no IIF. Submission is voluntary.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secu red on the system using administrative, technical, and physical controls.: The IIF wil be secured by logical access security controls (UserID's and passowrds). PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Priv acy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 3, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Surveillance Preparedness Awareness and Response_Umbrella_SPARx (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

1. Date of this Submission: Jan 30, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-00-1271-110-218

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collecti on Approval Number: N/A

6. Other Identifying Number(s): NONE

7. System Name: Surveillance, Preparedness, Awareness and Response - (SPARx)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Lindsey

Provide an overview of the system: SPARx is Surveillance and Tracking system for the private sector and the public sector inventory levels of critical medical material that can be used in the treatment of disease and injury resulting from a terrorist attack, epidemic, or a natural disaster. This phase focuses on the manufacturing and distribution of influenza vaccine. The system will essentially be a data warehouse of nationally available inventory and location information that can be monitored.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please s pecify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destru ction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 16, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Suspense Tracking and Reporting_Umbrella_STAR (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 10, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

(FY07): 009-20-02-00-02-9509-00-404-142

(FY08): 009-20-02-00-02-9509-00 (OMB reduced the UPI to 17 digits for FY 2008)

Privacy Act System of Records (SOR) Nu mber: No. See comments in Question 30 regarding Privacy Act determination.

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: STAR – Suspense Tracking and Routing (Rollup under NCHHSTP Admin Systems)

Sys tem Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nancy Haban

Provide an overview of the system: When the CDC Program and Grants Office (PGO) receives a request from a Grantee to change a grant, they log onto STAR by the grant award number to create a ticket and enter the information from the request. The Award # is used to retrieve the grant information, including business contact information for CDC Project Officer and grantee) from the CDC Grants Management Systems (GMIS or IMPAC II) and automatically enters it into STAR. See comments in Question 30 regarding Privacy Act determination.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the s ystem shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF with any entities outside of CDC. Within CDC, the IIF is shared within each organizational unit, for example, a Division, and not across organization units. The exception is PGO, who works with each Division. However, PGO can not share information across Divisions. The purpose of sharing the IIF (First Name, Last Name) is to determine who is responsible for addressing Grantee’s request; normally, the Project Officer assigned to the Grant.

changes from CDC management. Grantees are aware that change requests will be shared with the designated CDC Project Officers and those responsible for making a determination on their requests. STAR users (CDC employees) must have an active userID to access STAR through Windows Authentication, They enter IIF in the system so consent is implied, and they are aware of how IIF is used and any changes in disclosure or data use Employees receive email notification of changes to the system.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail h ow the IIF will be secured on the system using administrative, technical, and physical controls.:

Physical controls: Appropriate physical security controls, such as card key access, guards, locks are in place. Technical controls : The system utilizes Windows Authentication to grant access to users. This way, only CDC personnel, FTE and Contractors, who have a valid CDC LAN ID can access the system. To obtain a LAN ID, everyone must go must meet all CDC security requirements. In addition, within the system, there are various levels of access as well. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 16, 2007 Date P ublished: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_The TRAX System_Umbrella_TRAX (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 27, 2006

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-029509-00-404-142

Privacy Act System of Records (SOR) Number: N/A – system does not constitute a “System of Records” under the Privacy Act

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: TRAX

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Craig Suder

Provide an overview of the system: TRAX is a Web-based stsem available through the Centrers for Disease Controla and Provention's (CDC's) intraner for tracking and monitoring key fiscal and programmatic suspense information relevant to the administration of CDC grants and cooperative agreements program. The TRAX system's characteristics re

Web-based - no desktop installation required

Secure

Remotely accessible through Citrix Connection

Automatic Notification

Internal Timer for designated turnaround time

Proxy assignment - every user must have a designee as proxy

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, Does not contain IIF

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guid elines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain IIF. PIA Reviewer Approv al: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Dec 13, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Transparent Reporting of Evaluations_Umbrella_TREND (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 25, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9323-00

Privacy Act System of Records (SOR) Number: N/A – system does not constitute a “System of Records” under the Privacy Act

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Transparent Reporting of Evaluations with Non-Reandomizing Designs (TREND) Web Site

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carolyn Guenther-Grey

Provide an overview of the system: The focus of the TREND project is to help better promote reporting of important data in scientific publications. The TREND group authored a scientific publication presenting the initial guidelines for reporting data from experimental trials. These guidelines were called, "The TREND Statement". The CDC staff working on this TREND project has agreed to help disseminate the TREND Statement by hosting a web site to post the TREND Statement and related groups, comments, etc. The web

site is designed to make this information readily availableto scientests as they attempt to follow these guidelines when preparing their scientific manuscripts for journal publication.

13. Indicate if the system is new or an existing one being modified: New

21. Is the sys tem subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Ar e there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: There is no IIF contained within PRS. However, administrative controls consist of role-based access requirements, e.g., Administrator, Supervisor, Content Analyst, Libarian, and observer. Technical controls consistof users having a valid CDC ID, password, and client application installed on their computer to gain access to PRS. Physical controls consist of security badges, keycards, security guards, and closed circuit monitors to limit access. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 3, 2007 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_Umbrella_CDC Neighborhood (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 7, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-0984-00-404-137

Privacy Act System of Records (SOR) Number: N/A – system does not constitute a “System of Records” under the Privacy Act

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: CDC Neighborhood

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sandy Chapman

10. Provide an overview of the system: CDC Neighborhood is a contact and self-service profile application for all users at CDC. Users can look up public contact information for other CDC employees, contractors or affiliates. The application also functions as a self-service profile for ech user at CDC. The primary goal of the Neighborhood is to creat a user-frindly web-based search function and personnel information application to assist with emergency and non-emergency field staff deployment, as well as directory searches. The functionallity will allow users to enter a personal and work-related information that can be queried by seperate applications. Such functionallity will assist the CDC to comply with national and agency regulations related to security and administration of people with access to CDC and its resources.

13. Indicate if the sy stem is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subje ct to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Emergency Coordinators and those with the authority who need to know emergency contact or deployment -related information. The system shares this information with severla emergency response systems including PHIN DIR and PWMS.

Does the system host a website?: Yes

7. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be sec ured on the system using administrative, technical, and physical controls.: Access is for Intranet users only. The system uses Windows Integrated Authentication (WIA) and onlt the authenticated user can access thier profile information. Disabled users or expired accounts are prohibited by a system validation process from accessing the application.

06.3 HHS PIA Summary for Posting (Form) / CDC OD OSPTT Automated Specimen Tracking & Retrieval Operations (ASTRO) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Nov 25, 2003

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-1030-00-110-219

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: ASTRO

System Point of Contact (POC). The System POC is the person to whom questions about the sy stem and the responses to this PIA may be addressed: Kathy Spruill

Provide an overview of the system: Catologs, stores, tracks, and retrieves specimen collections.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/ Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Secure One HHS migration Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Date: Aug 18, 2006 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / PUBLIC HEALTH INFORMATION NETWORK (PHIN) MESSAGING SYSTEM (MS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009200124010908000110030

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Public Health Information Network (PHIN) Messaging System (MS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tim Morris

Provide an overview of the system: PHIN-MS is a secure, reliable message transport system used to send information between national laboritories, state health departments, and the CDC via the internet. PHINMS is key to assisting local and state public health organzations accomplish syndrome surveillance. As health information comes in from sources across the nation, epidemiology CDC analyze it and watch for trends that would indicate a disease cluster is is occurring in specific neighborhoods.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), recor d(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF in the system.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: System does not contain nor transport IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments : Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 6, 2008 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / Resource Index (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 12, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1512

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: RESOURCE INDEX

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addresse d: Kimberly Thurmond

Provide an overview of the system: This system is a subject driven searchable database used by CDC employees. CDC employees refer inquiries from the public to the correct offices within CDC.

13. Indicate if the system is new or an existing one being modified: This system is a subject driven searchable database used by CDC employees. CDC employees refer inquiries from the public to the correct offices within CDC.

17. Does/Will the system collect, maintain (store), disseminate and/ or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A RESOURCE INDEX Does Not collect or share IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thi rteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A RESOURCE INDEX Does Not collect or share IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 17, 2008 Date Published: Jun 26, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC African American Men who have Sex with Men (AAMSM) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 27, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: NO

Privacy Act System of Records (SOR) Number: NO

OMB Information Collection Approval Number: NO

Other Identifying Number(s) : NO

System Name: African American Men who have Sex with Men (AAMSM)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carolyn Guenther-Grey

Provide an ove rview of the system: The purpose of AAMSM data collection system is to permit funded sites to perform the following activities:

Manage venue information and venue testing activities for alternate venue testing and targeted outreach strategies

Manage interview data and other information about at-risk individuals who are nominated via the social networks and PCRS strategies

Manage clients’ demographic, HIV risk, HIV CTR, and strategy-specific information

Manage time and cost information collected for each strategy

Manage project staff details (e.g., time spent on a specific strategy activity, hourly rate)

Generate custom reports that summarize project data (by and across strategies) and facilitate effective program monitoring and evaluation The desired impact of this project is to improve the public's health by reducing the number of new HIV infections occurring each year in the United States. The goals of this project are to increase the proportion of HIV-infected African American MSM in the U.S. who are aware of their status and linked to appropriate prevention, care and treatment services. To accomplish these goals, project staff and grantees will evaluate the relative effectiveness of testing strategies based on existing models (e.g., mobile testing and alternative venue testing to make testing more accessible, using social networks of HIV-infected persons to refer at-risk peers for testing, and partner counseling and referral services). This project supports the following CDC Health Protection goal: Healthy People in Every Stage of Life. Although this project can potentially impact people in all life stages, the focus of the project is on improving the health of adults. The target population is 18 – 24 year old African American MSM. AAMSM will continue from 6/2008 until 10/2010.

13. Indicate if the system is new or an existing one being modified:

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The funded grantees will collect and maintain the following information

Venue information and venue testing activities for alternate venue testing strategy

Interview data and other information about at-risk individuals who are nominated via the social networks and PCRS strategies

Clients’ demographic, HIV risk, HIV CTR, and strategy-specific information

Manage time and cost information collected for each strategy

Project staff details for the staff who are involved in various activities of the project (e.g., time spent on a specific strategy activity, hourly rate)

The information collected at the sites will be sent to the CDC via secure data network (SDN) for analyzing the data collected.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NO PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 28, 2008 Date Published: Sept 8. 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCCHIS NCPHI DEOC Request System (DRS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-1255-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Appro val Number: N/A

Other Identifying Number(s): N/A

System Name: DEOC Request System (DRS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kim Hinton

Provide an overview of the system: This system is used by the CDC Emergency Operations Center to manage and track tasks that come into the Operations Center.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF ple ase specify with whom and for what purpose(s): The system does not share or disclose IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: CDC EMSSP security controls are adequate to protect the IIF contained within this system. The controls ensure a common baseline level of protection is met for all CDC information systems. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Officia l for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 28, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR Hazardous Substances Emergency Event System - (HSE ES) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Nu mber: 009-20-01-02-9221-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: HSEES (Hazardous Substances Emergency Events Surveillance)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Maureen Orr

Provide an overview of the system: The Hazardous Substances Emergency Events Surveillance (HSEES) system was established by ATSDR to collect and analyze information about acute releases of hazardous substances, as well as threatened releases that result in a public health action such as an evacuation. The goal of HSEES is to reduce the morbidity (injury) and mortality (death) that result from hazardous substances events, which are experienced by first responders, employees, and the general public.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The Hazardous Substances Emergency Event Surveillance application collects company name and address information on the event location and the parties responsible for hazardous chemical events. Addresses of individuals (private households) are also collected, but not their names. The application also collects name (government employee), agency, address, and phone information on the party who notified the state

department of the event. The address information is used to determine the latitude/ longitude values, and demographics/ proximity information of hazardous events to aid in prevention and outreach. The name of the event location is used to determine the type of industry that was involved with the hazardous release. The notification information is used for contact purposes in case data received is incomplete. User names, states, and email addresses are stored for user roles and privileges. IIF is only shared or disclosed to HSEES users who are State and International Partners (State Health Departments). Each state can only access their data. DHS users can access data from all states but name, address, and phone fields are encrypted. NOTE: IIF is NOT retrieved by Privacy data.

Name, address, and phone # of the source that notified the state health department of the event and the date of the notification.

Time, date, and day of the event.

Geographic location (street, city, county, state, zip, country, latitude, longitude)

Name of the event location, and the party responsible for the release.

The type of industry involved

The proximity and demographic (land use and nearby population information to estimate the number of persons potentially exposed)

Place within the facility where the event occurred

Event type (fixed-facility or transportation related event)

Factors contributing to the release

The substances released

Environmental sampling and follow-up health activities

Specific information on injured persons: age, sex, type and extent of injuries, distance from spill, population group (employee, general public, responders, student), and type of protective equipment used

Information about decontaminations, orders to evacuate or shelter-in-place Data are used to:

Provide presentations of data from HSEES to industries that account for a significant number of spills to help plan prevention strategies

Provide data for Hazardous Material training courses, including data on the risk of injury from methamphetamine labs

Provide data to establish and maintain protection areas for municipal water systems

Provide data by county on spills to assist with the proper placement of Hazardous Material teams and equipment

Distribute fact sheets on frequently spilled chemicals or chemicals that cause a disproportionate number of injuries, such as chlorine and ammonia

Distribute newsletters or fact sheets to industry, responder, and environmental groups

Provide presentations for state and local emergency planners

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrati ve, technical, and physical controls.: Administrative: Users are assigned unique roles and privileges depending on their titles. The HSEES system administrator is responsible for assigning these roles. Technical: Depending on the user’s role certain fields containing IIF data are encrypted. Company name, address, and telephone information are entered by and visible to State users, but are encrypted to the Division of Health Studies (DHS) representatives. User access and authentication is provided through a Secure Data Network (SDN) issued digital certificate which is valid for one year from the date of receipt. Each user will be assigned a unique numeric token which will be used to access the SDN Web Server and assign user roles and privileges. SDN also requires a passphrase to access the SDN Web Server. Physical Controls: Production and test servers are stored in a server room secured by the CDC. Access tools are in place to secure entry into CDC buildings (Guards, ID Badges, Key Card, Cipher Locks, Closed Circuit TV). PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 11, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Pesticide Sample Tracking Analysis and Reporting System - (PSTARS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 27, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9623-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Othe r Identifying Number(s): No

System Name: Pesticide Sample Tracking, Analysis, and Reporting System (PSTARS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Charles Chambers

Provide an overview of the system: Pesticide Sample Tracking, Analysis, and Reporting System (PSTARS) is a form of a Lab Information Management System (LIMS). The system is non-web based and is designed to track samples from receipt through reporting. The samples are received from the National Center for Environment Health (NCEH)/Division of Laboratory Sciences (DLS) Sample Logistics section along with a printout of sample IDs. The sample IDs are then transferred to an Excel spreadsheet for importing to PSTARS. Sample IDs are associated with a Study, Lab Method, and Matrix upon import. Samples are tracked through the laboratory process in PSTARS for creating Runsheets, cleanup, creating an Excel Sequence for importing to the lab instruments, importing Excel spreadsheet result data from lab instruments, and exporting formatted results to a spreadsheet.

13. Indicate if the system is new or an existing one being modified: New

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purp ose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PSTARS does not contain IIF information. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 22, 2008 Approved for Web Publishing: Yes Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Research Data Center (RDC) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 14, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-9421-00

Privacy Act System of Records (SOR) Number: N\A

OMB Information Collection Approval Number: N\A

Other Identifying Number(s): N\A

System Name: Research Data Center (RDC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Peter Meyer

Provide an overview of the system: The National Center for Health Statistics (NCHS) Research Data Center (RDC) is a research program through which approved data users are provided access to data that are not available through NCHS public use releases. The restricted data files contain information such as lower levels of geography (state, county, or lower), but do not contain direct identifiers (name or social security number). These data elements carry no disclosure risk in isolation but can increase disclosure risk when compiled together. An example would be adding together data elements for race/ethnicity, family structure, occupation, state of residence, and sex. Using these data elements together could add to the make a Black female dentist with five children in South Dakota identifiable. On the other hand a researcher may have a legitimate question that requires the use of these elements together. An example would be estimating the prevalence of hepatitis in dentist by state and race/ethnicity. In order to reduce the risk of disclosure, access to these data is controlled through a formal proposal review committee that includes RDC staff, representatives from the program that produces the data, and the NCHS Confidentiality Officer. The committee may grant three types of access to these data: 1) Onsite, 2) Remote, and 3) Census RDC. Each of these access methods uses different types of information technology to control what data elements user can access.

The term access is very specific to the operations of the RDC. Researchers may work with the data but they are not permitted remove it from the controlled environment. When the proposed research and analysis are complete, they may take the results of their analysis away from the RDC after it undergoes a disclosure risk avoidance examination by RDC staff. No micro data or data sets are permitted to leave the RDC. Descriptions of the RDC’s three access methods follow:

On-site Access: Researchers may be provided access to sensitive data through the RDC secure laboratory on-site at NCHS. There are two labs that house stand alone computers that are not part of the CDC network and have had all of their media ports disabled. These computers are not part of any internal or external network and do not have access to Internet, email, printers or any other communication devise. When researchers arrive at the RDC they surrender cell phones, PDA’s and any other devise that could be used to copy or transmit data. When researchers have completed their analysis the results and output are subject to disclosure review by the RDC analyst assigned to the project. All approved output are then sent via email to the researcher or provided via some other form of electronic media. Printers are not used to create paper copies of analytic results created in the RDC.

Remote Access: ANDRE (Analytical Data Research by Email) is the RDC Remote Access system that supports statistical analytical requests of researchers from academic institutions and other government agencies (Federal, State, and local), etc. via Microsoft Outlook email. It authenticates users, runs a pre-analysis disclosure risk algorithms, executes analytical models, runs post-analysis disclosure risk algorithms, and provides the approved results to the researchers. Output from ANDRE is periodically flag for review by RDC staff analysts. The researchers never get to see the micro data and run their programs against a data set that they specify in their research proposal. The users only see output which is summary or aggregate measures that cannot be used to identify individuals. Email Server ANDRE Processing Computer

Census RDC Access: Researchers may access NCHS data through the Census RDC system. Data are transferred through an approved CDC Secure Data Network (SDN) which is located in a secure environment in the NCHS RDC. This is a single purpose file server that is used exclusively to link NCHS and Census. The data are transferred to the Census computing facility in Suitland, MD and then are made available to a terminal at one of the Census RDC. The data are not downloadable or printable from the remote site. The output generated by the analysis is then transferred to NCHS via the SDN and examined by RDC staff for disclosure risk. The approved output is then released to the researcher in an electronic format. This is very similar to the Onsite Access method except the access occurs in a Census RDC.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminat e and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose (s): No IIF shared or disclosed

individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A

32. Does the system host a website?: No

37. Does the website have any information or pages dir ected at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technic al, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 28, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCIPC Extramural Tracking System - (NEXT) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jun 19, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-04-00-02-0897-00-402-126

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number( s): No

System Name: NCIPC Extramural Tracking System (NEXT)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robin Forbes

Provide an overview of the system: The NCIPC Extramural Tracking System (NEXT) is a workflow system for tracking the publishing of Funding Opportunity Announcements and the award process for the CDC’s National Center for Injury Prevention and Control (NCIPC).

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: Yes

37. Does the websi te have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date : Jun 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCHS Q Bank (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-9421-00

Privacy Act System of Records (SOR) Number: 09-20-0164

OMB Information Collection Approval Number: 0920-222

Other Identifying Number(s): N\A

System Name: Q-Bank

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kristen Miller with Aaron Maitland as alternate.

Pr ovide an overview of the system: Q-Bank was designed as a unique analytical and research tool for researchers and survey professionals. It contains no personal information or personal identifiable information (no IIF is stored in Q-Bank). Q-Bank is used by, and receives data and funding from, various government agencies including The Bureau of the Census, The National Institute of Science, The National Science Foundation, The National Cancer Institute, and The Bureau of Labor Statistics, as well as CDC/NCHS. Q-Bank’s development and management is under the direction of a Project Manager, an NCHS Project Officer, and an Inter-Agency Steering Committee. While Q-Bank is in an Operational/Maintenance Phase enhancements and modifications are being made to Q-Bank at the direction of the Inter-Agency Steering Committee and the Project Officer. The Q-Bank application stores survey questions which have been tested to determine the effectiveness of the question. It also contains the Researchers final report, including findings and recommendations based upon the analysis conducted. Questions are indexed and searchable by some 26 categories and endless combinations. Common terms and a common definition of terms and formats across participating agencies were developed to ensure the integrity, common understanding, and effective categorization of the data. No answers are contained in the data. Q-Bank consists of three modules; The Q-Bank database which is hosted by NCHS, the Q-Bank GUI which is hosted in the MTDC in Atlanta, and Q-Bank Admin which is hosted in NCHS. Q-Bank was originally developed using Sybase’s database and PowerBuilder products. It was then transitioned to Microsoft SQL Server and .net products at the request of NCHS OIT. Data elements include: Survey Title Survey Year Evaluation Type Test Date Sponsor Testing Agency Universe Mode Field Mode Documentation

Global Instructions Separate Instructions Target Population Question Topic Question Type Information Type Index Status Flash Card Introductory Text Sequence Number Core Question Response Text Response Category Response Error Where Error Occurs

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/o r pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO IIF Stored in Q-Bank

Mode Field Mode Documentation Global Instructions Separate Instructions Target Population Question Topic Question Type Information Type Index Status Flash Card Introductory Text Sequence Number Core Question Response Text Response Category Response Error Where Error Occurs

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under t he age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls .: No IIF in Q-Bank PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 26, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS NCHS National Health Interview Survey (NHIS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: May 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-01-1020-02

Privacy Act System of Records (SOR) Number: 09-20-0164

OMB Information Collection Approval Number: 0920-0214

Other Identifying Number(s): N\A

System Name: National Health Interview Survey

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Anne Stratton

1960, the NCHS has had the objective of producing vital and health statistics for the United States. NCHS has legislative authority under 42 U.S.C. 242k, Section 306(b) of the Public Health Service Act to collect statistics on the extent and nature of illness and disability of the population; environmental, social and other health hazards; determinants of health; health resources; and utilization of health care. The NHIS is a multipurpose health survey conducted by NCHS in support of this legislative charge. It is the principal source of information on the health of the civilian, non-institutionalized population of the United States. Data from NHIS are used to assess agency and NCHS objectives, and initiatives such as Healthy People. Other strategic goals of NCHS are to increase the quality of the data collected and to make it more timely.

13. Indicate if the system is new or an existin g one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Ac t?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

NCHS/OAEHP for National Death Index Matching & AHRQ for MEPS sample. The customers of the NHIS are government agencies (federal, state, and local level), international, national, state and community organizations, private researchers, academia, consumer groups, companies, and health care providers. Examples of federal agencies who are recent customers include: the Centers for Medicare and Medicaid Services, the Environmental Pollution Agency, the Food and Drug Administration, General Accounting Office, National Cancer Institute, the National Institute on Aging, the National Institute for Mental Health, and the Veterans Administration. Many organizations have a vested interest in assuring the success and continuity of the NHIS. These organizations include; the Department of Health and Human Services (DHHS), the Agency for Healthcare Research and Quality (AHRQ), and others such as the Bureau of Census(BoC) and policy makers. Through partnerships with NCHS, other agencies within DHHS are able to piggyback on the NHIS infrastructure, expressing the NHIS as a significant DHHS asset. One example is the collaborative efforts between NCHS/DHIS and other DHHS agencies to collect data on topical public health subjects by fielding NHIS Supplements. The AHRQ follows up with half of the NHIS sample on its Medical Expenditure Panel Survey (MEPS). By NHIS providing the MEPS sample, AHRQ was able to save an estimated eight million dollars on its 1996 reengineering project and continues to save budget by forgoing annual listing and other sampling costs. Sharing a sample also allows for a NHIS/MEPS linkage file which enables users to link persons in the MEPS public use file to the records of the same person in the NHIS data file. This adds the broad array of NHIS information to the more specific MEPS data and allows for broad multivariate analyses. The agency shares the information with the public by posing all cleaned, edited, and de-identified data on the CDC website for public access.

There are three separate points in the NHIS collection process where we notify and obtain consent from individuals regarding the collection of information in identifiable form (IIF) and inform said participants of the usage of this IIF. First, a written advance letter is mailed to all households selected for the NHIS sample. This letter informs the potential participant that his/her participation is voluntary and that all data collected will be kept strictly confidential in accordance with the prevailing laws. The letter also informs the participant that his/her personal information will only be received by NCHS employees and contractors, the U.S. Census Bureau, and NHIS collaborators and that by law; we cannot release information that could identify the participant and participant’s family to anyone else without the participant’s consent. A copy of the 2007 NHIS Advance Letter is available upon request. Second, when the interviewer makes contact with the potential respondent, there is a standard consent protocol that the interviewer is required to follow which includes displaying the interviewer’s proper credentials and introducing his or herself as an interviewer for the department of the Census conducting the NHIS. The interviewer is then instructed to hand the respondent a copy of the Advance Letter and allow time for the respondent to read it. After the respondent has read the Advance Letter, the interviewer is then instructed to ask "Do you have any questions about anything (you have read/I have read to you) about the National Health Interview Survey?" Following this, the interviewer is to ask "Are you willing to participate in the survey?" A copy of the 2007 NHIS Interviewer Informed Consent Procedures is available upon request. Third, in the survey instrument itself, text informing the respondent about the reasons for collecting Social Security Number and Medicare Number is read prior to asking these questions. The respondent is asked specific questions asking permission to link NHIS data with data from other sources. These questions detail what the data will be used for and reiterate to the participant that answering these questions is voluntary. A copy of these linkage questions is included within the 2007 NHIS Permission to Link Questions, which is available upon request.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: In order to ensure least privilege and accountability, each user name is assigned limited access rights to files and directories at varying levels. The CD's and hard copy printouts of records are stored in locked files or offices when not in use. Technical Controls: User ID, passwords, firewall, encryption. Physical Controls: Guards, Identification badges. PIA Reviewer Approval: Promote Comment s: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden, OCISO Sign-off Date: Aug 18, 2006 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCC DPHP Pediatric Nutrition Surveillance System - (PEDNSS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 14, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 09-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: 09-37-0024

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Pediatric Nutrition Surveillance System (PedNSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Karen Dalenius

Provide an overview of the system: The PedNSS collects clinic data for children <20 years of age, primarily for children age <5 years, from state, territorial and Indian Tribal Organizations WIC program around

the country; logs incoming files and performs extensive editing on the file records; produces data quality reports detailing the results of the edits and transmits those reports back to the contributors; merges the edited data into master files in a SQL Server data warehouse; and produces and publishes statistical reports, graphics/maps based on aggregated data from the data warehouse. Locate a system overview on our website at http://www.cdc.gov/pednss. We use the term “contributor” to refer to the state and territorial health departments and Indian Tribal Organizations (ITS’s) that submit data to the PedNSS.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/ or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system shares IIF only with an original PedNSS contributor when that contributor requests copies of their cleaned and edited files. If non-contributors request PedNSS records, the following fields are stripped from the files: State and Substate, Clinic code, Date of Visit, Date of Birth and ID. If a non-contributor needs one or more of these fields on the PedNSS files, they must obtain written permission from the contributor(s) whose records they are requesting. Identifiers are almost always stripped at the request of contributors. Under FOIA requests, we cannot make sharing of data contingent upon obtaining permission from the contributor. However, FOIA does protect personal privacy interests. Data that are identifiable to a specific individual are protected from disclosure. In the event of a FOIA request for data, we strip the following identifying information from the records prior to distribution to a requesting non-contributor: Clinic Code and Identifier.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrat ive, technical, and physical controls.: Access to the PedNSS database is governed through an assigned GP-DN-ro group managed by the NCCDPHP SQL database administrator, Terrine Mathews, with input from our team. This group is limited to Data Systems and Surveillance Team members and about eight DNPAO epidemiologists and statisticians. Data team members have the ability to add and backout files from the database. The epidemiologists and statisticians access the database to download files for their research purposes. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 8, 2008 Date Published: Sep 8, 2008

06.3 HHS P IA Summary for Posting (Form) / CDC CCID NCHHSTP Division of TB Elimination Image Library - (DTBE Image Library) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: N/A

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Ap proval Number: N/A

Other Identifying Number(s): N/A

System Name: DTBE Image Library

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sara Thrift

Provide an overview of the system: A central storage and retrieval system for current and historical TB –related digital images for DTBE.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store ), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or any other information

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there p olicies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF or any other information PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 15, 2008 Date Published:Sept 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Grants Central Station System for Analysis of Intramural and Extramural Funds - (SAIEF) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 20, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: (FY08) 009-20-01-01-02-1000-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Ap proval Number: No

Other Identifying Number(s): No

System Name: GCS (Grants Central Station) Saief360

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nancy Haban

Provide an overview of the system: Saief360 is used throughout the Agency by CIO’s and Divisions to effectively manage its financial resources. The system is used to provide a common system for tracking extramural funds. Saief360’s Extramural module tracks the funding of projects using the most commonly mechanisms i.e. contracts, announcements, memorandums of agreement etc.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system col lect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please spec ify with whom and for what purpose(s): No

CAN Code

Doc no

Admin code

Announcement Name

Announcement Number

Grantee Name (organization name)

Grant Year

Budget Year

Award number

Contract no

Contract Master title

Contractor Name (company name)

Option Date

Contract Year

contract mod number

MIM No [Memoranda of Understanding (MOU), Interagency Agreements (IAG), and Memoranda of Agreement (MOA)]

-MIM title

Program

Transaction type

-CAN

Cost Center

Allowance

Project code

Budget activity

Description This application does not contain IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Brie fly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This application does not contain IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Group Event Management System - (GEMS) (Item) PIA SU MMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: May 20, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-02-9509-00 N/A

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Group Event Management System (GEMS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rashad Burgess

Provide an overview of the system: The GEMS mission is to enable the Capacity Building Branch (CBB) to reduce the manual administration of training efforts that are aimed towards increasing the capacity of health departments and community based organizations to deliver HIV prevention intervention. The GEMS web-based application will be launched from the Capacity Building Assistance Portal (CBAP) bringing together CDC employees, Capacity Building Assistance (CBA) providers, directly funded Community Based Organizations (CBO) and Health Departments to a single online gateway to access CBA resources. CBAP is located at the following web site: http://wwwdev.cdc.gov/hiv/cba/default.htm. GEMS currently consists of two functional areas: a training calendar enabling registrants to register for events and coordinators to post and un-post events, and a profile management center enabling registrants to submit business contact information to create and modify their own profiles. GEMS Training Calendar events are posted to GEMS by the Calendar Coordinator. Training is offered by the CBB Training and Development (T&D) team. This team provides logistics, instructors, and technical assistance. GEMS registrants can complete event registration requests, which are received by the system and placed on the course roster or waitlist according to programmed business rules. The system sends an email confirmation of enrollment to the registrant. The system will also provide analytical and transactional reporting. A highlight of GEMS essential system functions are as follows:

• Maintain training calendar

• Register for events

• Issue completion certificates

• Submit events

• Generate reports

• Administer the system

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Name and contact information of organization employees will be shared with Capacity Building Assistance Providers who will be conducting the class for which the person is registered.

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: System collects the business address of the organization the person is employed by and uses it to send course completion certificates after course completion. The system does not collect any personal information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirtee n?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: There is no personal information collected therefore no special security is needed. Data is stored in a SQL database which is accessible only via the application. Only those with admin rights in GEMS can access the information. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP He patitis Experimental Primate System (HEPS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-9122-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Hepatitis Experimental Primate System (HEPS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kris Krawczynski, MD, PhD

Provide an overview of the system: HEPS is a CDC Intranet web application in Experimental Pathology Laboratory (EPL), Division of Virual Hepatitis (DVH), NCHHSTP, CDC. It helps EPL technologists and supervisors to collect, manage, analyze and report animal (mainly primate) hepatitis experimental data. The information includes when and from where the animal is received at CDC, its date of retirement, basic health information, physical and physiological measurements, clinical serologies, liver function assays, In-House PCR results and sample storage info. Study protocols are documented in the online system. All the information stored in the database can be retrieved in a number of ways. The HEPS system also interfaces with the DMS to allow orders for serological testing on an animal's serum, and the retrieval of test results

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website (s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a websit e?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 5, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP HIV/AIDS Reporting - (HARS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: May 29, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-02-02-9122-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: HIV/AIDS Reporting System (HARS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses t o this PIA may be addressed: Sam Costa

Provide an overview of the system: HARS is a multipurpose surveillance system designed to monitor the total number of reported HIV/AIDS cases from public, private, and government reporting facilities. This surveillance system monitors the total number of AIDS cases reported in the 50 States, DC, six separately funded cities, US territories and possessions, and HIV cases in States that require reporting of persons with HIV (not AIDS) . The database is cumulative, containing all case reports since 1981

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through II F within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Please descri be in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Public health data only. Case reports are received from providers who voluntarily report to the local surveillance program by phone with a surveillance representative completing the case report form and from surveillance representatives who abstract medical records in hospitals and private physicians’ offices to complete the case report form. Data is either manually entered or imported into HARS at the state or local level. Data is transferred to CDC monthly through the filtering of new and updated records. The transfer process removes identifying information (IIF) from the transfers, encrypts the file using SEAL and submits to CDC through the use of the Secure Data Network (SDN) file upload procedure. CDC produces national datasets quarterly, which are used to produce the annual national HIV/AIDS surveillance report, as well as numerous other epidemiological analyses.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or gui delines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: DOB only IIF within datasets. Access to the network is controlled with standard CDC IT security policies. Additionally, datasets are secured on a secure data store with limited user rights. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 27, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Sisters Empowered Sisters Aware - (SESA) (Item) PIA SUMMARY AND APPROVAL COMB INED

PIA Summary

Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-01-02-1000-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Sisters Empowered, Sisters Aware (SESA)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lisa Kimbrough

Provide an overview of the system: Sisters Empowered, Sisters Aware (SESA) is a project designed to increase the number of African American women who know their HIV status (it is an HIV testing project). The project involves the evaluation of four HIV testing strategies designed to locate women with undiagnosed infection. The SESA data collection system is a client/server application developed in C#.NET with Microsoft SQL server 2005 as backend. The system contains client-level demographic, testing strategy, and counseling/ testing/referral (CTR) data. The system will also collect data pertaining to cost-effectiveness analysis and allow site managers to run queries and reports that summarize data associated with a specific time period.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any data base(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen? : No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 8, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting ( Form) / CDC CCID NCHHSTP STuberculosis Trials Consortium Client Server - (TBTC CS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submissio n: May 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-9122-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Tuberculosis Trials Consortium Client Server (TBTC CS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lorna Bozeman

Provide an overview of the system: The function of the application is to store study data for the clinical trials done by the TB Trials Consortium. The TB Trial consortium is a group of hospitals/research institutions/academic institutions funded by CDC to carry out trials for treating TB patients with new drugs. The applications also provide other modules which facilitate drug distribution, manage drug inventory levels and/or reorder drugs for the trial sites in a timely fashion. Some other reports like labels, patient visit schedules, patient enrollment count at different sites and reports for missing data are also generated

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through II F within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF wi ll be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 8, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCIRD Active Bacterial Core Surveillance (ABC) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9721-00

Privacy Act System of Records (SOR) Number: System does not constitute a “system of records” under the Privacy Act. Data is not retrieved by name, SSN or other unique identifier.

OMB Information Collection Approval Number: 0920-0009

Other Identifying Number(s): No

System Name: Active Bacterial Core surveillance (ABCs) Active Bacterial Core surveillance (ABCs)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carolyn Wright

Provide an overview of the system: ABCs is an active, population- and laboratory-based surveillance system conducted in ten Emerging Infections Program sites (EIPs): California, Colorado, Connecticut, Georgia, Maryland, Minnesota, New Mexico, New York, Oregon, and Tennessee. Surveillance is conducted for invasive bacterial diseases due to pathogens of public health importance. For each case of invasive disease in the study population, a case report with basic demographic information is completed and, in most cases, bacterial isolates from a normally sterile site from patients are sent for further laboratory characterization. ABCs data are used to determine the incidence and epidemiologic characteristics of invasive disease due to the pathogens under surveillance and to provide an infrastructure for further research, such as special studies aimed at identifying risk factors for disease, post-licensure evaluation of vaccine efficacy, and monitoring effectiveness of prevention policies. Data originates at the state level and aggregate, de-identified data is sent to CDC. Data are not retrieved by any unique identifier.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Aggregate data are shared in electronic form with other divisions within CDC for the purpose of generating reports and manuscripts.

individuals regarding what IIF is being collected from them and how the information will be used or shared: Notification and consent takes place at the state level. CDC receives only de-identified, aggregate data.

32. Does the system host a websi te?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls: ABCs data are stored in aggregate form on the agency’s mainframe. Access to aggregate datasets is restricted to approved CDC users. Approved users are granted read only access through the agency’s mainframe system by the database administrator. Host system security and physical controls for IT infrastructure and services are established in the Service Level Agreement between the Information Technology Services Office (ITSO) and CDC. Technical controls: user ID, passwords, firewall, intrusion detection system, common access card and smart cards. Physical controls: guards, ID badges, key cards, and close circuit TV. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 1, 2008 Date Published: Sep 8, 2008 ps

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCIRD Conference Room Scheduling System - (CRSS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Subm ission: Jul 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-02-9309-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Conference Room Scheduling System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Karron Singleton

Provide an overview of the system: The Conference Room Scheduling System is required by ITSO to schedule conference rooms and the services that are available in Conference Rooms. It is in use across the CDC enterprise.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does /Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or disc loses IIF please specify with whom and for what purpose(s): Userid associated with a conference room reservation

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Conference room scheduling information and voluntary userid for contact event coordinators

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 10, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCIRD GID Travel and Consulting Web Application - (GID Travel) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008 ?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 27, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-02-9309-00

Privacy Act System of Records (SOR) Number: N/A

OMB Inf ormation Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: GID TRAVEL

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert Avey

Provide an overview of the system: The GID Trav system collects data on prospective travel candidates for NCIRD/GID’s international travel programs including the STOP program. The site also allows GID staff to enter their travel itineraries to support the reporting requirements of CDC’s international partners

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is shared and accessible within GID for purposes of evaluating candidates for international travel.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideli nes in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Secured in SQL Server database accessible only to those with administrative access to view the data. CDC staff that enter their personal profile data may access their own data through the website. PIA Reviewer Approval: Promote Comments: PIA Reviewer Nam e: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCIRD Grants Application T racking Information System - (eGRATIS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 27, 2008

OPDIV Name: CDC

Unique P roject Identifier (UPI) Number: 009-20-04-00-02-1036-00

Privacy Act System of Records (SOR) Number: System in development

OMB Information Collection Approval Number: System in development

Other Identifying Number(s): N/A

System Name: eGrATIS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Victor Negron

Provide an overview of the system: Track immunization grants awarded to State and Local Health Departments from application through award and budget changes.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), recor d(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

inception to completion. The system generates reports, supports queries, standardizes reporting practices, and consolidates program information. What IIF collected through eGrATIS is mandatory

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: eGrATIS is to be hosted on the Secure Data Network (SDN). The front-end of the application authenticates all users using X.509 digital certificates which are provided to the front-end server upon attempted login. Transport Layer Security (TLS) protects data in transit while users access data within the application. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W.Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 22, 2008 Da te Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID AIDS Inventory (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jun 19, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9324-00

Privacy Act System of Records (SOR) Number: 09-20-0169

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: AIDS Inventory

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dollene Hemmerlein

Provide an overview of the system: System inventories 30+ years of CDC specimens collected during investigations, outbreaks, congressionally mandated studies and CDC funded studies.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (st ore), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom an d for what purpose(s): Testing labs and study investigators for results matching and use

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Data collected is decided upon by investigator as relevant to study; mostly voluntary

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: All studies receive IRB approval and contain consent forms for collection and use of data and specimens

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction o f IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All IIF is blocked from view except by authorized users and released only after permission of investigator PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Jun 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID Early Aberration Reporting System - (EARS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9721-00-110-246

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Early Aberration Reporting System (EARS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lori Hutwagner

Provide an overview of the system: The Early Aberration Reporting System (EARS) was pioneered as a method for monitoring bioterrorism during large-scale events. Various city, county, and state public health officials in the United States and abroad currently use EARS on syndromic data from emergency departments, 911 calls, physician office data, school and business absenteeism, and over-the-counter drug sales. The EARS program presents its analysis in a complete HTML Website containing tables and graphs linked through a home page. Viewing EARS output requires only a Web browser.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place wi th regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 12, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID Global Migration Databa se - (Global Migration) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 13, 2008

OPDIV Name: CDC

Unique Project Identifi er (UPI) Number: 009-20-01-02-02-9721-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Global Migration Database (Global Migration)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rob Murphy

Provide an overview of the system: The Global Migration project is an effort to gather air traffic data for modeling and analysis purposes. A data feed has been established with the Federal Aviation Administration’s (FAA) Enhanced Traffic Management System (ETMS). DGMQ receives a daily summary of flight information pulled from the archive process supported by the ETMS system. This feed is public data and available to and used by a number of commercial air traffic websites. The unique and powerful aspect of this project for CDC is the collection of the daily data feed into one large database (dataset) for statistical and situational analysis. At this point there is no user interface, the database servers as an air traffic warehouse to be accessed by statisticians, data analysts and queried for situation driven information.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hos ted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with r egard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Sr. Offici al for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 8, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED Arbovirus Diseases Branch Inventory (ADBI) (Item) P IA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-1481-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Arbovirus Diseases Branch Inventory (ADBI)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Roger Nasci

Provide an overview of the system: This is an Access Program, totally. The front end is Access and the back end is Access. The system resides on a file server in Fort Collins (fcid-vbi-1). The system stores scientific data and tracks virus seeds, antibodies, and antigens of the ADB Virus collection along with their storage location. The system increments and decrements the supply of antigen as it is used by Branch Researchers in order to flag supply for restock.

13. Indicate if the system is new or an existing one being modified: Existing

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpo se(s): N/A

Does t he system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 9, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED Division of Parasitic Diseases - (DPDx) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of th is Submission: Jun 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9523-00-110-246

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

Sys tem Name: Division of Parasitic Diseases (DPDx) Website

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dr. Alexandre J. DaSilva

Provide an overview of the system: The purpose of DPDx website is to strengthen the level of laboratorians' expertise to diagnose foodborne and other parasitic diseases. The DPDx website allows users to obtain diagnostic assistance through telediagnosis. Laboratories can transmit images to CDC and obtain answers for their inquiries in minutes to hours. This allows laboratorians to more efficiently address difficult diagnositic cases in normal or outbreak situations and to disseminate information more rapidly. In addition, this method substantially increases the interaction between CDC and public health laboratories (PHLs) as well as among the participating PHLs. To date, 42 laboratories in 39 states and 1 territory have the capacity for telediagnosis, or are in the process of acquiring the hardware to perform telediagnosis. DPDx also provides training for laboratorians.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If t he system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the w ebsite have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 18, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED DVBID Reservation System 2 - (RESSYS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 6, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-1479-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC CCID NCZ DVBID Reservation System 2 (RESSYS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Richard J. Peterson

Provide an overview of the system: The Reservation System 2 allows only Fort Collins users to reserve division assets (vehicles, laptops, peripherals) for checkout and use. System keeps historical records to track damage and/or loss.

13 . Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 5, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED Early Detection Research Network-Cervical Cancer Clinical Epidemiology and Validation Center (EDRN-CCCEVC) (Item) PIA SUMMARY AND APPRO VAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9721-00-110-246

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Early Detection Research Network-Cervical Cancer Clinical Epidemiology and Validation Center (EDRN-CCCEVC)

S ystem Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Elizabeth R. Unger PhD, MD

Provide an overview of the system: The system is an integrated database designed to create, maintain and use a biorepository of samples to discover and validate biomarkers to improve cervical cancer screening. The system includes data on clinical, epidemiologic and laboratory values that are linked to the inventory of biologic samples. No personal identifiers of any kind are included.

13. Indicate if the system is new or an existing one being modified: Existing

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

P lease describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: No IIF information is collected. System is completely anonymous and links biologic samples with patient demographics and disease status. Data will be shared with ERNE investigators seeking to develop or validate biomarkers for cervical cancer screening. It is voluntary.

Does th e system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly descr ibe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Offici al for Privacy Name: Thomas P. Madden Sign-off Date: Jul 28, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED National West Nile Surveillance System - (ArboNet) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 24, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-1480-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: National West Nile Surveillance System (ArboNet)

System Point of Contact (POC). The System POC is the p erson to whom questions about the system and the responses to this PIA may be addressed: Marc Fischer

Provide an overview of the system: National West Nile Surveillance System (Arbonet). Allows reporting of arboviral cases from the states. Can be reported through XML or through ArboNet front end.

13. Indicate if the system is new or an existing one being modified: Existing

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Doe s the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secu red on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden S ign-off Date: Jun 11, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHIS NCPHI Division of Knowledge Management Services Decision Support Framework (DKMS-DSF) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-1414-00

Privacy Act System of Records (SOR) Number : N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DKMS-DSF

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nedra Garrett

Provide an overview of the system: DKMS is developing a Decision Support Framework (DSF) of services to capture, aggregate and integrate highly relevant information into public health applications to support decision-making in various areas, such as biosurveillance. This framework will consist of a number of tools, processes and systems to support searching and filtering content using natural language processing techniques, weighting algorithms, probabilistic matching and others methods to gain the highest level of relevancy for the content areas

13. Indicate if the system is new or an existing one being modified: New

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comm ents: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 11, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER Center for Public Health Preparedness Program Activity Database - (CPHP) (Item) PIA SU MMARY AND APPROVAL COMBINED

PIA Summary *Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 29, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: 09-20-0102

OMB Information Collection Approval Number: No

Other Identifying Number(s): None

System Name: Center of Public Health Preparedeness Program Activity Database (CPHP)

System Point of Cont act (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

Provide an overview of the system: The CPHP Activity Database is an intranet-based tool that allows CPHP Project Officers to electronically view and update required activity information collected from their CPHP centers as part of continuation applications and progress reports¿. The CPHP Activity Database includes program information for the respective budget periods. Activities are designated within the database as either Program Activities (education and training, partner-requested, or supportive) or Network Activities.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the s ystem collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The IIF contained in the system is made available to all program officers within the CPHP program. The application can also be accessed by anyone with access to the CDC intranet.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there polic ies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Standard procedures to secure SQL databases within the shared hosting environment will be used to secure information. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 22, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER COTPER Calendar (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 16, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: NO

OMB Information Collection Approval Number: NO

Other Identif ying Number(s): NO

System Name: COTPER Calendar

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

Provide an overview of the system: The COTPER Calendar is an ASP application running on a SQL server database, developed to help identify and share key programmatic events and activities from across divisions and the agency. The COTPER Calendar allows anyone behind the CDC firewall to enter an event, but only events approved by the COTPER Calendar content approvers will appear.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with re gard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NO PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER Vacancy Action Tracking System - (CVATS) ( Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 21, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: COTPER Vacancy Action Tracking System - (CVATS)

System Point of Contact (POC). The Syste m POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

Provide an overview of the system: COTPER Vacancy Action Tracking System (CVATS) is an ASP application running on a SQL server database, developed to track personnel vacancies in all COTPER Divisions, with drop-down action statuses to delineate the status of the current vacancy. CVATS was requested to track vacancies accurately and in one location and their current status within COTPER, eliminating difficult to maintain spreadsheets. Additionally, CVATS maintains a history of prior actions on each specific vacancy, along with tracking the days the action was in each status.

13. Indicate if the system is new or an existing one being modif ied: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

Please de scribe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: None

Does the system host a website?: Yes

37. Does the website have any information or pages d irected at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, techn ical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Mar 28, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER Sensaphone (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submissi on: Jun 19, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Sensaphone

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gary Nakashian

Provide an overview of the system: The Sensaphone is used by the Division of Strategic National Stockpile (DSNS) to measure and monitor the temperature specified by the manufacture of stored product as a safe storage temperature. The purpose behind this system is to allow the assets to be in the federal Shelf Life Extension Program (SLEP), increasing the effective shelf life of the materiel. This monitoring system ensures the SNS Program staff is able to ensure that conditions of materiel comply with SLEP guidelines. The system architecture contains a program called S2050 that polls data off of Sensaphone units by dialing into them using analog modems, and then downloads the data into a Borland Interbase database managed by SNS system administrators. The data can only be viewed by authorized personnel.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NO PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC Fellowship Management System (FMS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Aug 27, 2008

2. OPDIV Name : CDC

3. Unique Project Identifier (UPI) Number: Component of CDC PH Communications for Workforce & Career Development (system UID # 1310)

4. Privacy Act System of Records (SOR) Number: SORN 09-20-0112: Fellowship Program and Guest Researcher Records

5. OMB Information Collection Approval Number: 0920-0765

6. Other Identifying Number(s): NO

7. System Name: Fellowship Management System (FMS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Elinor Greene

Provide an overview of the system: The Fellowship Management System will allow applicants to apply to CDC fellowships on-line and will track fellowship alumni in one integrated database. The target audience consists of professionals in public health, epidemiology, medicine, economics, information science, veterinary medicine, nursing, pharmacy, public policy and related professions, and medical, veterinary, and graduate students. Applicants choosing to apply to one or more CDC fellowship(s) will enter their information once and alumni who choose to participate in the alumni directory will have the option of providing updates to information that has changed. Information about alumni who provide consent will be included in standard downloadable reports including the alumni directory. Alumni will use the directory to facilitate networking, per their request. CDC will use the information collected for processing application data, selection of qualified candidates, maintaining a current alumni database, documenting the impact of the fellowships, and generating reports.

13. Indicate if the system is n ew or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): -- Present or Past applicants (they can only access their own information for verification/correction of their own data). -- CDC/OD/OWCD Fellowship Administrators (for processing application data, selection of qualified candidates, maintaining a current alumni database, documenting the impact of the fellowships, and generating reports). -- Fellowship alumni (can only access electronically their own information for data verification and/or correction of their own records). -- Fellowship alumni will have access to standard downloadable reports including the alumni directory. The purpose of sharing this information is to facilitate networking among the alumni (per their request). Alumni must provide consent to allow their information to be included in the directory. Only the names and fellowship year, information already in the public domain, will be included for alumni who opt out of sharing their information.

IF is in the system by email asking them to log on to the system to provide electronic consent as appropriate. The EIS Bulletin will also include an announcement of notification and request alumni to log on to the system to provide electronic consent as appropriate. Individuals will be notified as to what IIF is being collected from them and how the information will be used or shared when they first log into the system as an applicant or an alumnus and every time they log onto the system thereafter. Alumni will provide electronic consent before they can enter their own data and they will always have the option of retracting their consent.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin.: Access only by applicants to their own records, access only by alumni to their own records, or by CDC/OD/OWCD Administrators to all records. Technical: Located in DMZ, encryption of passwords. Physical: Mid-tier Data Center under ITSO controls. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 15, 2008 Date Published:Sept 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC Goals Tracking System - (GTS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9224-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Numbe r: N/A

Other Identifying Number(s): N/A

System Name: Goals Tracking System (GTS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Apoorva Patel

Provide an overview of the system: System provides Global Immunization Division with the ability to track activities by location, staff member, team and date. Each activity can be connected to a division product, objective and strategic goal and reports can be created showing goals to activities.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Information is shared with other users to allow users to assign staff members to division activities.

System provides Global Immunization Division with the ability to track activities by location, staff member, team and date. Each activity can be connected to a division product, objective and strategic goal and reports can be created showing goals to activities.

31. Please desc ribe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Electronic consent will be sent out to all individuals with IIFs in the system.

32. Does the syste m host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access only via internal network. Users file has 256-bit encryption. Building is secured to CDC staff members only. PIA Reviewe r Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 9, 2008 Date Published:Sept 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NCCDPHP Pregnancy Nutrition Surveillance System

- (PNSS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary *Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 09-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: 09-37-0024

OMB Information Collection Approval Number: n/a

Other Identifying Number(s ): n/a

System Name: Pregnancy Nutrition Surveillance System (PNSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Karen Dalenius

Provide an overview of the system: The PNSS collects clinic data for pregnant and postpartum women, and their newborn infants, from state, territorial and Indian Tribal Organizations WIC and MCH programs around the country; logs incoming files and performs extensive editing on the file records; produces data quality reports detailing the results of the edits and transmits those reports back to the contributors; merges the edited data into master files in a SQL Server data warehouse; and produces and publishes statistical reports, graphics/maps based on aggregated data from the data warehouse. Locate a system overview on our website at http://www.cdc.gov/pednss. We use the term “contributor” to refer to the state and territorial health departments and Indian Tribal Organizations (ITO's) that submit data to the PNSS.

13. Indicate if the system is new or an existing one being modified: Existing

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system shares IIF only with an original PNSS contributor when that contributor requests copies of their cleaned and edited files. If non-contributors request PNSS records, the following fields are stripped from national files: State and sub-state (or randomly assigned 3 character codes are assigned), Clinic Code, Initial Visit Date, Woman's Date of Birth, Woman's Alphanumeric ID (Mother's numeric ID and Mother's Alpha-ID on pre-2004 CDC PNSS master files), and Infant Alphanumeric ID (Infant's Numeric ID and Infant's Alpha-ID on pre-2004 CDC PNSS master files). Date interval fields on the PNSS master file are also assigned a random number added to or subtracted from them. A different random number is generated for each record. If a non-contributor needs one or more of these fields on a national PNSS file or they want individual contributors files, they must obtain written permission from the contributor(s) whose records they are requesting. Identifiers are almost always stripped at the request of contributors. Under FOIA requests, we cannot make sharing of data contingent upon obtaining permission from the contributor. However, FOIA does protect personal privacy interests. Data that are identifiable to a specific individual are protected from disclosure. In the event of a FOIA request for data, we strip the following identifying information from the records prior to distribution to a requesting non-contributor: Clinic Code and Identifier.

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The following critical and core fields are currently populated on most PNSS records and/or have been populated on PNSS records in the past: State Code, Substate Code, Clinic Code, County Code, Source of Data, Completion Code, Initial Date of Visit, Postpartum (PP) Date of Visit, Woman’s Alphanumeric Identifier, Woman’s Date of Birth, Race/Ethnicity, Household Size, Household Income, Date of Last Menstrual Period, Expected Date of Delivery, Height of Woman, Prepregnancy Weight, Weight of Woman-Prenatal Visit, Weight of Woman-PP Visit, Positive or Negative Weight Gain, Total Weight Gain, Hemoglobin-Prenatal Visit, Hemoglobin-PP Visit, Hematocrit-Prenatal Visit, Hematocrit-PP Visit, Parity, Date Last Pregnancy Ended, Medical Care Began, Date Enrolled in WIC, Cigarettes/Day-3 Months Prior to Pregnancy, Cigarettes/Day-Prenatal Visit, Cigarettes/Day-Last 3 Months of Pregnancy, Cigarettes/Day-PP Visit, Drinks/Week-3 Months Prior to Pregnancy, Drinks/Week-Last 3 Months of Pregnancy, Infant Identifier-Alphanumeric, Infant’s Date of Birth, Number of Infants, Born Alive or Dead, and Infant’s Birthweight. The following supplemental fields are currently populated on some PNSS records and/or have been populated on PNSS records in the past: Zip Code, Migrant Status, WIC/Food Stamp/Medicaid/TANF Participation, Date of Hemoglobin/Hematocrit Measure-Prenatal Visit, Date of Hemoglobin/Hematocrit Measure-PP Visit, Gestational Diabetes-PP Visit, Hypertension During Pregnancy-PP Visit, Multivitamin Consumption Prior to Pregnancy, Multivitamin Consumption During Pregnancy, Household Smoking-Prenatal Visit, Household Smoking-PP Visit, Currently Breastfed, Ever Breastfed, Infant Sequence Number, Alive or Dead-PP Visit, Infant Sex, Formula Use, Marital Status, Smoking Changes During Pregnancy-Prenatal Visit, Smoking Changes During Pregnancy-PP Visit, Previous Pregnancies, Drinks/Day and Drink Days/Week-Prenatal Visit, and Drinks/Day and Drink Days/Week-PP Visit. CDC uses this information to monitor trends in the prevalence of prenatal risk factors which are major predictors of low birthweight, and to provide summary data to contributors to assess coverage, targeting, and effectiveness of maternal health programs. DNPAO epidemiologists and statisticians a) create and manage cohorts of women for PNSS longitudinal analyses and b) link PNSS records to Pediatric Nutrition Surveillance (PedNSS) records in reference to identifiers.

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: PNSS records are submitted by state, territorial, and Indian Tribal Organization WIC programs and state maternal health programs, all of which require informed consents to be signed by participants upon program enrollment.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policie s or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to the PNSS database is governed through an assigned GP-DN-ro group

managed by the NCCDPHP SQL database administrator, Terrine Mathews, with input from our team. This group is limited to Data Systems and Surveillance Team members and about eight DNPAO epidemiologists and statisticians. Data team members have the ability to add and backout files from the database. The epidemiologists and statisticians access the database to download files for their research purposes. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 11, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NCIRD Registry Sentinel Project (Sentinel) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 01-04-02-9322-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: NCIRD Registry Sentinel Project (Sentinel)

System Point of Contact (POC). The System POC is the pe rson to whom questions about the system and the responses to this PIA may be addressed: Dianna Bartlett

Provide an overview of the system: To understand changing patterns of acceptance of immunization soon enough to properly respond, the public health community requires an instrument that can monitor the public’s response to events in a timely manner. NCIRD Sentinel Sites report aggregate immunization coverage data to NCIRD on a quarterly basis through a web-based data entry system. The data are stored in a SQL Server database from which standardized charts are generated for review by the CDC Data Manager. The system contains business contact information (name, phone and fax numbers and email address) of the state health department employee who does the data entry. All other data provided by the sentinel sites do not contain IIF.

13. Indicate if the system is new or an existing one b eing modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

IIF collected is business contact information (name, phone and fax numbers and email address) of the reporter who is doing the data entry. All other data provided by the sentinel sites do not contain IIF. Participation by sentinel sites is voluntary.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the sy stem using administrative, technical, and physical controls.: Administrative controls: IIF data are backed up daily and copies stored in a separate facility. Technical controls: Access to the data is controlled by user ID and password in addition to the user ID and password needed to access the network. Physical controls include security guards, ID badges, cardkeys and cipher locks. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comme nts: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 1, 2008 Date Published:Sept 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NCPHI NCHS National Death Index - (NDI) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: N/A

Privacy Act System of Records (SOR) Number: 09-20-0166

OMB Information Collection Approval Number: 0920-0215

Other Identifying Number(s): N/A

System Name: NATIONAL DEATH INDEX

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: ROBERT BILGRAD

Provide an overview of the system: The National Death Index (NDI) is a file of identifying death record information for all U.S. deaths occurring since 1979. This computer-matching service assists health researchers in determining whether specific study subjects have died, and if so, provides researchers with the states and dates of death and death certificate numbers. The NDI Plus service also provides the cause of death codes derived from the decedents' death certificates. Since 1982 the NDI has performed over 4,000 searches involving over 50 million records submitted by researchers involved in a wide variety of activities -- including clinical trials, post-marketing drug surveillance, occupational health studies, cancer and other disease registries, and longitudinal studies involving large population groups.

13. Indicate if the system is new or an existing one being modified: Existing

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system confirms the fact of death for health researchers’ study subjects and releases the date of death, state of death and death certificate number.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to th e retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Data is secured on the CDC mainframe with access restricted to only those NCHS programmers involved in maintaining and using the system. Data released to approved health researchers are encrypted on a CD, are password protected, and are sent to researchers only via Fedex. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 8, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO CPIC Enterprise Systems Catalog - (ESC) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary *Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Sub mission: Jun 19, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-02-0877-00

Privacy Act System of Records (SOR) Number: 09-90-0024

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Enterprise Systems Catalog (ESC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sandra McGill

Provide an overview of the system: The system is used by CDC’s CPIC office to address the responsibilities assigned to the CDC under HHS and Federal Guidelines for IT Capital Planning and Investment Control. All active CDC IT investments that store, analyze, process, manage, distribute, and/or provide access to electronic information are entered into ESC and this information is used by the CDC to accurately report and categorize IT spending.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses II F please specify with whom and for what purpose(s): ESC is available for stewards and system owners to see the Capital Planning Investment information and security information for their system. It lists the first and last name of the individual stewards (security, technical, business) if there are any questions/issues surround that system.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: New users must have approval of the business stewards to view capital planning data. All CDC users have ready-only access to system overview screens that displays other usernames that are assigned to business, data, security or data steward roles. User access privileges are revoked when a user leaves the CDC or a user no longer requires access to the system. Technical Controls: User access to IIF is role based. Physical Controls: IIS and SQL servers secured in ITSO facility at the CDC Roybal Campus in Atlanta. PIA Review er Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Multi User Share Tool - (MUST) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 24, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: No

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Multi-User Share Tool(MUST)

System Point of Contact (PO C). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wayne Knight

Provide an overview of the system: MUST provide the ability of Active Directory Member Group Data Stewards to manage user access to specified file shares in the CDC domain. The system will provide a quicker turn around time for the CDC User (customer) and eliminate having to impact multiple technicians throughout the infrastructure to make modifications to AD groups.

13. Ind icate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Please descri be in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No IIF is collected, disseminated, or maintained in the system.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF wil l be secured on the system using administrative, technical, and physical controls.: No Information in Identifiable Form is collected or transmitted. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approva l: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 10, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO Managing Accounting Credit Card System (MACCS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 27, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-1262-00-405-143

Privacy Act System of Records (SOR) Number: 09-90-0024

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Managing Accounting Credit Card System (MACCS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Teresa Kinley

Provide an overview of the system: MACCS was developed by Starry Associates, Inc., as a Commercial Off-the-Shelf (COTS) software package in response to Federal Government needs in the area of Purchase (Credit) Card management. It helps to support the GSA SmartPay VISA Purchase Card program that is administered at CDC by the Procurement & Grants Office (PGO). MACCS is a web-based software solution that automates the logging, tracking, and obligation of credit card transactions. Each business day, MACCS receives credit card transaction records from US Bank via secure FTP. And each business day, MACCS sends obligation records to UFMS for those transactions that are matched and registered against purchases logged into MACCS by users (cardholders and approvers). Once a month, MACCS receives an invoice file from US Bank and reconciles this monthly summary with the daily transactions from the previous month. This function is used by FMO Accounts Payable in determining if the invoice from US Bank is accurate. The MACCS project at CDC is a shared venture between FMO, PGO, and MISO.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the syste m subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): MACCS discloses the names of CDC VISA credit card holders and their CDC VISA credit card numbers. In addition, MACCS discloses the names of merchants for CDC VISA transactions, and in the case of VISA check transactions, the merchants’ addresses and their taxpayer identification numbers. This is available to only authorized personnel within CDC for the purpose of financial management of federal credit card purchases. Card numbers are masked (except for the last 5 digits) to all users except administrators.

Please describe in deta il any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No data uses have changed since the notice at the time of the original collection. Any changes to the system would be driven by the needs of the GSA SmartPay VISA Purchase Card program administered at CDC by PGO. The program administrator at CDC/PGO notifies all program participants and MACCS users of program changes, and their related impact to MACCS.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly descr ibe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Only authorized users have access to the system. Password protection to the system is in place. Credit card numbers are masked (except for last 5 digits). PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments:

Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 9, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Content Management System - (CMS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 19, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1508

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Content Management

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This system provides a proactive method to remind content providers to perform timely reviews of their content for quality and accuracy.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass th rough IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system ho st a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in det ail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Priv acy Name: Thomas P. Madden Sign-off Date: Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Federal Advisory Committee Management - (FACM) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 20, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: 09-90-0059

OMB Inf ormation Collection Approval Number: No

Other Identifying Number(s): No

System Name: Federal Advisory

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This system is a record of Federal Advisory committees to use in submitting federal register notices and completing member conflicts of interest.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Federal Advisory Committee Management

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Limited full access to database – provided only to the team in MASO PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approv al: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Mailstop - (MS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 19, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1507

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Mailstop

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Mailstop System is an informational sytem that stores the mailstops of all the CDC locations..This is a intranet-based application used to maintain CDC Mailstop Data.

13. Indicate if the system is n ew or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: Yes

37. Does the website have any information o r pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrati ve, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Date Published:Sept 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Print Tracking System (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of th is Submission: Sep 19, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 1514

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Print Tracking

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Print Tracking system allow end users to enter requests into the system. It allows customer to check the status of their jobs and get cost information. It allows the print specialist to write a specification to check the status on the job and to record the delivery information and return of materials. It also allows the Printing Office to resport to FMO on fund obligation.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through II F within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No PRINT TRACKING Does Not Collect or Share IIF

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen ?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PRINT TRACKING Does Not Collect or Share IIF PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Date Published: Sep 8, 2008

06.3 H HS PIA Summary for Posting (Form) / CDC OCOO MISO Electronic Data Exchange - (EDI) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this S ubmission: May 27, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-09-02-0984-00

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Electronic Data Interchange

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Michael Lukiart

Provide an overview of the system: The function of the EDI system is to convert mainframe flat files to ANSI X-12 edi files and the reverse, (X-12 to flat files). The system pulls Order files (flat) from the mainframe via FTP, converts the files to X-12 format, and pushes them to the Value Added Network (VAN) via FTP. The system then pulls X-12 Invoice files from the VAN via FTP, converts them to flat (mainframe) files, and pushes them to the mainframe via FTP.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Wil l the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen? : No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NO PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 22, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MISO Labware (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 27, 2008

O PDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-01-02-1170-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Labware

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Angela Cox

Provide an overview of the system: Labware is a laboratory supply catalog application. It is used by laboratory workers to order products from a catalog that have been purchased and inventoried by CCID. Additionally, the labware application will also keep track of the quantities that are ordered; a report can be generated showing dollar amounts being ordered each from division and the application can keep track of orders and total costs of orders and fill the order for the requesting lab.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines i n place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Nam e: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 22, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MISO Web Services Logger - (WSLogger) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-0984-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Web Services Logger (WSLogger)

9. Syst em Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sandy Chapman

10. Provide an overview of the system: WSLogger is a component that can be attached to any MISO web service to transparently begin capturing utilization information about that web service. The Component registers usage and benchmark information into the SQL database for management reporting. Information captured is limited to few data elements such as User-ID of caller, date and time, name of the web service, elapsed time, and name of the method.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO

Does the system host a website?: No

37. Does the website have any infor mation or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using admi nistrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 9, 2008 Dat e Published:Sept 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO OSEP HHS Identity (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Da te of this Submission: May 16, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-00-02-00-02-0030-00

Privacy Act System of Records (SOR) Number: HHS 09-90-0020

OMB Information Collection Approval Number: 3206-0005, SF-85, SF-86 (?)

Other Identifying Number(s): GS-35F-0306J (FISMA ID), I-9 form 1615-0047, Declaration for Federal Employment 3206-0182 (?)

System Name: OS ASRT HHS Identity Management System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ken Calabrese

10. Provide an overview of the system: This system will produce the new ID badge for all HHS employees and contractors across all HHS Operating Divisions

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): HHS will use the information on the card and may use some of the stored information when person accesses federal facilities, computers, applications, or data to prove person's identity and right of access.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in p lace with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The database and individual OPDIV feeder servers are located within secured buildings. Different degrees of security have been implemented at all location, with some including Biometrics and Closed Circuit TV. Technical controls which minimize the possibility of unauthorized access, use, or dissemination of the data in the system are also in place. These include: user identification, firewalls, VPN, encryption, Intrusion Detection System and Common Access Cards. Guards, ID Badges and Key cards further ensure IIF will be secure. PIA Reviewer Approval: Promote Comm ents: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. madden Sign-off Date: May 16, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD ITSO WAN Video Conferencing System - (ENVISION) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Jan 28, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-01-1152-00-404-139

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: ENVISION

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joe Jackson

Provide an overview of the system: The ENVISION System provides video conferencing capabilities to employees at various points across the CDC Campuses. The core component of this system is the Multipoint Control Unit (MCU) which controls and manages multiple endpoints to participate in a video conference by providing protocol, data rate, and communication path matching/bridging. ENVISION is the Video Teleconferencing (VTC) system. The MCU and the endpoints are the VTC system, much the same as your telephone and a Private Branch Exchange (PBX) make up a phone system.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO IIF COLLECTED

Does the system hos t a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in deta il how the IIF will be secured on the system using administrative, technical, and physical controls.: NO IIF COLLECTED PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Of ficial for Privacy Name: Thomas P. Madden Sign-off Date: Jul 25, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD MASO Information Quality - (IQ) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new P IA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Mar 28, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 875

Privacy Act System of Records (SOR) Number: N/A

OMB Information Colle ction Approval Number: No

Other Identifying Number(s): No

System Name: INFORMATION QUALITY

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This system allows the public to send in requests or complaints regarding dissemination of information from the government. It allows. The public to voice their opinion or complain. This system was mandated by congress – called the Son of Shelby – Public Law 106-554, Section

515.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A INFORMATION QUALITY Does Not collect or share IIF

Does the system host a website?: Yes

37. Does the website have any information or pages directed a t children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No INFORMATION QUALITY Does Not collect or share IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign- off Date: Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD MASO Internal Controls Program - (ICP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1506

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection A pproval Number: No

Other Identifying Number(s): No

System Name: Internal Controls Program

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This system will implement the A-123 program and serve as a repository of documentation of program functions.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there poli cies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comme nts: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Mar 28, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD MASO Offic e Automation Tracking System (OATS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1394

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: OFFICE AUTOMATION

System Point of Contact (POC). The Sys tem POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This system tracks workload of office automation tasks. It has reporting functions for management. It will allow the customers or employees enter the task and the task is routed to the designated person. The individual will perform the task and close the ticket..

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or d iscloses IIF please specify with whom and for what purpose(s): N/A OFFICE AUTOMATION does not collect or store IIF

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A OFFICE AUTOMATION does not collect or store IIF PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCOO_National Antimicrobial Resistance Monitoring System_Umbrella_NARMS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Jan 19, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-1481-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Othe r Identifying Number(s): No

System Name: National Antimicrobial Resistance Monitoring System (NARMS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tom Chiller

Provide an overview of the system: National Antimicrobial Resistance Monitoring System (NARMS) was developed as an interagency collaboration between the Food and Drug Administration (FDA), United States Department of Agriculture (USDA), and the CDC. The project successfully developed NARMS versions in each of the divisions of government. NARMS is used to test human, animal, and meat isolates for resistance to clinically important veterinary and human antibiotics. The CDC portion of NARMS performs antimicrobial resistance testing on isolates for selected food borne pathogens (Salmonella, Shigella, Campylobacter, Listeria, Non-cholera Vibrio, non-commensal Enterococcus) originating from and speciated by state/local health laboratories. NARMS analyzes the resistance data for trends and publishes public reports summarizing trends/key concepts in antimicrobial resistance. These findings are used for such purposes as: expanding the worldwide public knowledge of appropriate use of antibiotics; identifying emerging resistance mechanisms in important food borne pathogens; providing supporting data for regulatory approval/denial of use of antimicrobials in agriculture, and for clinical use in humans. Each division of government maintains its own NARMS data and systems and there is no connectivity between divisions.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by thi s system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF data is restricted to users of the NARMS system.

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: None

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to the NARMS system is controlled by active directory within the CDC network only. PIA Reviewer Approval: Promote Comments : PIA Reviewer Name: Alice Brown Sr. Official for Privacy Approval: Promote

Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD OES Issue Tracking (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 8, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-1425-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Issues Tracking System

System Point of Contact (POC). The System POC is the per son to whom questions about the system and the responses to this PIA may be addressed: Alioune Thiam

Provide an overview of the system: This application helps log and track issues for the Office of the Executive Secretariat (OES). It allows OES employees to record the subject matter of each issue, the Centers and Coordinating Centers to which the issue is routed, and the actions taken to solve the issue. The data is collected and used for an Executive Leadership Board (ELB) report. OES is responsible for managing high level issues involving the CDC. The issues are initiated when the public, Congress, etc. requests clarification on matters directly or indirectly related to the CDC. When received, a request is logged in the ITS, assigned a subject, routed to different Centers and Coordinating Centers, categorized and sent to the appropriate person who needs to handle it. Actions that document the steps taken to resolve the issue are also entered into ITS. Information from ITS is used to generate reports that are distributed to the ELB (Executive Leadership Board) for discussion during their meetings.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass thro ugh IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF in system.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF in system. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Date Published: Sep 8, 2008

06.3 HHS PIA Summa ry for Posting (Form) / CDC SDMB NCHHSTP Sexually Transmitted Disease Network - (STDNet) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of th is Submission: May 21, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9521-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Sexually Transmitted Disease Net (STDNet)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Melinda Flock

Provide an overview of the system: STDNet takes STD surveillance data that is reported through the National Electronic Telecommunications System for Surveillance (NETSS) maintained by NCPHI. STDNet provides menu driven access to the STD surveillance data for analysis and reporting. The STDNet application provides users an interface where, for example, they can query a disease by demographics, time and geographic location among other things (e.g., total number of syphilis cases by race, sex for Georgia in 2006). It provides users the ability to produce reports and graphs without having to know mainframe SAS. The STD surveillance data are used for monitoring the epidemic of certain national notifiable sexually transmitted diseases.

13. Indicate if the system is new or an existing one being modified: New

21. I s the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32 . Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comme nts: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 19, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC Training and Continuing Education Online (TCEOnline) (Item) PIA SUMMARY AND APPROVAL COMBINE D

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Aug 27, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: Component of CDC PH Communications for Workforce & Career Development (system UID # 1310)

Privacy Act System of Records (SOR) Number: Pending

OMB Information Collection Approval Number: 0920-0017 exp. 3/31/2010

Other Identifying Number(s): NO

System Name: Training and Continuing Education Online (TCEO or TCEOnline, former PHTNonline)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nancy Gathany (NTC1) [alternate Gary Armstrong (GMA1)]

Provide an overview of the system: TCEO system allows health professionals to register and complete requirements to receive continuing education credits. Participants access only their own records. It is a web-based registration system offering continuing education that addresses core competencies, public health issues, public health preparedness and timely updates via distance education and live training events. TCEO includes the following learner support features for participants: -Technical support through the toll-free 800 number, email box, and on-line information -Ability to select a downlink site for the satellite broadcast -Registration for the training event -Access to the standard course evaluation and exam online -Ability to view and print transcript and continuing education certificate TCEO also allows downlink site administration staff to identify and register downlink sites and monitor participant registration.

13. Indicate if the system is new or an existing one being modifie d: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Participants can access only their own records (for data entry and updates), while only CDC/OD/OWCD

Administrators can access login information and reset passwords and view participant contact information (for administration and coordination).

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Admin.: Access only by participants to their own records, or by CDC/OD/OWCD Administrators can access login information and reset passwords and view participant contact information. Technical: Located in DMZ, passwords are encrypted. Physical: Mid-tier Data Center under ITSO controls. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Com ments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 15, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / Etiological Agent Import Permit System (EAIP) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: May 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: 09-20-0170

OMB Information Collection Approval Number: 0920-0199

Other Identifying Number(s): NO

System Name: Etiological Agent Import Permit System (EAIP)

System Point of Contact (POC). The System PO C is the person to whom questions about the system and the responses to this PIA may be addressed: Barry Copeland

Provide an overview of the system: The Public Health Service Foreign Quarantine regulations (42 CFR 71.54) govern the importation, or subsequent distribution by transfer within the United States, of any etiologic agents, hosts, or vectors of human disease. A permit issued by the CDC, Etiologic Agent Import Permit Program is required for such importations or distributions. The system tracks and issues permits for the international importation of etiologic agents that could be used for bioterrorism purposes. A stand alone desktop pc system that issues and tracks import permits for select agents.

13. Indicate if the system is new or an exist ing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Division of Quarantine, and any federal agency that needs the data

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All controls mandated for a HIGH FIPS 199 system are implemented. The system and supporting paper documents are located within secure spaces compliant with Defense Security Services (DSS) standards. All personnel with access to the data will have current DoD Secret level clearances (or equivalent). PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr . Official for Privacy Name: Thomas P. Madden Sign-off Date: May 12, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / MCTA Contracts (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 23, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1510

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Nu mber: No

Other Identifying Number(s): No

System Name: MCTA Contract

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Management Consultation and Technical Assistance contract tracks all task orders from pre-award to post award. It also provides reports to management. This system will not change in the future.

13. Indicate if th e system is new or an existing one being modified: Existing

21. Is the sys tem subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

06.3 HHS PIA Summary for Posting (Form) / PWS-AT (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 19, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1516

Privacy Act System of Records (SOR) Number: No

OMB Information Collection A pproval Number: No

Other Identifying Number(s): No

System Name: PWS/AT Change Request

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Performance Work Statement/Agency Tender (PWS/AT) Change Request System is an electronic navigational tool to aid Most Efficient Organization (MEO) project officers and program managers through the process of documenting growth and/or reductions of a MEO. This system allows for all changes and supporting justification to be documented and approved electronically. The system expedites the review and approval process and also facilitates centralized records management for the MEO Implementation Advisor and the CDC Contract Officer.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), rec ord(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Br iefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date:

Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / Signature Log (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Signature Log

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: Signature Log keeps track of all documents signed by the MASO director, as well as those documents presented to but not signed by the MASO director. The system also stores downloadable copies of the signed documents.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Please describe in detail any proc esses in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under t he age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments : Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 12, 2008 Date Published: Sep 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DVH NCHHSTP Hepatitis Reference Laboratory Data Management System (HRL DMS) (Item) PIA SUMMARY AND APPR OVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Oct 29, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (S OR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Hepatitis Reference Laboratory Data Management System (HRL DMS)

System Point of Contact (POC). The System POC is the person to whom questio ns about the system and the responses to this PIA may be addressed: Saleem Kamilli PhD

Provide an overview of the system: The Data Management System is a lab information system in the Hepatitis Reference Laboratory, DVH, NCHHSTP, CDC. It collects, analyzes, stores and report test results in the lab. The system implements the data processing rules from various venders for each analytes of different hepastitis viruses, and uses quality control algorithms to ensure the data are sound. Lab technicians log samples, enter results to the system; lab supervisors configure the testing methods and manages user accounts; epidemiologists can pull reports from the system and get email notification when results are ready.

13. Indicate if the system is new or an existi ng one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or disclo ses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No E-Authentication Assurance Level = N/A Risk Analysis Date = 07/16/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name:

Thomas P Madden Sign-off Date: Nov 3, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Sum mary for Posting (Form) / CDC OEC DIMES Executive Control Correspondence (ECC) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 5, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: 09-20-0055

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Executive Control Correspondence (ECC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cynthia Clark

Provide an overview of the system: Users will use Executive Control Correspondence (ECC) to import electronic documents/files into a workflow, and index them with data and route for review and processing. It will be used to convert paper documents sent to the CDC Directors office into an electronic format. They are placed into electronic folders, and routed via a workflow engine to the appropriate centers for review and response. The response document is then printed signed and returned to the requester. A copy of the folder and contents is saved by the system.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): DIMES is responsible for dissemination and tracking of the information. Shared with all CDC Divisions. Sharing in order to craft a response to the correspondence that has come in.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: DBA – controls database, system admin controls the electronic files, UserID and Passwords. Documents are not stored in a database. They are stored on a file server. Network and security controls for the web servers and databases are in place as well as network security monitoring and security audits. The system is only available on the intranet, mitigating the exposure outside the firewall. Access to the system and to specific information is controlled using Windows Integrated Authentication so users have to have a valid and active network profile before they are allowed system access. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles, OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 6, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

Nov 28, 2008 Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC CCHIS mobile.cdc.gov (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Subm ission: Sep 17, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-02-02-9321-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CCHIS mobile.cdc.gov

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Scott Mullins

Provide an overview of the system: Mobile.cdc.gov is a Dot Net 2.0 application that refocuses publically available content for use and access on mobile devices. This application is hosted on the worldwide wireless network (WWWN) and converts existing CDC.Gov pages, via a WAP protocol, upon users entering the URL from a mobile browser. There is no active authentication protocol in place as all media and informational content is updated via CDC.Gov.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will th e system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secure d on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden S ign-off Date: Sep 10, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER QPR (QPR) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 3, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collect ion Approval Number: No

Other Identifying Number(s): No

System Name: QPR (QPR)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

Provide an overview of the system: QPR is a COTS application which helps COTPER track progress against its organizational excellence assessment (OEA) measures and initiatives.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system sh ares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DLS NCEH Dioxin and Persistent Organic Pollutants Laboratory (DOXPOP) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Oct 30, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Dioxin and Persistent Organic Pollutants Laboratory (DOXPOP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cheryl McClure

Provide an overview of the syste m: In the Dioxin and Persistent Organic Pollutants Laboratory (DOXPOP)s laboratory Dioxin and Persistent Organic Pollutants are measured in serum, plasma, breast milk, or adipose tissue and a comparison of relative response factors generated using isotopically labeled and

known native standard concentrations yields individual analyte concentrations with detection limits in the low parts per quadrillion range

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the syste m collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not contain IIF.

Please describe in detail any processe s in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: The system does not contain IIF.

Does the system host a website?: No

37. Does the website have any information or pages di rected at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, a nd physical controls.: The system does not contain IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 30, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC Influenza Sentinel Provider Surveillance Network (ISPSN) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 3, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9721-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: 0920-0004

Other Identifying Number(s): No

System Name: Influenza Sentinel Provider Surveillance Network

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lynnette Brammer

Provide an overview of the system: Approximately 2400 physician around the country report each week the total number of patients seen and the number of those patients with influenza-like illness by age group.

Data can be entered either by the physician, the state influenza surveillance coordinator, or CDC influenza surveillance staff.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, m aintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 5, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC ITSO ITSOTools (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC ITSO ITSOTools

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wayne Knight

Provide an overview of the system: ITSOTools Homepage is a dynamically controlled and data driven website that is based on the user’s Active Directory authentication and security groups. The system provides a tertiary level of security by utilizing application data driven security categories and groups. Each user will have a unique set of available information provided on the homepage.

1 3. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at chil dren under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical co ntrols.: No Information in Identifiable Form is collected or transmitted. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sig n-off Date: Sep 10, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC Laboratory Sample Track and Reporting System (LSTARS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 3, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9221-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Laboratory Sample Track and Reporting System (LSTARS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and th e responses to this PIA may be addressed: Robert Jones, PhD, Business Steward

Provide an overview of the system: The purpose of LSTARS is to collect sample information and track samples and report laboratory test results. LSTARS associates test results and other data with a given specimen. It electronically collects information from NCEH/DLS Laboratory Information Management Systems

and reports specimen information and laboratory results to the Specimen Tracking and Results Reporting System (STARRS) during both routine and emergency public health response events.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), reco rd(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, the system does not contain IIF

30. Please d escribe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: LSTARS associates test results and other data with a given specimen. It electronically collects information from National Center Environmental Health (NCEH)/Division of Laboratory Sciences (DLS) Laboratory Information Management Systems and reports specimen information and laboratory results to the Specimen Tracking and Results Reporting System (STARRS) during both routine and emergency public health response events. All of the data regarding studies, specimens, and test results are stored indefinitely for future reference. The information does not contain IIF, yet it does contain test results. The test results contain no direct information regarding any of the patients. The system provides specimen descriptions, specimen test orders, and specimen test results to the following organizations:

National Center for Environmental Health (NCEH)

National Institute of Occupational Health and Safety (NIOSH)

Office of the Director (OD)

National Center for Health Statistics (NCHS) CDC and ATSDR Specimen Packaging, Inventory, and Repository (CASPIR)

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in pla ce with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 19, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NCHS X yVision PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 22, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-9421-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: XyVision

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tommy C. Seibert

Provide an overview of the system: This system takes existing documents and packages them for printing at GPO or publication on CDC's internet server. Original data and graphics are entered into the system by three users. These users use the system to edit and prepare a final form electronic document that is packaged into a pdf or other format document and then is manually sent by the user's email to its’ final destination.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 22, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Mailbox Class Size Tool (MCST) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 22, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC OCOO ITSO Mailbox Class Size Tool (MCST)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Doug McClelland

Provide an overview of the system: The Mailbox Class Size Tool v1.0 allows approved exception requests to be processed by the Network Technology Branch Messaging Team (NTB/MT). NTB/MT Engineers will be able to use the tool to set the Mailbox Class Size and the changes will then replicate to HHSMail.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the ret ention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: IIF not processed by this tool. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: S r. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 22, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD NCEH Public Health A ssessments & Health Consultations (PHAHC) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 30, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number:

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Public Health Assessments & Health Consultations (PHAHC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Marianne Hartin

Provide an overview of the system: Public Health Assessments & Health Consultations (PHAHC) is a web-based content delivery application that users visiting the CDC/NCEH/ATSDR website can access Public Health Statements (PHAs) and Health Consultations (HCs). These documents are findings and information pertaining to hazardous waste sites the CDC and ATSDR are involved in during the investigation and cleanup process. The application allows a user to select a state from an interactive map or from a page that lists states and regions and generates a list of publications that can be accessed. The content is accessed by the public meaning that anyone of interest in knowing about hazardous waste sites can view findings from a particular site. The public in this case is defined as anyone a public official, health professional, students and/or any concerned citizen. The content, the publications have been approved for public viewing.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: None. PHAHC does not contain IIF // E-Authentication Assurance Level = N/A (Public Access) // Risk Analysis Date = 10/15/2008

PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris (CTR); OCISO C&A Analyst Michael W. Harris (CTR) Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 30, 2008 Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC WHO Collaborating Laboratories (WCL) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 3, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9621-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: 0920-0004

Other Identifying Number(s): No

System Name: WHO Collaborating Laboratories

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lynnette Brammer

Provide an overview of the system: Approximately 85 U.S. WHO collaborating laboratories report weekly the number of specimens tested for influenza and the number positive by virus type/subtype and patient age group. Labs may transmit summary information via the WCL website or by fax.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for wh at purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen ?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 19, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC YRBSS Survey Data Management System (SDMS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 3, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

Sys tem Name: YRBSS Survey Data Management System (SDMS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: SDMS is the data processing system for the Youth Risk Behavior Survey (YRBS) and the Global School Based Student Health Survey (GSHS). It is used to manage questionnaire documents, edit scanned responses, and generate tabulations and graphs for reports to funded sites. SDMS is a Visual Basic application that accesses a SQL server database; it uses Microsoft Office automation to create reports and graphs, creates and executes SAS and SUDAAN programs for statistical processing, and Crystal Reports to present tabulated results. It is accessible only by authorized personnel and all data reside on a LAN drive or SQL server also accessible only by authorized personnel. No personal identifiers are used in any part of processing or data collection.

13. Indicat e if the system is new or an existing one being modified: New

21. Is the sy stem subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approv al: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 28, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER OneTeam (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 3, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: 09-20-0169

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: OneTeam

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Josh Giles

Provide an overview of the system: OneTeam is a web-based application to help the Coordinating Office for Terrorism Preparedness and Emergency Response (COTPER) Division of Business Services (DBS) track staff and vacancy information for all of COTPER. Developed as an expanded replacement for the COTPER Vacancy Action Tracking System (CVATS), OneTeam will combine the ability to track and report information related to vacancies with tracking and reporting of information related to staff members and positions throughout COTPER.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system share s or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All information will be stored on the CDC internal network. Access to OneTeam will be based on the CDC’s Windows Authentication, allowing only a pre-determined list of user access to the system via the CDC Intranet. Physical and additional technical controls are handled by ITSO and OSEP per appropriate C&A security controls. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 20, 2008 Approved for Web Publishing:

Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH Alcohol Related Disease Indicators (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approv al Number: n/a

Other Identifying Number(s): n/a

System Name: DACH Alcohol Related Disease Indicators

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris (CTR) Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH Block Grant MIS - Success Stories (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Subm ission: Sep 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: DACH Block Grant MIS - Success Stories

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the webs ite have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on th e system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris (CTR) Sr. Official for Pr ivacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH BRFSS Survey Operations Support (Ite m) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DACH BRFSS Survey Operations Support

System P oint of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Track status of data sets submitted by states.

13. Indicate if the sy stem is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Pr ivacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH Chronic Disease Indicators (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DACH Chronic Disease Indicators

System Point of Contact (POC). The System POC is the pe rson to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Provides online information for chronic disease indicators and related statistics

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

30. Please describe in de tail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

32. Does the system host a website?: Yes

37. Does the website have any infor mation or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: IIF is retained until no longer needed. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Officia l for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS Bibliography (Ite m) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - BRFSS Bibliography

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Search tool for BRFSS publications.

These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please descri be in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any infor mation or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using adm inistrative, technical, and physical controls.: IIF is retained until no longer needed. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS Coordinators (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - BRFSS Coordinators

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: State BRFSS coordinators. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, main tain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: IIF is retained until no longer needed. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. O fficial for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS Data Systems Course (Item) PIA SUMMARY AND APPROVAL COMBIN ED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 8, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: DACH GA - BRFSS Data Systems Course

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: BRFSS training web site. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS Modules (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary I s this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - BRFSS Modules

System Point of Contact (POC). The System POC is the person to whom questions a bout the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Listing of BRFSS questionnaire modules available by state and year. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose( s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destr uction of IIF?: Yes

Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS Prevalence (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - BRFSS Prevalence

System Poin t of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: State BRFSS prevalence data. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in deta il: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: IIF is retained until no longer needed. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS Publications (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Sub mission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - BRFSS Publications

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Citation information for official state publications that include BRFSS data, such as Healthy People 2000 reports and newsletters. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

31. Please describe in detail an y processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS Questions (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

O ther Identifying Number(s): N/A

System Name: DACH GA - BRFSS Questions

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Query of questions from previous BRFSS surveys. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disse minate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS SMART (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - BRFSS SMART

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of t he system: Selected Metropolitan/ Micropolitan Area Risk Trends (SMART) displays BRFSS data for selected metropolitan and micropolitan statistical areas. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one bein g modified: Existing

21. Is the system subject to the Privacy Act?: No

2 3. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describ e in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS Trends (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - BRFSS Trends

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Trends data for sixteen negative behaviors or circumstances across gender, age groupings, and states.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) ho sted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the we bsite have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approv al: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - BRFSS WEAT (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 8, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: DACH GA - BRFSS WEAT

System Point of Contact (POC). The System POC is the person to whom question s about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Web Enabled Analysis Tool - Cross tabulation and logistic analysis for BRFSS. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), di sseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for wha t purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer App roval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing:

Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - CHAPS Toolkit (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - CHAPS Toolkit

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Searchable listing of community health interventions & programs that address chronic disease & health disparities issues. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/o r pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - HRQOL (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - HRQOL

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Health Related Quality of Life - Displays health-quality indicator statistics from BRFSS data. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

1 7. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

31. Please describe in detail any p rocesses in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are ther e policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - State of Aging (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Co llection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - State of Aging

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Reports the health status and health behaviors of U.S. adults aged 65 years and older. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

32. Does the system host a website?: Yes

37. Does the website have any informatio n or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administ rative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - Steps Resource Center (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - Steps Resource Center

System Point of Contact (POC). The System POC is the person to whom que stions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Searchable listing of resources for Steps program communities. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subj ect to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GA - Syndemics (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GA - Syndemics

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Listing of health professionals involved with Syndemics research. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate a nd/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s ): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destru ction of IIF?: Yes PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: D ate Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH GIS - BRFSS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DACH GIS - BRFSS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Geographical display of BRFSS data. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), f ile(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Revie wer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DACH PRC MIS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 29, 2008

OPDIV Name: CDC

Unique Project Ident ifier (UPI) Number: 009-20-01-05-02-9022-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DACH PRC MIS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: System to record funded Prevention Research Centers research activities.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pag es directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Officia l for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing:

Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DASH Evaluation Tutorials (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DASH Evaluation Tutorials

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: DASH evaluation training Web site. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Pleas e describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DASH GA - Making it Happen (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DASH GA - Making it Happen

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Stories of schools and school districts that have implemented innovative strategies to improve the nutritional quality of foods and beverages sold outside of Federal meal programs.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subje ct to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at child ren under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DASH GA - School Health Education Resources (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submis sion: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DASH GA - School Health Education Resources

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Provides user-friendly access to the myriad school health education offerings available from the U.S. Department of Health and Human Services' Centers for Disease Control and Prevention (CDC). These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Pr ivacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

32. Does the system host a website?: Yes

37. Does the website have any informatio n or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrati ve, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Off icial for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DASH GA - SHI (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is thi s a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission:

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DASH GA - SHI

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be address ed: Cindy Allen

Provide an overview of the system: Self-assessment and planning tool that schools can use to improve their health and safety policies and programs. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in detail : (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines i n place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DASH QADS - Online Surveillance Mgmt (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DASH QADS - Online Surveillance Mgmt

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Collects state data on physical activity, nutrition, tobacco, and HIV indicators.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what p urpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention an d destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Pri vacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DASH Survey TA (Item) PIA SUMMARY AN D APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 26, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC DASH Survey TA

System Point of Contact (POC). The System POC is t he person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Provides technical assistance services to state and local fundees who are doing the Youth Risk Behavior Survey and the School Health Profiles studies in their state or localities.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in detail any p rocesses in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DASH YRBSS Data Dissemination (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DASH YRBSS Data Dissemination

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Data dissemination of the Youth Risk Behavior Surveillance program. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass th rough IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DCPC GA - Atlas (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DCPC GA - Atlas

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Interactive version of The Cancer Atlas publication. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass th rough IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF? : Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posti ng (Form) / CDC DCPC GA - Program Contacts (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DCPC GA - Program Contacts

System Poin t of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Contact information for CDC's Breast and Cervical Cancer Early Detection Program. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

31. Please des cribe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirte en?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off D ate: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DCPC GA - State Cancer Facts (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approv al Number: N/A

Other Identifying Number(s):

System Name: DCPC GA - State Cancer Facts

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Shows information for new cancer cases and deaths by state for the most common cancers. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/ Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discl oses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

31. Please describe in detail any processe s in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DCPC USCS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number : N/A

Other Identifying Number(s): N/A

System Name: DCPC USCS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Provides state-specific and regional data for cancer cases diagnosed and cancer deaths. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or dis closes IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in detail any processes in p lace to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or g uidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DDT MIS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: DDT MIS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) o r website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris (CTR) Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DDT Surveillance Trends Reporting System (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 26, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number:009-20-01-03-02-9121-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC DDT Surveillance Trends Reporting System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the r esponses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Documents trends in diabetes incidence, prevalence and mortality, identifies high-risk groups and evaluates progress in diabetes prevention and control.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is th e system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DHDSP GIS - DHDSP (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DHDSP GIS - DHDSP

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Geographical display of cardiovascular mortality data. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintai n (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with who m and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008

Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DHDSP GIS - DHDSP Policy Maps (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DHDSP GIS - DHDSP Policy Maps

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system:

Geographical display of cardiovascular-related legislation. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DHDSP HDSP MIS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-0

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Oth er Identifying Number(s): n/a

System Name: DHDSP HDSP MIS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) o r website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Revie wer Name: Michael W. Harris (CTR) Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DHDSP Legislative Database (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 29, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: No cost involved; No ESC entry

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DHDSP Legislative Database

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Search for state-level bills related to heart disease and stroke prevention topics.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Appr oval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HH S PIA Summary for Posting (Form) / CDC DNPA GA - 5-A-Day Recipes (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DNPA GA - 5-A-Day Recipes

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system:

Calculator to help determine the amount of fruit and vegetable consumption based on gender and age. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pa ss through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - 5-A-Day Surveillance (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Numb er(s): N/A

System Name: DNPA GA - 5-A-Day Surveillance

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system:

Analyze and compare survey responses by state, year, and demographic group. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disse minate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention a nd destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Appro val: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - Abstraction (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DNPA GA – Abstraction

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system:

Used to gather public study abstracts and the data that supports those studies. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruct ion of IIF?: Yes

06.3 HHS PIA Summar y for Posting (Form) / CDC DNPA GA - BMI (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DNPA GA – BMI

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system:

Calculator to help determine Body Mass Index. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - DNPA Qualitative Research Inv entory (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 22, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DNPA GA - DNPA Qualitative Research Inventory

System Point of Contact (POC). T he System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Provides information about qualitative research that has been conducted in the fields of nutrition, physical activity, and other related fields.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system coll ect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please spec ify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place wit h regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - DNPA Program Directory (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DNPA GA - DNPA Program Directory

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Provides information about physical activity programs involving state departments of health. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (st ore), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideli nes in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - PA Statistics (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 22, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number (s): N/A

System Name: CDC DNPA GA - PA Statistics

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Displays physical activity-related BRFSS data.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file (s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - US PA Guidelines (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 23, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DNPA GA - US PA Guidelines

Sys tem Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the sy stem is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describ e in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any inform ation or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using admi nistrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DNPA GA - Legislative Database (Item) PIA SUMMARY AND APPROVAL COMBIN ED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 22, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DNPA GA - Legislative Database

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Search for state-level bills related to nutrition and physical activity topics.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by th is system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Pl ease describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DOH ASTDD State Synopses (Item)

Form Report, printed by: Seymour, Kristina, Nov 18, 2008

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: DOH ASTDD State Synopses

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

10. Provide an overview of the system: These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the s ystem subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed a t children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris (CTR) Sr. Official for Privacy Approval: Promote Comments: Sr. Officia l for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DOH DOH MIS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 26, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

4. Privacy Act System of Records (SOR) Num ber: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC DOH MIS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Tracks objectives and activities of state based oral health programs.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please descri be in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any infor mation or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be sec ured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privac y Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DOH GA - My Water's Fluoride (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 23, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DOH GA - My Water's Fluoride

System Point of Contact (POC). The System PO C is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) o r website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

Sr. Official fo r Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DOH GIS - DOH (Item) PIA SUMM ARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 23, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DOH GIS – DOH

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Geographical display of oral health indicators and preventive interventions for oral health.

13. Indicate if the system i s new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subjec t to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DOH Oral Health Data Resource Center (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008 ?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 24, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB In formation Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DOH Oral Health Data Resource Center

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to thi s PIA may be addressed: Cindy Allen

Provide an overview of the system: Serves as a resource on dental, oral and craniofacial data for the oral health research community, clinical practitioners, public health planners and policy makers, advocates and the general public.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in detail any processes i n place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have

changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there polici es or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DOH PTS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Infor mation Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DOH PTS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Aids in the tracking and reporting of test data from participating water fluoride testing labs.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please spec ify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

32. Does the system host a website?: Yes

37. Does the website have any informatio n or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DOH WFRS (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is th is a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DOH WFRS

System Point of Contact (POC). The System POC is the person to whom questions about the sy stem and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Collects water fluoridation information from public water treatment systems.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system sh ares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DRH GIS - DRH (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 24, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DRH GIS – DRH

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Geographical display of reproductive health issues such as infant mortality, fertility, and low birth weight.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will t he system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or disclose s IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DRH NASS - ART Report 2001 (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DRH NASS - ART Report 2001

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an ove rview of the system: Online success rates for reproductive fertility technology and clinics.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

3 7. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC DRH NASS - ART Report 2002 (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DRH NASS - ART Report 2002

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Online success rates for reproductive fertility technology and clinics.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to th e Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DRH NASS - ART Report 2003 (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 26, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC DRH NASS - ART Report 2003

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Online success rates for reproductive fertility technology and clinics.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please de scribe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

Does the system host a website?: Yes

37. Does the website have any i nformation or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

Date Published:

06.3 HHS PIA Summary for Posting (Form) / CDC DRH NASS - ART Report 2004 (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 26, 2008

2. OPDIV Name: CDC

3. Unique Proje ct Identifier (UPI) Number: 009-20-01-03-02-9121-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC DRH NASS - ART Report 2004

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Online success rates for reproductive fertility technology and clinics.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC DRH NASS - ART Report 2005 (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 29, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DRH NASS - ART Report 2005

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Online success rates for reproductive fertility technology and clinics.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at child ren under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physi cal controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NCBDDD EHDI HSFS - Reports (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 29, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-08-02-1347-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC NCBDDD EHDI HSFS – Reports

System Point of Contact (POC). The System POC is the person to whom questions about the system and the respo nses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Reports related to Early Hearing Detection and Intervention.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please speci fy with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: Yes

Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NCHHSTP STD Training Websites (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 17, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: N/A - Mitigation of an issue is due to be completed by 9/27/2008.

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: STD Training Websites

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rheta Barnes

Provide an overview of the system: The system is a set of two web sites used for training in sexually transmitted diseases' control and prevention. One site requires users to login with a userID and password because of the graphic nature of the subject matter. All content is cleared for public release and contains no PII or sensitive information. Below is a more detailed description of the three sites. STD Curriculum The STD Curriculum web site is a web-based sexually transmitted disease (STD) curriculum. Seven STD modules are available for clinicians (physicians, advance practice nurses, and PAs) who wish to learn more about STDs. Continuing education credits (CMEs, CNEs) are available through the CDC Public Health Training Network. STD Curriculum offers the seven modules in two formats:

1. An online self study version http://www2a.cdc.gov/stdtraining/self-study/default.asp Users navigate through the curriculum modules by selecting "next" or "previous." They also have the opportunity to answer interactive study questions and case studies, and;

2. A downloadable ready to use version for clinician educators to use in classrooms, http://www2a.cdc.gov/stdtraining/ready-to-use/. Educators can download Microsoft Word documents, Microsoft PowerPoint presentations, and pdf files to use in conducting classes

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s) , file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Does not share or disclose

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: . Records email addresses for use as user ids. Agency does not use or disseminate these addresses.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Email addresses are stored on a SQL Server inside the firewall and protected by all CDC network protections. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 3, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NCIPC Injury ACE MIS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 29, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: None Provided by POC

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC NCIPC Injury ACE MIS

System Point of Contact (POC). The System POC i s the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Tracks objectives and activities of state based injury programs.

13. Indicate if the system is new or an existing one being modified: Existing17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

2 1. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

30. Please describe in detai l: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web

32. Does the system host a website?: Yes

37. Does the website have any informat ion or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC NCPHI User Accountability System (UAS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 18, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-1255-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: User Accountability System (UAS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kim Hinton

Provide an overview of the system: The system is used by the CDC Emergency Operations Center (EOC) to track personnel checking in and/or performing work for the EOC.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not share or disclose IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction o f IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NIST SP 800-53 controls ensure administrative, technical, and physical controls are adequate to protect system information. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 3, 2008 Approved for Web Publishing: Date Publ ished: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC Newborn Screening Quality Assurance Program (NBSQAP) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 17, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9221-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Newborn Screening Quality Assurance Program (NBSQAP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Bell

Provide an overview of the system: The Newborn Screening Program conducts quality assurance for state and international laboratories which screen for treatable inherited metabolic diseases in children. Effective screening by states, using dried blood spot (DBS) specimens collected from newborns soon after birth, combined with follow-up diagnostic studies and treatment, helps prevent mental retardation and premature death.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NBSQAP does not share or disclose IIF information. Only the partner can view its own information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

5 0. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Yes. See attached E-Auth Appendix to the BSI. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 5, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NOPHG Family Healthware (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Oth er Identifying Number(s): N/A

System Name: CDC NOPHG Family Healthware

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Demo-version of a tool to be used to assess a person’s familial risk for six diseases (coronary heart disease, stroke, diabetes, and colorectal, breast, and ovarian cancer). It provides users with a “prevention plan” containing personalized recommendations for lifestyle changes and screening.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destructi on of IIF?: Yes

06.3 HHS PIA Summa ry for Posting (Form) / CDC OD GA - Burden Book (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC OD GA - Burden Book

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Displays information by state on the burden of heart disease, stroke, cancer and diabetes; causes of death; risk factors among adults and high school students; and preventive services.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC OD GA - Email Form (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Oth er Identifying Number(s): N/A

System Name: CDC OD GA - Email Form

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Allows the contents of Web pages to be e-mailed.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record (s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruct ion of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC OD NCCDPHP Conference Planning System (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submis sion: Sep 8, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-01-02-1055-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: OD NCCDPHP Conference Planning System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system:

Allows coordinators for the Chronic Disease conference to plan agenda, speakers, travel, and other information. These are authenticated applications on the CoCHP Internet Platform. The logins or user account information contains business IIF. The CoCHP Internet Platform provides dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system col lect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC OSH CAPS (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: OSH CAPS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or w ebsite(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

Sr. Official for P rivacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OSH GA - Cessation Resource Center (Item ) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: OSH GA - Cessation Resource Center

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) o r website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials

32. Does the system host a website ?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Review er Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OSH GA - FAQ (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name : CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: OSH GA – FAQ

System Point of Co ntact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

32. Does the system host a website?: Yes

37. Does the website have any informatio n or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administ rative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OSH GA - GYTS Datasets (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: OSH GA - GYTS Datasets

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing o ne being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act? : No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

Date Published:

06.3 HHS PIA Summary for Posting (Form) / CDC OSH GA - Health Consequences SGR Database (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: OSH GA - Health Consequences SGR Database

System Point of Contact (POC). The System POC is the p erson to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF wi ll be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OSH GA - Involuntary Smoking SGR Database (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: OSH GA - Involuntary Smoking SGR Database

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

dynamic web content to the general public and public health partners in support of the Coordinating Centers for Health Promotion.

13. Indicate i f the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is th e system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pag es directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC OSH GA - Smoking and Health Resource Library (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 10, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

4. Privacy Act System of Records (SOR) Number: n/a

5. OMB Information Collection Approval Number: n/a

6. Other Identifying Number(s): n/a

7. System Name: OSH GA - Smoking and Health Resource Library

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) o r website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or page s directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, t echnical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OSH GIS - OSH (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2 008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 10, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: OSH GIS – OSH

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicat e if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages direc ted at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technica l, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. \PIA Reviewer Approval: Promote Comments:

PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OSH MCRC (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s): n/a

System Name: OSH MCRC

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may b e addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guide lines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris (CTR) Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OSH NATIONS (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: n/a

OMB Information Collection Approval Number: n/a

Other Identifying Number(s ): n/a

System Name: OSH NATIONS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) o r website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris (CTR) Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden S ign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OSH NTCP Chronicle (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collecti on Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC OSH NTCP Chronicle

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Collects information on state tobacco control programs.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

31. Please describe in detail any pr ocesses in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC OSH QIT (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collect ion Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC OSH QIT

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Categorizes tobacco-related survey questions.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any dat abase(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruc tion of IIF?: Yes

06.3 HHS PIA Summa ry for Posting (Form) / CDC OSH SAMMEC (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC OSH SAMMEC

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Calculates economic impacts of smoking.

13. Indicate if the system is new or an exis ting one being modified: Existing

21. Is the system subject to the Privac y Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

P lease describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC OSH SAMMEC - Survey (Item) PIA SU MMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9024-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC OSH SAMMEC – Survey

System Point of Contact (POC). The System POC is the person to whom questi ons about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Satisfaction survey for SAMMEC.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

21. Is the system subject to the Privacy Act?: No

23. If the system shares o r discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC OSH STATES (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 29, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Infor mation Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC OSH STATES

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Contains up-to-date and historical state-level data on tobacco use prevention and control; designed to integrate many data sources to provide comprehensive summary data and facilitate research and consistent data interpretation.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Some of the applications provide business contact information for public officials.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

5 4. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Rev iewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form ) / CDC Quarantine Activity Reporting System (QARS) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 3, 2008

OPDIV N ame: CDC

Unique Project Identifier (UPI) Number:

2007 - 009-20-01-02-02-9721-00-110-246 2008 - 009-20-01-02-02-9721-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Quarantine Activity Reporting System (QARS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Martha S. Remis

Provide an overview of the syste m:

The Division of Global Migration and Quarantine (DGMQ) commissioned the development of a Quarantine Activity Reporting System (QARS) as a subset of the DGMQ Intranet project, as a way to boost internal communications within the division and enable the DGMQ to track the activities recorded in this application. Currently, each of the eight quarantine stations produces a daily activity report (DAR) of the significant activities occurring at their stations. These reports are then sent to DQ Headquarters, where DGMQ personnel review and consolidate all reports into a Quarantine Activity Daily Report for distribution at the CDC center level and above. The quarantine stations are involved on a daily basis in various activities, including responding to reports of ill passengers, inspecting imported shipments of nonhuman primates, and monitoring the arrival of immigrants and refugees. These activities are recorded and summarized individually at each quarantine station. Monthly, counts of activities are submitted by each station for a monthly activity report. The QARS will allow the Quarantine Station personnel to enter their daily activities in an electronic standardized format, using controlled vocabulary. The QARS allows both Quarantine Station personnel and Headquarters personnel to enter follow-up reports to responses and investigations, as well as information gathered after the creation of the initial report. The QARS will enable DGMQ personnel to generate the Quarantine Daily Activity Report in a timelier and uniform manner. The information collected on a daily basis will be collated and stored in a database that can be utilized to generate reports on a monthly, quarterly, and annual basis. The system will facilitate the provision of required data for the Office of Management and Budget. The QARS will allow for the assessment of the volume and type of activities that the quarantine stations perform in order to better allocate resources and personnel. The information gathered through the illness investigation reports will enable the quantification and analysis of the information acquired during illness responses and investigations. It is envisioned that the QARS system will interface with other DGMQ systems such as

E-Manifest application-to facilitate the inclusion of lists of exposed passengers derived from airplane manifests

MOATS application – facilitate the invocation of MOA and sending persons to correct MOA hospitals as well as supplying the MOATS application with the correct passenger information.

GeoSentinel application - enabling analysis on the information gathered in QARS and the Geo-sentinel application to produce reports of disease pattern recognition.

EDN, Electronic Disease Notification application – to prevent the double entry of immigration and refugee information. In Release 1, the ill passenger and investigation process has been automated as well as the importation of non-human primates. The interaction with the MOATS and E-Manifest applications will be manual. In release 1, limited reporting will be available. The system will provide information to generate the Daily Activity Report though.

In Release 2, the land border crossings portion in paper form will be developed and piloted at land border crossings. The Active Surveillance portion of the Quarantine station daily activities reporting has been added.

During the period, that Release 2 is developed the change request received from the users in the quarantine stations and head quarters will be evaluated for inclusion in Release 2 following the formal Change Request process as defined by the NCID UP, Unified Process. Release 3 added the following types of reports:

• Partnership Activities – the activities a quarantine station conducts on a regular basis with outside partners can be reported using this module.

• Drug dispersements – the quarantine stations disperse anti-toxin to hospitals, pharmacies, and private physicians in the US and abroad. The quarantine station user uses this module to record anti-toxin dispersements.

• Anti-toxin drug inventory management tools – this module allows for tracking of transfers to and from the quarantine stations, managing of re-supply levels, managing the types of anti-toxin the quarantine stations can disperse as well as the lot # of these drugs.

• Land border crossing – the paper form developed during Release 2 was automated.

• Countries of interest management tool – There are certain countries that are of interest to CDC. The QARS system flags reports that reference those countries as country of origin, country visited, country traveled.

• Accompanying reports Release 4 added the following functionality:

• Refugee/Asylee packet processing

• Immigrant/K+V-visa/parolee packet processing

• Active Surveillance update for pandemic flu

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): DGMQ quarantine station public health officers, medical officers, head quarter staff to perform duties as required by regulations.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: HHS ROB, ITSO managed system. C&A in process. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. O fficial for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC Auto Decal (Item) PI A SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-0984-00

Privacy Act System of Records (SOR) Number: DOT/ALL8

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Auto Decal

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tracy Hollis

Provide an overview of the system: Mainframe application used by the Office of Security and Emergency Preparedness to issue car decals for any vehicles parked on CDC premises or leased property by CDC workforce. The only system users are OSEP personnel, who enter information regarding a vehicle and the associated decal number and the owner’s User ID. The information is manually typed from a signed form by the vehicle owner usually submitted to security personnel assigned to the user’s workplace. The security staff issues the decal, and then submits the form to the security office in charge of entering the information from the form. This may take several days from the time the user is issued a decal until the information is entered into the Auto Decal system.

13. Indicate if the system is n ew or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject t o the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have a ny information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system u sing administrative, technical, and physical controls.: Need to Know policy is enforced in the application. Only designated OSEP personnel can see the record. User Id’s, Passwords (expire after a set period of time), Accounts are locked after a set period of inactivity, Minimum length of passwords is eight characters, Accounts are locked after a set number of incorrect attempts. Firewall protected. PIA Reviewer Approval: Promote

Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Appr oval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 19, 2008 Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC NCHS Automated Tracking System (NCHSAT) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Internal Flow or Collection

Date of this Submission: Sep 30, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1329

Privacy Act System of Records (SOR) Number: 09-20-0164

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): ESC ID = 197

System Name: CDC NCHS Automated Tracking System (NCHSAT)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Chris Cox

Provide an overview of the system: The NCHS Automated Tracking System (NCHSAT) is a GUI driven data management system which supports the address tracking of NCHS survey participants. Participant names and addresses are matched with United States Postal Service (USPS) address information files and/or National Change of Address Link (NCOALink) database to collect information about participant migration and to collect updated address information. This system assists NCHS with re-contacting survey participants to conduct follow-up survey activities and to improve the data quality of administrative records data linkage projects. The data collection activity is authorized by Section 308(d) of the Public Health Service Act (42 U.S.C. 242m(d)) All information obtained will be held strictly confidential and will be used for statistical research purposes only.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Data in the NCHS Automated Tracking System are used by the OAE Special Projects Branch and the NCHS survey owners for statistical purposes. Survey participant name and mailing address is sent to the National Change of Address Link (NCOALink) and/or to Postmasters employed by the US Postal Service to confirm or obtain updated name and address information. The data contained within the NCHSAT is not shared with any other persons within NCHS or external to NCHS.

health surveys designed to collect data about the health status and health behaviors of the nation’s population. During the conduct of these surveys, respondents are informed that their participation is voluntary and that they may refuse to answer any questions. Survey respondents are informed about the planned uses of the data and as part of the interview process are asked to provide personal identification information. Names and addresses of subject survey respondents, collected during respondent interviews are loaded into the NCHS Automated Tracking system at the completion of the active data collection period. The NCHSAT system is used to update name and address information through NCHS approved data collection and verification activities. These activities involve matching current name and address information to the National Change of Address Link (NCOALink) database and/or contacting Postmasters employed by the US Postal Service to confirm name and address information for current residents. NCHS conducts survey participant tracking for two reasons: 1) to assist in re-contacting survey participants to conduct follow-up survey activities and 2) to improve the data quality of administrative records data linkage projects. Longitudinal follow-up studies provide a tool to measure health outcomes and to observe the natural history of diseases. By passively tracking survey respondent migration, NCHS reduces costs and increases survey response rates for key data collection activities. Administrative record linkage projects serve to increase the analytic potential of NCHS population based health surveys for epidemiologic research by linking exposures to health outcomes (such as mortality) and increasing the accuracy and level of detail of health data. Using the NCHSAT to collect accurate name and address information increases the accuracy of linking survey respondents to the correct administrative record, reduces the cost of survey respondent re-location after the initial survey contact, and results in less attrition in both longitudinal and linkage data collection efforts which improves the scientific value of the data. Updating name and address information is the minimum activity necessary to locate survey respondent current residence. The activities of the NCHS Automated Tracking system support DHHS strategic goal 4 – Scientific Research and Development Objective 4.2 Increase Basic Scientific knowledge to improve human health and development.

32 . Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Bri efly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Forms collected from the Post Office and CDs collected from NCOA are destroyed after being entered and updated in the system. The data stored in the NCHSAT will be retained until the NCHS survey is retired. At the point of each survey’s retirement, the data stored in the NCHSAT for that survey will be deleted. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 3, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC OD NCIPC Media Databa se (MediaDB) (Item) PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Oct 30, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Media Database (MediaDB)

System Point of Contact (POC). The Syst em POC is the person to whom questions about the system and the responses to this PIA may be addressed: Sarah (Gail) Hayes

Provide an overview of the system: Media Database (MediaDB) is an internal non-web based MS Access Database that provides NCIPC with the ability to keep electronic records of daily media contacts regarding ongoing research involving CDC public health issues. When a reporter or news columnist contacts the CDC for further information regarding public health issues, the media reporter provides the CDC with a business e-mail address and business phone number of the media reporter. The CDC spokesperson can then return the call to relay any research information that the CDC has gathered that the CDC personnel deems appropriate. This is the only Personable Identifiable Information (PII) in turn that is tracked in MediaDB.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF wi thin any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Only MediaDB team members are allowed to view any business contact information.

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: MediaDB has one system administrator who has full privileges. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 30, 2008 Approved for Web Publishing: Date Published: Nov 28, 2008

06.3 HHS PIA Summary for Posting (Form) / CDC ATSDR DHAC Identifying Exposure Pathways (IEP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jan 5, 2009 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC ATSDR DHAC Identifying Exposure Pathways (IEP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert L. Kay

Provide an overview of the system: Identifying Exposure Pathways (IEP) is a web-based training that has been on the Agency for Toxic Substances and Disease Registry (ATSDR)/CDC web since 2003. The online learning program provides information on the basic concepts used by ATSDR staff and agents of ATSDR in conducting public health assessments, specifically how to identify pathways of exposure. The program is intended to assist environmental public health professionals to understand the basic steps and coordination necessary to identify exposure pathways. The program provides learn-by-doing steps on how ATSDR's cooperative agreement partners (agents of ATSDR), ATSDR staff, and other environmental and public health professionals can identify how persons come into contact with hazardous and toxic substances. This program is an interactive simulation involving internal and external communications, site document review, mock site review, video clip review, community involvement activities, and completion of an exposure pathway table. The program does not collect/store any Personable Identifiable Information (PII) regarding any of its participants.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, does not contain PII

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

No, does not contain PII

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No, does not contain PII PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jan 5, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Consolidated Data Request Tracking System (CDRTS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Dec 12, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC CCEHIP NCEH Consolidated Data Request Tracking System (CDRTS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Waller

Provide an overview of the system: Consolidated Data Request Tracking System (CDRTS) is a Resource Management System used to track work and requests being performed by staff and viewed in reports. CDRTS uses a framework for modular work request interfaces for internal Coordinating Center for Environmental Health and Injury Prevention (CCEHIP) use. Users access the system via a website where they fill out the work request. The request is then emailed to the team responsible for completing the request as well as to the requestor. The online request form connects to a database to populate various drop-down lists which provide the user with request options.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

individuals regarding what IIF is being collected from them and how the information will be used or shared: N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Dec 18, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Inorganic and Radiological Analytic Toxicology Data Submission (IRATDS)(Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC CCEHIP NCEH Inorganic and Radiological Analytic Toxicology Data Submission (IRATDS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathleen Caldwell

Provide an overview of the system: Inorganic and Radiological Analytic Toxicology Data Submission (IRATDS) is a custom web-based application designed to collect Quality Assurance (QA)/Quality Control (QC) analysis results from external laboratories for internal analysis by the Division of Laboratory Science’s Inorganic and Radiological Analytical Toxicology branch (IRAT), as well as to provide a means by which those laboratories can access performance reports created from previously submitted data. During each quarterly round the IRAT laboratory provides vials of blood and urine containing quantities of specific chemical compounds (lead, for example) to participating domestic and international laboratories for sample analysis. These quality control sample vials are processed by scientists, researchers or technicians from each external laboratory who then access the IRATDS online system to report their results using an online web-based form. The result data, which consists almost entirely of numeric values contains no Personally Identifiable Information (PII), is stored in a SQL Server database for later retrieval and internal analysis by the IRAT laboratory at the end of each quarter, resulting in the performance reports.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

The information collected does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information collected does not contain PII. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jan 5, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Lipid and Clinical Chemistry Databases (LCCDB) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Dec 10, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No

7. System Name: Lipid and Clinical Chemistry Databases (LCCDB)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mary Kimberly

Provide an overview of the system: The Lipid and Clinical Chemistry Databases (LCCDB) is a non-web based modular Lab Information Management System (LIMS) and Data Analysis System. LCCDB is designed to provide different functional analysis and data entry points based on role related duties. Lab data is from sources and direct import from lab equipment in the form of text files.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not contain PII.

The system does not contain PII.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: E-Authentication Assurance Level = N/A Risk Analysis Date = 11/19/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 11, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Lipid Standardization Program Data Submission (LSPDS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jan 7, 2009 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC CCEHIP NCEH Lipid Standardization Program Data Submission (LSPDS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mary Kimberly

reports created from previously submitted data. During each quarterly round the LSP laboratory provides vials of serum to participating domestic and international laboratories for sample analysis to measure levels of cholesterol. These quality control sample vials are processed by scientists, researchers or technicians from each external health laboratory who then access the LSPDS online system to report their results using a web-based form. The results from the data, which consists almost entirely of numeric values and contains no Personally Identifiable Information (PII), is stored in a SQL Server database for later retrieval and internal analysis by the LSP laboratory at the end of each quarter, resulting in the performance reports.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

The information collected does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information collected does not contain PII. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jan 12, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Radiation Studies Bibliographic Database (RSBD) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 29, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number:

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC CCEHIP NCEH Radiation Studies Bibliographic Database (RSBD)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert (Bob) Whitcomb

Provide an overview of the system: Radiation Studies Bibliographic Database (RSBD) is a web-based system designed to identify potentially harmful environmental exposures (such as radiation effects from nuclear weapons exposures) and examine all health risks that are associated with the identified exposures.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): RSBD does not contain IIF information.

Radiation Studies Bibliographic Database (RSBD) is a web-based system designed to identify potentially harmful environmental exposures (such as radiation effects from nuclear weapons exposures) and examine all health risks that are associated with the identified exposures. The system information is considered to be open in nature, and therefore, does not contain any sort of Personable Identifiable Information (PII).

RSBD does not contain IIF information.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Nov 3, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCIPC National Violent Death Reporting System (NVDRS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 6, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No

7. System Name: National Violent Death Reporting System (NVDRS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joyce McCurdy

Provide an overview of the system: The National Violent Death Reporting System (NVDRS) is an incident-based system designed to capture data on violent deaths (suicides, homicides, and deaths of undetermined intent) in a relational database. Information on deaths are collected by state-level partner agencies (typically state health departments), and information is transmitted to the CDC after being stripped of all personally identifiable information. Cases are typically identified as death certificates are filed or by data abstractors reviewing cases reported to coroner/medical examiner (CME) offices. Accordingly, data within the NVDRS can be analyzed on the victim or suspect level (e.g. to determine details about victims or suspects) or the incident level (in which multiple homicides or linked homicide/suicides can be considered as single events). Each state’s own Violent Death Reporting System establishes the details of that state’s cases from primary and secondary data sources. Primary data sources are: death certificates (DC), CME records, police reports (PR), and crime laboratory data. Secondary, or optional data sources are: child fatality review team data (CFR), supplementary homicide reports (SHR), hospital (Hosp) data, emergency department (ED) data, and Alcohol Tobacco, Firearms and Explosives (ATF) trace information on firearms.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, does not contain IIF

The system does not contain IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain IIF.

E-Authentication Assurance Level = N/A Risk Analysis Date = 11/4/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 6, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Capacity Building Assistance Reports (CBA Reports) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Dec 10, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: Capacity Building Assistance Reports (CBA Reports)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rashad Burgess

Provide an overview of the system: CBA Reports provides user and administrative reports for both the CRIS and GEMS systems. CBA Reports does not store any data with the system, but rather pulls the data from CRIS and GEMS and compiles it into reports. It has a report wizard where the users can design their own reports and choose the criteria that will be included in the reports. CBA Reports has the capability to produce data for management level quarterly reports.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Name and contact information will be shared with Capacity Building Assistance Providers who will be providing assistance.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: It displays reports that reflect the requests entered in the CRIS system. It reports info number of request for Focus Area 1, or number of request with status of Active, or number of requests for an organization.

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Business IIF Collected. E-Authentication Assurance Level = N/A Risk Analysis Date = 12/01/08 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 11, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Public Health Advisor Staff Tracking (PHAST) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 9, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: 09-90-0018 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC CCID NCHHSTP Public Health Advisor Staff Tracking (PHAST)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Audriene Bishop-Cline

Provide an overview of the system: This is NOT a web-based application. Internal Client-Server PHAST electronically stores personnel information of NCHHSTP public health field staff. Information collected includes current assignments, education credentials, demographics, training history, personnel action history and contact information. The Workforce Development Unit (WDU) uses the system as its primary source of emergency contact information. Divisions and NCHSTP/OD use it to plan training strategies, track personnel actions, answer questions that arise about assignments, generate personnel reports and create mass mailing lists. The Phast database includes names, date of birth, personal/work address, and phone. This data is only transmitted and used by designated CDC personnel.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

-Name

- Date of birth

-Gender

Race

Position start date

-Division

-FTE number

-Duty Date

Service comp date

Mailing address

-Work Phone

- Home Phone

-Education

Training history

Emergency contact

International contact info Information contains PIF. Submission is voluntary

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: The IIF will be secured by logical access controls. Technical controls: User ID, Passwords, firewall, encryption, IDS, CAC. Physical controls: Guards, ID badges, key cards. IIF= Collected E-Authentication Assurance Level = N/A Risk Analysis Date = 8/18/08 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 10, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Tanzania GAP Site (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 10, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No 7. System Name: Tanzania GAP Site

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jenny Parker

Provide an overview of the system: This is a general office support system for CDC GAP Haiti and provides a file server, exchange server, webmail server; authentication is performed via CDC Active Directory with a failover to local host.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A E-Authentication Assurance Level = N/A Risk Analysis Date = 09/23/08 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 13, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCIRD CDC Federal Contract Vaccine Availability, Package and NDC (NDC) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 14, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): N/A

7. System Name: CDC Federal Contract Vaccine Availability, Package and NDC (NDC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cathy Hogan

Provide an overview of the system: An External application to display general information about Federal Contract Vaccines and National Drug Codes(NDC's) for the related vaccines. The application gathers data from the database table using a stored procedure and displays on an ASP page.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF Collected. E-Authentication Assurance Level = N/A Risk Analysis Date = 10/21/08 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 14, 2008

Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCIRD Polio Entero Virus Database (EVDB) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Dec 1, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: 09-20-0113 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): None

7. System Name: Polio Entero Virus Database (EVDB)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Steve Oberste

Provide an overview of the system: The system stores Polio Enterovirus lab results and specimen information.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No PII information is shared.

Collect basic clinical data and specimen identifiers pertaining to a patient whose clinical specimens are to be tested; info is submitted by physician/hospital/public health agency—submission of IIF is voluntary on their part; may contain surname, given name, DOB

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

Risk Analysis Date = 11/13/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 2, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID Biotechnology Core Facility Job Tracking Database (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Biotechnology Core Facility Job Tracking Database

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Elizabeth Neuhaus

Provide an overview of the system: The Biotechnology Core Facility Branch (BCFB) provides custom products, synthetic DNA oligonucleotides and synthetic peptides, as well as other services to CDC laboratory researchers. Since 1993 the BCFB has employed an electronic relational database for inventory control and tracking data related to these activities. Paradox was the database product selected after evaluation of commercial products available at that time and is the product currently used by the BCFB

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

individuals regarding what IIF is being collected from them and how the information will be used or shared: No processes are in place, since only Business – IIF data is collected.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Business IIF Collected. E-Authentication Assurance Level = N/A Risk Analysis Date = 11/26/08 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 11, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID Global Emerging Infections Sentinel Network (GeoSentinel) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 14, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No, System does not constitute a “system of records” under the Privacy Act. 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No

7. System Name: Global Emerging Infections Sentinel Network (GeoSentinel)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nina Marano

Provide an overview of the system: GeoSentinel is a provider-based sentinel network of the International Society of Travel Medicine (ISTM), through a cooperative agreement with CDC. GeoSentinel consists of 33 travel/tropical medicine clinics (Sites) around the world (including the U.S.) participating in active surveillance to monitor geographic and temporal trends in morbidity among travelers and other globally mobile populations. Passive surveillance and response capabilities are also extended to a broader network of GeoSentinel Network members. This is a surveillance system that collects information on significant health risks and alerts on important disease risks and outbreaks in collaboration with CDC and other international organizations that are channeled through these clinics. Most users of the system are nurses and physicians in the different sites that are non CDC personnel. The GeoSentinel is a web based system. There is one form (patient questionnaire) that is entered by the different sites into the system through a secured server. The main system functions include the following: Data entry of patient questionnaire, search capability, alerts, announcements and administrative tools. All information is stored in the central database. Users can also generate reports as well as download data and export it into external applications such as MS Excel or MS Access. There are three types of users: Site users that can only view their own information; global users that can view all site's information; and data managers that can view all site information and can also perform administrative functions such as managing sites, users and locations, customizing site specific fields, maintaining lists and creating announcements.

Since this is a surveillance system, there are no personal identifiers that are entered into it and it is not affected by regulations. GeoSentinel is a standalone system that is not connected to any other system nor does it share any information with other systems. The system uses internal user-based application security. Database security includes role-based permission to system functions.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No. System does not share or disclose information.

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: This is a surveillance system that collects information on significant health risks and alerts on important disease risks and outbreaks in collaboration with CDC and other international organizations that are channeled through these clinics. Most users of the system are nurses and physicians in the different sites that are non CDC personnel. Information is used for analysis purposes and is collected from patients that voluntarily fill in the questionnaire when they visit one of the GeoSentinel clinics.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls: IIF data are backed up daily and copies stored in a separate facility. Technical controls: Access to the data is controlled by user ID and password in addition to the user ID and password needed to access the network. Physical controls include security guards, ID badges, cardkeys and cipher locks. E-Authentication Assurance Level = 2 Risk Analysis Date = 9/25/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 14, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID NCID Informatics Portal (NCID Portal) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jan 23, 2009 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC CCID NCPDCID NCID Informatics Portal (NCID Portal)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Charlie Miller

Provide an overview of the system: The NCID Informatics Portal is a web based system used to track projects and resources in the “old” NCID Office of Informatics when IT staff was rolled-up from branches and divisions into the center level servicing team. Initially it was designed as a place for team members to centrally save pertinent documentation and project information as well as a place for management to track ongoing project development. It was also used as a general resource leveling tool for managers.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: All information that was collected in the NCID Portal was “project related” and was for internal use only. As the NCID Office of Informatics had many organizations and people that it needed to service, the NCID Portal was thought of as a way for our organization to have transparency to those groups who we were servicing. Anyone with access to the CDC intranet had “View” access to most of the information on the NCID Portal including project documentation and list of projects/resources. Members of the office of informatics were asked to “log in” to keep project information up to date as well as upload documentation/files.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jan 28, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED National Outbreak Reporting System (NORS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Dec 9, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No

7. System Name: National Outbreak Reporting System (NORS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ian Williams

Provide an overview of the system: The National Outbreak Reporting System (NORS) provides collection and storage of aggregate outbreak data from State Health Departments. The data is studied and analyzed as a part of national surveillance. Aggregate outbreak data is entered into the system as individual incident reports via client web interface for study as a passive surveillance tool. This surveillance analysis normally occurs after an actual outbreak has occurred. State administrators have the ability to finalize and approve individual incident reports. The data is collected at the CDC in a normalized relational database. Separate applications to work with the surveillance data. Administration and individual incident record viewing is done through the web interface. Currently aFORS (analytical FORS) is the only additional module that has been integrated. NORS has several system interconnections and dependencies. NORS will share functionality with PulseNet and NARMS by automatically sending requests and response for data between the systems.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

changed since the notice at the time of the original collection); and (2) notify and obtain consent from

individuals regarding what IIF is being collected from them and how the information will be used or shared: No

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 12, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED OutbreakNet (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Feb 2, 2009 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC CCID NCZVED OutbreakNet

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Richard Williams

Provide an overview of the system: OutbreakNet is an external facing web application. The application collects both line list and outbreak data that relates to cases but does not contain PII. The data is used to enable reporting and hypothesis generation during a foodborne outbreak. From this data the system will generate reports and allow direct connectivity for statisticians within the CDC. Allowing for greater analysis and easier reporting to allow more focus on the science behind the outbreak.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

application collects both line list and outbreak data that relates to cases but does not contain PII. The data is used to enable reporting and hypothesis generation during a foodborne outbreak. The data entered into the system is largely captured by state health departments and then shared voluntarily with the CDC. Once entered into OutbreakNet, states will not be able to download or read other states data.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Feb 3, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED Project Planning and Budget Integration Database (Vertical Planning) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 21, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC CCID NCZVED Project Planning and Budget Integration Database (Vertical Planning)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Richard Williams

Provide an overview of the system: In order to provide consistency for planning and budget integration across the Center, NCZVED has chartered a working group, composed of representatives from each division, to develop a central NCZVED database to be used as a management tool for vertical and horizontal planning, budget and planning integration, mapping branch projects to division, center, coordinating center and CDC goals, and that serves as a building block for future CCID performance measurement processes. Use of this database enables a unified approach to expressing the public health priorities and impacts as measured by Center and CDC goals. This database may also serve as potential model for use by other CCID centers.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 21, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NIP New Vaccine Surveillance Network (NVSN) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Nov 6, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No, System does not constitute a “system of records” under the Privacy Act. 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No

7. System Name: New Vaccine Surveillance Network (NVSN)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Marika Iwane

Provide an overview of the system: The system collects inpatient, outpatient, and well-child new vaccine surveillance data to evaluate the impact of new vaccines and vaccine policies.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, System does not share or disclose information.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The surveillance data on symptoms, diagnosis, interview, lab results, and vaccine verification are used to evaluate the impact of new vaccines and vaccine policies.

Yes, Date of Birth, Business Contact Information

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls: IIF data are backed up daily and copies stored in a separate facility. The SQL Server database administration is maintained by ITSO. All modification to the database conforms to ITSO CM. Technical controls: Access to the data is controlled by user ID and password in addition to the user ID and password needed to access the network. Physical controls include security guards, ID badges, cardkeys and cipher locks. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 6, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID OD Coordinating Center for Infectious Disease (CC ID) Informatics Customer Support (c.Support) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 20, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: 09-90-0001 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: Coordinating Center for Infectious Disease (CCID) Informatics Customer Support (c.Support)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tonya Martin

10. Provide an overview of the system: c.Support® from GWI Software is a comprehensive help desk/customer support application that allows support organizations to coordinate and manage everyday support activities as well as track assets, build a knowledge base and provide customer self-help. Designed and developed using the Microsoft® .NET Framework, c.Support provides the best overall value by leveraging our existing investment in Microsoft® systems, servers, and infrastructure. c.Support will integrate with Microsoft Active Directory®, Domino Directory, a Microsoft SQL database, and/or Microsoft® CRM.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Other CDC and CDC Contracted Expert Resources for Incident Resolution.

Records business email address, business phone, fax, and mailing address. Submission is mandatory.

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Customer information is stored on a Microsoft SQL Server inside the firewall and protected by all CDC network protections. E-Authentication Assurance Level = N/A Risk Analysis Date = 10/31/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 24, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID OD Space Manage ment System (SMS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Space Management System (SMS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Marianne Simon

Provide an overview of the system: The Space Management System (SMS) is an internal client-server CDC application that tracks the Coordinating Center for Infectious Disease’s (CCID) assigned building space, office space, and laboratory space. SMS captures information regarding building space assigned to CCID. Space description consists of campus, buildings, floors, office numbers, office square footage, laboratory numbers and laboratory types. The system tracks which space allocations are assigned to centers and divisions. The system allows authorized users to enter space information and produce reports on space usage. There are 3 users and 1 developer who have access to the system. SMS is an old system developed and maintained as an ASP application with a SQL backend.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF collected E-Authentication Assurance Level = N/A Risk Analysis Date = October 20, 2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomaas P Madden Sign-off Date: Dec 12, 2008 Approved for Web Publishing:

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHIS NCPHI Data Warehousing (DW) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Nov 14, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: 09-20-0136 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No 7. System Name: Data Warehousing (DW)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robb Chapman

Provide an overview of the system: DW collects data pertaining to diseases across states with disparate systems into a repository used for surveillance and analysis.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): DW is a non-major application that receives data, including IIF for its clients systems within CDC, CCID and DISSS.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system collects voluntary or involuntarily collected data about flu reports, nationally notifiable diseases, epidemics and routine public health events

None

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 14, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER DEOC Decision Support System (DDSS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC COTPER DEOC Decision Support System (DDSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ron Abernathy

Provide an overview of the system: This system is used by the CDC Emergency Operations Center to provide protocols and procedures that the Watch Staff and Duty Officer should follow when receiving certain phone calls. The protocols exist on a shared file server and the system is merely link to those files.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote

Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Dec 18, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DBS COTPER COPTER C-Support (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 14, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: 09-90-0001 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No 7. System Name: COPTER C-Support

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Chris Symons

Provide an overview of the system: c.Support® from GWI Software is a comprehensive help desk/customer support application that allows support organizations to coordinate and manage everyday support activities as well as track assets, build a knowledge base and provide customer self-help. Designed and developed using the Microsoft® .NET Framework, c.Support provides the best overall value by leveraging our existing investment in Microsoft® systems, servers, and infrastructure. c.Support will integrate with Microsoft Active Directory®, Domino Directory, a Microsoft SQL database, and/or Microsoft® CRM.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Data is used internally for case management only

Name, email address, and phone numbers

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Customer information is stored on a Microsoft SQL Server inside the firewall and protected by all CDC network protections. E-Authentication Assurance Level = N/A Risk Analysis Date = 10/21/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 14, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DGA NCHHSTP Haiti GAP Sitef (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 27, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No 7. System Name: Haiti GAP Site

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jenny Parker

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Mike Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Oct 27, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DHPIRS NCHHSTP Capacity Building Assistance Request Information System (CRIS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Dec 9, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: Capacity Building Assistance Request Information System (CRIS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rashad Burgess

Provide an overview of the system: CDC’s Capacity Building Branch was having problems with communication and coordination among community based organizations (CBOs) and health departments (HDs), Capacity Building Assistance (CBA) providers, and Capacity Building Branch (CBB). There was a duplication of effort, slow service delivery, lack of visibility and status of ongoing activities, and general inefficiency in the development and delivery of CBA. A collaborative communication and tracking system that supports both requesters and providers was needed. CRIS is a browser-based (Internet) application allowing CDC and its public partners to cooperate in the delivery of HIV/AIDS prevention services. The application will allow CDC-Funded community-based organizations and health departments to request CBA services and enable CDC to match these requests with CBA providers. CRIS will also allow providers to report on the status of capacity building activities, request additional services from other CBA providers, and provide visibility of activities to all participants. The CRIS mission is to enable the CBB to reduce the manual administration of capacity building efforts that are aimed towards increasing the capacity of health departments and community based organizations to deliver HIV prevention intervention. The CRIS web-based application will be launched from the Capacity Building Assistance Portal (CBAP) bringing together CDC employees, CBA providers, directly funded CBO and HDs to a single online gateway to access CBA resources. CBAP is located at the following web site: http://wwwdev.cdc.gov/hiv/cba/default.htm. CRIS currently consists of two functional areas: a request submission portion that allows users to request capacity building assistance for themselves or others and a portion that allows CDC staff and CBA providers to work the request. CRIS requests are entered via a wizard-type process that walks the requestor through the process step by step. Once submitted, the CBA Coordinator and project officer work the request. The CBA

Coordinator tells the system to send an e-mail to the selected CBA provider about the request assignment. The CBA provider then enters contact times, plans for fulfilling the request, and other information. The system will also provide analytical and transactional reporting. A highlight of CRIS essential system functions are as follows:

CBA requests for individuals

CBA requests for groups

Triage

Action plan for CBA providers

Generation of reports Administration of the system

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

System collects the business address of the organization the person is employed by and uses it to send course completion certificates after course completion. The system does not collect any personal information.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: E-Authentication Assurance Level = 1 Risk Analysis Date = 8/21/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 12, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DHPIRS NCHHSTP PRS Evidence Based Search (PRS EBS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 6, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: PRS Evidence Based Search (PRS EBS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: David Purcell

Provide an overview of the system: The PRS EBS project will allow CDC partners, grantees, and agencies to more readily locate pertinent information stored in “Fact Sheets.” PRS EBS is an ASP.Net 2.0 application that will allow a user to search evidence-based intervention documents in an easy, user friendly way that is most appropriate for the user’s community. The users are HIV prevention providers (e.g., health departments, CBOs, community planning groups, capacity building providers) and HIV intervention researchers. All the documents involved with the PRS EBS are public documents and contain no PII/IIF nor contain any sensitive information. The specifications for PRS EBS are as follows: -Have a link on a main page on the PRS EBI website to go to this search window -Search window would pop up as a separate window -Search window and database info would be on the wwwn server -Search window would include many searchable fields, advanced search capabilities, and would be user friendly -Search functions would be “AND” between fields and “OR” between multiple responses within a single field -Output from the search would be a report type list of the intervention names (linked to their existing fact sheet) along with the 4-5 bullets of intervention description -Printable reports with title, explanation, context, criteria used. -“Help” buttons for various fields to provide definitions -Field definitions would be embedded as fields within the database -Admin report (for internal use) of essentially a data dump to be able to review & verify data accuracy (particularly important after updates to records or new fields are added) -Have a link to close the search and return back to the already opened PRS EBI website where the user left to go search

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO PII/IIF COLLECTED

INTERVENTIONS MOST APPROPRIATE FOR THE USERS COMMUNITY. NO PII/IIF IS CONTAINED IN THE FACT SHEETS NOR THE SEARCH ENGINE AS EVERYTHING IS PUBLICLY ACCESSIBLE.

NO PII/IIF IS COLLECTED/STORED IN PRS EBS.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NO PII/IIF IS COLLECTED/STORED ON PRS EBS. E-Authentication Assurance Level = N/A Risk Analysis Date = 8/27/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 24, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DLS NCEH NH DNA Bank (NHDNABANK) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 7, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No 7. System Name: NH DNA Bank (NHDNABANK)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Margaret Gallagher

Provide an overview of the system: The Molecular Biology staff (now part of the New Born Screening and Molecular Biology Branch) is creating a DNA bank of samples from the NHANES study and other sources. These samples are collected for genetic epidemiologic studies. The branch has developed a custom front-end MS Access application, NH DNA Bank (NHDNABANK), which is used for tracking specimens, recording laboratory processing and quality control. The application automatically assigns the unique IDs for sample and process identification and provides other useful functions to the laboratory staff. Reports and bar-coded sample labels are provided by this application. The NHDNABANK system contains no Personable Identifiable Information (PII) of any sort

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, the system does not contain IIF

No, the system does not contain IIF

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: None. The system does not contain IIF. E-Authentication Assurance Level = N/A Risk Analysis Date = 10/1/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thaomas P Madden Sign-off Date: Nov 13, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DSTDP NCHHSTP HPV Impact Proj ect Database (HPV) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 3, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No

7. System Name: CDC DSTDP NCHHSTP HPV Impact Project Database (HPV)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Susan Hariri

Provide an overview of the system: Not Web-based. Access database The (HPV-IPDA) application will be a stand alone Access DB that provides a data collection and management tool for the local collaborators as well as analysis by all collaborators. The purpose of the project is to develop and pilot a system to monitor HPV vaccine impact through ongoing surveillance of CIN 2/3 and AIS and associated HPV types. In addition, a minimum of 250 randomly selected cases per year from each participating site will be investigated in more detail. Specifically, HPV vaccination history and relevant medical

history will be obtained for these individuals, and diagnostic histology specimens related to the current diagnosis will be collected for histological evaluation and tested for a range of HPV types.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or any other information.

No IIF or any other information.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF or any other information. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 3, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DTE NCHHSTP TB Genotyping Information Management System (TB GIMS) Pilot (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 30, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: None 5. OMB Information Collection Approval Number: None 6. Other Identifying Number(s): None

7. System Name: TB Genotyping Information Management System (TB GIMS) Pilot

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Thomas Navin

Provide an overview of the system: TB Genotype Information Management System (TB GIMS) is for State TB Controllers who require timely access to centralized TB genotype results and TB cluster data eliminating the need for each state having to compile and maintain the genotyping data. The TB GiMS is a centralized IT solution hosted at CDC that will streamline the use of TB Genotyping data for effective use in TB control unlike the current labor intensive process involved. It will also help maintain integrity of the data required for analysis by CDC TB Program.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

No IIF collected.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF collected. E-Authentication Assurance Level = 1 Risk Analysis Date = 09/16/08 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Mike Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 3, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form ) / CDC NCEH CCEHIP Vessel Sanitation Program (VSP) Inspection Reporting System (IRS) (VSPIRS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC NCEH CCEHIP Vessel Sanitation Program (VSP) Inspection Reporting System (IRS) (VSPIRS)

1. Date of this Submission: Dec 1, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jaret Ames

Provide an overview of the system: Vessel Sanitation Program (VSP) Inspection Reporting System (IRS)

a.k.a. (VSPIRS) is a set of several surveillance tools utilized by CDC\CCEHIP\NCEH\DEEHS\VSP staff to inspect cruise ships and the cruise line industry to report illness and deaths on cruise ships. The data may be entered by inspectors on cruise ships, cruise lines reporting illness and death to CDC, or CDC support personnel. Once the data is saved into the database, the user may edit, or delete data. The system provides reports to the inspectors, cruise ships, and the public.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The System does not contain PII.

The System does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The System does not contain PII. No IIF collected EAAL = 1 Risk Analysis Date = 11/20/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Dec 2, 2008 Approved for Web Publishing:

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NCHHSTP GAP Ethiopia GAP Site (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Feb 9, 2009 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC NCHHSTP GAP Ethiopia GAP Site

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Calvin Johnson

Provide an overview of the system: None Provided - see Michael Harris

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Feb 10, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NCHHSTP GAP Rwanda GAP Site (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 24, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC NCHHSTP GAP Rwanda GAP Site

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Calvin Johnson

Provide an overview of the system: This is a general office support system for CDC GAP Ethiopia and provides a file server, exchange server, webmail server; authentication is performed via CDC Active Directory with a failover to local host.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NIOSH DART DART Applications (DARTApps) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 29, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC NIOSH DART DART Applications (DARTApps)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Williams J. Murphy

Provide an overview of the system: DARTApps consists of three applications: Power Tools Import Utility and Web Seach (Power Tools) The Power Tools system provides information on a tool’s sound power level, sound pressure level exposure, hand vibration exposure, and information on test and analysis methods used when gathering the above information. Noise Reduction Rating Calculator (NRRCalc) The Noise Reduction Rating Calculator (NRRCalc) is developed for the National Institute for Occupational Safety and Health (NIOSH) and is supported by the U.S. EPA Interagency Agreement DW-75-92197301-0. NRRCalc provides calculation of the Noise Reduction Rating for the following hearing protection devices: passive linear, hearing enhancement, active noise reduction, and customized. Hearing Protector Device Compendium (Compendium) The Hearing Protection Device Compendium system provides a searchable interface for users to search for hearing protection devices based on manufacturer, model, protector style and the protection devices protection rating.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Nov 3, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NIOSH EID NIOSHTIC-2 (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jan 14, 2009 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A 7. System Name: CDC NIOSH EID NIOSHTIC-2

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: William D. Bennett

Provide an overview of the system: NIOSHTIC-2 is a searchable bibliographic database of occupational safety and health publications, documents, grant reports, and other communication products supported in whole or in part by NIOSH.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jan 15, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NIOSH HELD Publication Management System (HELD iPubs) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 15, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC NIOSH HELD Publication Management System (HELD iPubs)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Eric Knutsen

Provide an overview of the system: The system is a publication management system for the Heatlh Effects Laboratory Division. It facilitates the processes associated with publications including clearance, status monitoring, and division /branch/team/individual level reporting on publication production.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 16, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Asset Management Tool (AMT) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 27, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC OCOO Asset Management Tool (AMT)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wayne Knight

Provide an overview of the system: This system will provide day to day operational tools for ITSO to address: 1.Inventory and Reconciliation of ITSO property

Management of storage and handling of CDC computing assets

Reporting of various functionality of various network and enterprise system information

Monitor SLA requirements

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Data collected, disseminated, and/or collected pertains to CDC accountable assets(property), network information, ADP information, and CDC user information without any distinguishing identifiable information.

No IIF is collected, disseminated, or maintained in the system.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No Information in Identifiable Form is collected or transmitted. E-Authentication Assurance Level = N/A Risk Analysis Date = 09/25/08 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 27, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Office Communications Server 2007 (OCS 2007) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 23, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: N/A 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC OCOO ITSO Office Communications Server 2007 (OCS 2007)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Doug McClelland

Provide an overview of the system: Microsoft Office Communication Server 2007 manages all real-time (synchronous) communications including instant messaging, VoIP, and Audio and Video conferencing. This project will test the Microsoft Office Communication Server 2007 client and evaluate the web conferencing, secure instant messaging (IM), and OCS Blackberry Client. All testing will be performed inside the CDC network with no external public facing access. After successful testing the web conferencing, instant messaging, and OCS Blackberry Client features and functionality results will be presented to ITSO Sr. Management for approval before moving forward with an All-CDC implementation.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 28, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Su mmary for Posting (Form) / CDC OD NCHM Publications Inquiry Web (PI Web) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Dec 5, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: 09-90-0041 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: Publications Inquiry Web (PI Web )

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Susan Robinson

Provide an overview of the system: The Publication Inquiry System automates the process of ordering and mailing publications for NCHHSTP and other Centers within the Agency. The system includes three Internet/Web enabled order forms accessible to the public for ordering publications on-line from locally maintained inventories or from the CDC warehouse for large quantities. Orders are approved and the system automatically sends a confirmation email to the recipient then transmits the orders to the mainframe for further processing and eventual shipment.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not share IIF.

- Name/quantity of publication ordered

-Name

Organization

Email address (for order confirmation)

Street address

Telephone

Profession Category

Employer Category

Internet source

Comments about the order

All Individuals affected can be notified via email if major changes occur to the system.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: CDC approved User ID’s and passwords are used to access privileged areas of this system. The servers are protected by secured DSS (Designated Server Site) facilities. E-Authentication Assurance Level = N/A Risk Analysis Date = 09/11/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 2, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCSO Information Quality for Peer Review Tracking System (CDC Peer Review) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Dec 1, 2008 2. OPDIV Name: CDC 3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: GSA/GOVT-5 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: Information Quality for Peer Review Tracking System (CDC Peer Review)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Maryam Daneshvar

Provide an overview of the system: The CDC Peer Review system allows CDC Scientists to publish information regarding studies done at CDC. It helps clarify CDC’s position on specific health related subject matters. Selected CDC Center employees input study findings for Associate Directors of Science (ADS) to review. Once completed, ADS reviews and approves publishing of the information.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A-This system does not share or disclose the PII it collects.

The users enter their name and UserID when they peer review or make changes to the system. This is mandatory and consent is not given. If the user wishes not to include their name and UserID, they are removed from the peer review system.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information is protected by using Active Directory before you can access the system. The physical location of the system is located behind a locked door with guards at the front of the building. Only a limited number of users are allowed access to this system. No IIF collected EAAL Level = N/A (There is none) Risk Analysis Date = November 24, 2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote

Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 2, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / Countermeasure Response Administration (CRA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 18, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-1101-00-110-218

Privacy Act System of Records (SOR) Number: 09-20-0136, “Epidemiologic Studies and Surveillance of Disease Problems,” and 09-20-0113, “Epidemic Investigation Case Records.”

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Countermeasure Response Administration (CRA)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Lindsey

Provide an overview of the system: CRA (Originally Pre-Event Vaccination System) was created by NCPHI to assist in collecting the required data from the Grantees participating in the program. CRA is a web-based application that is hosted behind the CDC Secure Data Network (SDN). The SDN requires the use of a digital certificate for access to the application. Further, the CRA application also requires a userid and password. Each user is assigned various roles which determine what data the user has access to and what functionality they have. The application allows entry of organization data, patient data, vaccination data, vaccine batch data, and access to various reports. CRA also allows Grantees to upload full sets of their data if they have a system that provides similar functionality to CRA. Non-identified data entered in the CRA application is combined with similar data that is uploaded and shared with the NIP datamart. The data in the datamart is used to create various aggregate reports for the Grantees and for internal research at CDC.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): State and local health departments for appropriate capability to respond in an emergency

changed since the notice at the time of the original collection); and (2) notify and obtain consent from

individuals regarding what IIF is being collected from them and how the information will be used or shared: There is no notification system in place

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: This system is subject to CDC Certification and Accreditation process, and is accredited as a moderate system. It uses PKI to secure logins, complies with CDC policies and requirements for technical security, and is located in a physically secure area. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Dec 13, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC ATSDR Triage Tracking System (TTS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 11, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9221-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Triage Tracking System (TTS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Griffin Mitchell

Provide an overview of the system: The Triage Tracking Database (TTS) is an MS Access database that is used to track the progress of documents (health consultations, public health assessments, etc) through the review process, as well as record ancillary data associated with said documents.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database (s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Document and health education activities tracking for current status of document. Reports are for internal use. TTS does not contain IIF information.

TTS does not contain IIF information.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: TTS does not contain IIF information. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 14, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR Centralized Information Management System - (SEQUOIA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 11, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-1411-00

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Centralized Information Management System (CIMS) aka Sequoia

System Point of Contact (POC). The System POC is the person to whom questions abo ut the system and the responses to this PIA may be addressed: Keith West

Provide an overview of the system: Sequoia is the result of reengineering ATSDR’s HazDat system. HazDat, initiated in 1988, is ATSDR’s scientific and administrative database developed to provide rapid access to information on the release of hazardous substance from Superfund sites and other events. It provides information on the effects of hazardous substances on the health of human populations. ATSDR’s business requirements have changed dramatically over the last few years, during which major development on HazDat was frozen. As a result, HazDat has become increasingly less useful to ATSDR staff, and Sequoia has been created to update the functionality of HazDat. Phase I of Sequoia includes functionality provided by the Site & Event, Cost Recovery, and ASA (Activities) modules of HazDat. Taken together, these modules provide users with the ability to track environmentally damaging events and cleanup activities, plus the recording of supporting information on the activities performed during those events to support efforts to recover cleanup costs for the federal government.

13. Indicate if the system is new or an existing one being modif ied: New

21. Is the system subject to the Privacy Act?: Yes

23. If the s ystem shares or discloses IIF please specify with whom and for what purpose(s):

Sequoia does not share or disclose any IIF data. The SSN data that is used for in a query with the UFMS payroll data is stored in a Sequoia data table in encrypted format & is only unencrypted via a SQL function whose access is limited. The SSN is unencrypted in order to match data contained in several related tables from the MISO database. SSN is not printed on any reports or displayed on any screens.

30. Please describe i n detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory:

Information on environmentally damaging events and cleanup activities, plus the recording of supporting information on the activities performed during those events to support efforts to recover cleanup costs for the federal government. ATSDR uses this system to identify patterns of release of hazardous substances, facilitate the development and creation of health studies, and expand the capacity for information sharing between divisions and offices. ATSDR’s products include health assessments, health consultations, supporting documentation for more than 5,000 sites, and toxicological profiles. Sequoia can be used to identify similarities in sites and events, such as populations, contaminants, and media; obtain site histories; rapidly access toxicology information; and analyze comprehensive site, substance, and health effects data.

No IIF from users is collected. Sequoia has a time sheet entry that is used with the Cost Recovery module to correlate payroll data. CDC employee names are visible. CDC employees social security numbers are encrypted in the system, but are not displayed in the system. This information is housed on the Sequoia intranet server.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: In order to ensure least privilege and accountability, read-only access is given by default. Additional access must be requested by the user’s manager/supervisor and granted by the system administrator. Technical Controls: integrated with AD for login, SQL server security including encryption. Physical Controls: Guards, ID badges, key cards, locked offices, locked server rooms. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 23, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR RssReader (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 22, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9623-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: RssReader (ATSDR News Room)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA ma y be addressed: Wilma Lopez

Provide an overview of the system: ATSDR News Room (RSSReader) is a application to disseminate environmental health news stories to visitors of the webpage and the Agency for Toxic Substances and Disease Registry (ATSDR) web site. The news stories is to be used as informational sources for the general public to read and use for private use. The content is not generated by the National Center for Environmental Health (NCEH)/ATSDR Office of Communication. The content is just organized and available for public users of the website to find information on environmental health news storiesole to have add/edit/delete permissions

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system coll ect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please speci fy with whom and for what purpose(s): No

The system does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain PII. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for P rivacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 11, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH NCIRD Environmental Health Specialists Network Information System - (EHSNIS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Dec 17, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9221-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC CCEHIP NCEH NCIRD Environmental Health Specialists Network Information System- (EHSNIS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Debbie Bankston

Provide an overview of the system: The Environmental Health Specialists Network (EHSNIS) is a survey analysis tool used by CDC staff to conduct studies for the purpose of identifying environmental causes of food borne illnesses and related outbreaks. Surveys are designed by the CDC personnel allowing for collaboration with Food and Drug Administration (FDA) and participating states. Once data is collected and entered into the system, specified users may edit or delete the data. Studies are then conducted to determine causes of various food borne illnesses and related outbreaks, for research purposes.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not contain PII.

The system does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain PII. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Dec 18, 2008 Approved for Web Publishing: Yes Date Publ ished: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Rapid Data Collector (RDC) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Dec 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: N\A

OMB Information Collection Approval Number: N\A

Other Identifying Number(s): N\A

System Name: Research Data Center (RDC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Peter Meyer

Provide an overview of the system: Provide a comprehensive description of the system’s function. Attach system concept of operations, vision statements, and/or project justification documents if available. The National Center for Health Statistics (NCHS) Research Data Center (RDC) is a research program through which approved data users are provided access to data that are not available through NCHS public use releases. The restricted data files contain information such as lower levels of geography (state, county, or lower), but do not contain direct identifiers (name or social security number). These data elements carry no disclosure risk in isolation but can increase disclosure risk when compiled together. An example would be adding together data elements for race/ethnicity, family structure, occupation, state of residence, and sex. Using these data elements together could add to the make a Black female dentist with five children in South Dakota identifiable. On the other hand a researcher may have a legitimate question that requires the use of these elements together. An example would be estimating the prevalence of hepatitis in dentist by state and race/ethnicity. In order to reduce the risk of disclosure, access to these data is controlled through a formal proposal review committee that includes RDC staff, representatives from the program that produces the data, and the NCHS Confidentiality Officer. The committee may grant three types of access to these data: 1) Onsite, 2) Remote, and 3) Census RDC. Each of these access methods uses different types of information technology to control what data elements user can access. The term access is very specific to the operations of the RDC. Researchers may work with the data but they are not permitted remove it from the controlled environment. When the proposed research and analysis are complete, they may take the results of their analysis away from the RDC after it undergoes a disclosure risk avoidance examination by RDC staff. No micro data or data sets are permitted to leave the RDC. Descriptions of the RDC’s three access methods follow:

• Remote Access: ANDRE (Analytical Data Research by Email) is the RDC Remote Access system that supports statistical analytical requests of researchers from academic institutions and other government agencies (Federal, State, and local), etc. via Microsoft Outlook email. It authenticates users, runs a pre-analysis disclosure risk algorithms, executes analytical models, runs post-analysis disclosure risk algorithms, and provides the

approved results to the researchers. Output from ANDRE is periodically flag for review by RDC staff analysts. The researchers never get to see the micro data and run their programs against a data set that they specify in their research proposal. The users only see output which is summary or aggregate measures that cannot be used to identify individuals. Email Server ANDRE Processing Computer Census RDC Access: Researchers may access NCHS data through the Census RDC system. Data are transferred through an approved CDC Secure Data Network (SDN) which is located in a secure environment in the NCHS RDC. This is a single purpose file server that is used exclusively to link NCHS and Census. The data are transferred to the Census computing facility in Suitland, MD and then are made available to a terminal at one of the Census RDC. The data are not downloadable or printable from the remote site. The output generated by the analysis is then transferred to NCHS via the SDN and examined by RDC staff for disclosure risk. The approved output is then released to the researcher in an electronic format. This is very similar to the Onsite Access method except the access occurs in a Census RDC.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted b y this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF shared or disclosed

Data is unique to the individual project and is not maintained by the RDC beyond the duration of the project. Data in the RDC do not contain IIF.

N/A

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 12, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCIPC Web-based Injury Statistics Query and Reporting System - (WISQARS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Nov 7, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-04-00-0897-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Web-based Injury Statistics Query and Reporting System (WISQARS)

System Point of Contact (POC). The System POC is the person to whom questions about the sys tem and the responses to this PIA may be addressed: Kevin Webb

Provide an overview of the system: WISQARSTM (Web-based Injury Statistics Query and Reporting System, pronounced "whiskers"). WISQARS is an interactive web base system that utilizes non-IIF Public Use Data to provide violent and injury-related mortality and morbidity statistics useful for research and for making informed public health decisions. The system allows users to get basic counts and rates information on violent deaths, mortality deaths, and morbidity injuries.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the sy stem collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF ple ase specify with whom and for what purpose(s): No

WISQARS is an interactive web base system that utilizes non-IIF Public Use Data to provide violent and injury-related mortality and morbidity statistics useful for research and for making informed public health decisions. The system allows users to get basic counts and rates information on violent deaths, mortality deaths, and morbidity injuries. This system contains no IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retenti on and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote

Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 23, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Tuberculosis Epidemio logic Studies Consortium Data Management and Communications System - (DMACS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Oct 3, 2006

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9122-00-110-246

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DMACS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jose Becerra

Provide an overview of the system: The Division of Tuberculosis Elimination (DTBE) of the Centers for Disease Control and Prevention (CDC) established the Tuberculosis Epidemiologic Studies Consortium (TBESC) in order to strengthen, focus, and coordinate tuberculosis (TB) research. The TBESC is designed to build the scientific research capacities of state and metropolitan TB control programs, participating laboratories, academic institutions, hospitals, and both non- and for-profit organizations. It operates within an environment that fosters creative and open intellectual input. The research agenda is developed through a process of mutually negotiated scientific and programmatic peer review. It is guided by a national, comprehensive research agenda responsive to the Institute of Medicine’s (IOM) report, Ending Neglect: The Elimination of Tuberculosis in the United States (2000), (http://www.cdc.gov/nchstp/tb/pubs/iom/iomresponse/toc.htm), and DTBE’s priorities. The Data Management and Communications System (DMACS) is developed to support the TBESC mission and help data collection to the centralized database.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system? : No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

System does not have IIF

Tuberculosis Epidemiology Studies Consortium (TBESC) enter unidentifiable participant information into DMACS. IIF is not collected or contained in the DMACS. Submission is voluntary and is a means to collect research data. The data collected is analyzed by study principal investigators (PI) and for participating sites.

The research entails extensive data collection that requires effective data management, communication, and analysis. A cost-benefit analysis (CBA) report recommended implementing a web-based data management and communications system using Java technology. DMACS will collect data based on the study objective identified by the protocol. For example, in one of the studies participants’ current demographics, background, country of origin, care seeking behavior for treating TB, symptoms, history of past TB testing and other variables related to a person’s susceptibility to TB and ability to navigate the medical care system will be collected. This information will be used to identify new opportunities to prevent transmission and improve TB testing and treatment among foreign born persons.

DMACS users are required to enter user name and password in order to access the system. The entered information is authenticated. The user name and password are based on strict security guidelines as defined by CDC and other industry standards (the majority of end-users are not CDC employees).

DMACS is a role based system, i.e., the system grants users access to information and data based on their role and not on their individual identity. Users are assigned a role or multiple roles e.g. Data Entry, Quality Assurance (QA), Principal Investigator (PI). Based on the role name, users may have access or may be restricted from viewing, using or altering specific data. For example, within DMACS, the Site QA role allows a user to review the patient record to identify data errors but not to modify it. Modification or corrections can only be made by the Data Entry role.

Data collected is entered with a participant number, The data once entered into DMACS cannot be associated to any IIF as the face sheet (in the paper questionnaires) which collects personal information is destroyed by the site.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

NO IIF is Collected

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at c hildren under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and p hysical controls.: No IIF is Collected PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas. P. Madden Sign-off Date: Oct 30, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COCHIS NCPHI All Threat Agent Content System - ATACS (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 18, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-04-02-1196-00-110-028

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB I nformation Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: All Threats Agent Content System (ATACS)

System Poin t of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Susan Willkin

Provide an overview of the system: The All Threats Agent Content System (ATACS) is a web application that allows authorized users to retrieve content related to biological agents and pandemic/avian influenza. The vision for ATACS is to maintain a site where categories of preparedness- and response-related information can be provided for all bioterrorism threat agents (i.e., anthrax, botulism, etc.) and other critical infectious diseases that CDC responders may need to identify and contain. Examples of categories of information include "impact on wildlife" and "water-borne" information.

13. Indicate if the s ystem is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

System does not have IIF

No IIF is Collected

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is collected by the system PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 10, 2008 Approved for Web Publishing: Yes Date Pu blished: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COCHP DCBDDD Metropolitan Atlanta Developmental Disabilities Surveillance Program - (MADDSP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 11, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: N/A

Privacy Act System of Records (SOR) Number: 09-20-0136

OMB Information Collection Approval N umber: 0920-0693

Other Identifying Number(s): N/A

System Name: Metropolitan Atlanta Developmental Disabilities Surveillance Program (MADDSP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Andrew R. Autry

Provide an overview of the system: System collects data on developmental disabilities for the purpose of conducting public health surveillance for these conditions. The Metropolitan Atlanta Developmental Disabilities Surveillance Program (MADDSP) is an ongoing, multiple source ascertainment surveillance system that has been functioning since its inception in 1991. It is the model surveillance system by which states and localities collect surveillance data for developmental disabilities. The Child Health Act of 2000 mandates that CDC conduct surveillance for autism and related developmental disabilities. Briefly, specially trained abstractors take the system on a laptop to specialty medical sources and to the nine public school districts in the five county metropolitan Atlanta area and abstract information from special education and medical records into the MADDSP application. Once per week, the abstractors come into the office and replicate to the design master, which is the master copy of the database containing all information abstracted from the different sources. Clinician reviewers (also MADDSP staff) also have access to the application to make case determinations, etc. Once a study year is closed out, the design master is emptied and the records are uploaded to the CDC mainframe.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): In accordance with the Assurance of Confidentiality, IIF will be shared with the Georgia Dept. of Human Resources if requrested. Furthermore, only data already known to the Georgia Department of Human Resources will be shared (i.e., no school data will be shared with them). DHR uses the data for service provision for these children. IIF will also be shared with the Georgia Department of Education to enhance service delivery to these children in the public school system.

agencies rather than the individuals. It is important to obtain a complete count of individuals with these conditions.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: Role-based security, very limined number of users because of formal Assurance of Confidentiality under Section 308(d) of the Public Health Service Act. Technical Controls: User ID, Passwords, Encryption, Biometrics. Physical Controls: Guards, ID badges, Key cards, Biometrics. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Date: Feb 11, 2007 Approved for Web Publishing : Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER Action Item Registry - (AIR) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 16, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): none

System Name: Action Item Registry - (AIR)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

Provide an overview of the system: The COTPER Action Item Registry is an ASP web application hosted on the CDC Intranet with a SQL server database used as the backend. The application serves as a project planning and task tracking tool that allows users to provide current status and remarks on the progress towards the completion of various tasks and activities. In addition, the application generates real-time status reports based on specified criteria.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

None

32. Does the system host a website?: Yes

37. Does the website have any informat ion or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comment s: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Mar 27, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER COTPER Intranet (Item)

PIA SUMMARY AND APPROVAL COMBINED

PI A Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Rec ords (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: COTPER Intranet

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

Provide an overview of the system: The COTPER Intranet is an internally-facing web-based application designed with Microsoft classic ASP. The Intranet is used by COTPER to convey its vision and accomplishments across the agency. The intranet site hosts a variety of applications that have improved the efficiency of COTPER’s business operations. Staff can now visit the website to update site content dynamically, review policies and procedures, and fill-out and submit administrative forms. The system architecture contains a web front-end with a Microsoft SQL backend which is hosted in the Designated Server Site (DSS) and managed by ITSO. While the data on the intranet site may be viewed by anyone within CDC, the target audience is the ~500 users within COTPER. Users must be on the CDC network to access the Intranet. No non-CDC users can access the Intranet. No Personally Identifiable Information (PII) is contained within the COTPER Intranet system. There are no system dependencies beyond the ITSO server which the system is hosted on. The application does not generate any reports nor does it share any information across other federal agencies.

13. Indicate if the system is new or an existing one being modif ied: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

None

32. Does the system host a w ebsite?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail ho w the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Nam e: Thomas P. Madden Sign-off Date: Mar 28, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER COTPER Stockpile Resource Plan - (SRP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: May 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-01-1352-00-110-246

Privacy Act System of Records (SOR) Number: N/A - System does not constitute a "System of Records" under the Privacy Act. IIF is business related, and data are normally retrieved by product numbers and location. See additional comment in Question 30.

O MB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Stockpile Resource Plan (SRP)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this P IA may be addressed: Robert Phillips

10. Provide an overview of the system: The Division of the Strategic National Stockpile (DSNS) program provides pharmaceuticals, vaccines, medical supplies, and medical equipment to augment depleted state and local resources during response to terrorist attacks or other emergencies. System does not constitute a "System of Records" under the Privacy Act. All information collected on individuals is business related, and data are normally retrieved by product numbers and location.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The Veterans Administration/ National Acquisition Center (VA/NAC) receives ordering information for emergency response planning and deployments.

It has been officially determined that the Privacy Act does not apply. System does not constitute a "System of Records" under the Privacy Act. IIF is business related, and data are normally retrieved by product numbers and location. Therefore, no SORN is necessary and there is no PIA weakness.

There is a process to notify individuals when approved rights have changed. The opportunity for consent is provided to individuals via the SRP Rules of Behavior, which they must sign before an account is created.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Technical controls: User ID, passwords, firewall, VPN, encryption, IDS, RSA Secuire IDs for CDC staff. Physical Controls: The information is stored in an Oracle Database which restricts access to authorized users only, and the servers are hosted in a locked and secure computer facility with controlled access. Guards, ID badges, key cards, cipher locks, closed circuit TV. Administrative: Role based access. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Betsey Dunaway Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Deborah Holtzman Sign-off Date: Aug 18, 2006

Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER PMET Terrorism Database - (PMET) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: PMET Terrorism Project Database

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PI A may be addressed: Joseph Dell

Provide an overview of the system: Provide a comprehensive description of the Low umbrella Minor Application’s function. Attach application concept of operations, vision statements, and/or project justification documents if available. Prior to each reporting period, project milestones and success factors from the Health Impact.net database are imported into the COTPER PMET webform for projects to enter their updates. At the conclusion of each reporting period, the PMET enters their project analysis via the working webform. At the conclusion of each reporting period, the PMET will publish an Operational Status Report for each project indicating project progress for the reporting period.

For more information please refer to the Webform Submission Guidance: http://intraapps.cdc.gov/od/otper/spendplan/FY2007/docs/FY2007%20Reporting%20Period%203%20Guidance.pdf

The system architecture contains a web front-end with a Microsoft SQL backend which is hosted in the Designated Server Site (DSS) and managed by ITSO.

While the data on the intranet site may be viewed by anyone within CDC, the target audience is the ~280 users within COTPER. Users must be on the CDC network to access the Intranet. No non-CDC users can access the Intranet.

No Personally Identifiable Information (PII) is contained within the PMET system. There are no system dependencies beyond the ITSO server which the system is hosted on. The application does not generate any reports nor does it share any information across other federal agencies.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass throug h IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: No information is collected, only disseminated. No PII is involved.

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF PIA Reviewer Appr oval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER RSS Inventory Tracking System (RITS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submissio n: May 16, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-1486-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Receipt, Storage and Staging Inventory Tracking System (RITS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gary Nakashian

Provide an overview of the system: The Division of the Strategic National Stockpile (DSNS) program provides pharmaceuticals, vaccines, medical supplies, and medical equipment to augment depleted state and local resources during response to terrorist attacks or other emergencies.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thir teen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 13, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER Science Action Item Registry - (SAIR) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Da te of this Submission: Nov 16, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Science Action Item Registry (SAIR)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

Provide an overview of the system: The SAIR is an ASP based web application hosted on the CDC Intranet with a SQL server database used as the backend. The application serves as a project planning and task tracking tool that allows users to provide current status and remarks on the progress towards the completion of various tasks and activities. In addition, the application generates real-time status reports based on specified criteria. The system architecture contains a web front-end with a Microsoft SQL backend which is hosted in the Designated Server Site (DSS) and managed by ITSO.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children u nder the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical c ontrols.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Mar 27, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER State and Local Preparedness Program Management Information System - (PERFORMS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: May 2, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-04-00-02-1290-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: State and Local Preparedness Program Management Information System (PERFORMS)

System Point of Contact (POC). The System POC is the person to whom ques tions about the system and the responses to this PIA may be addressed: Prachi Mehta

Provide an overview of the system: The Coordinating Office for Terrorism Preparedness and Emergency Response has maintained a management information system on CDC's Secure Data Network (SDN) since FY 2004. This system is used to receive, process, monitor, and evaluate cooperative agreements of over $800 million per year for 62 grantees. These funds are used to establish critical systems to prepare for and respond to terrorism, outbreaks of infectious diseases, and other public health threats and emergencies. Use of the PERFORMS is mandatory for submission of progress reports, applications and budget information.

13. Indicate if the system is new or an existing one bei ng modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

System will collect detailed information about the grantees workplan and the budget, which describes how money will be allocated and expended. Workplan contains project level activities. The budget is broken down into object classes including personnel, equipment, supplies, contracts, etc. Personnel includes employee Names, Employee salaries. Submission of this information is mandated by the CDC PHEP cooperative agreement for states wishing to receive funding. In a separate system, a module includes work phone numbers, email and work addresses for grantees that are users of the system. These are 2 different modules. This information is FOI able.

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guide lines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 6, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary f or Posting (Form) / CDC DCPC GA - Issue Tracker (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DCPC GA - Issue Tracker

System Point o f Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Tracks user issues with Registry Plus software.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), r ecord(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Some of the applications provide business contact information for public officials.

Information contained within this system is for the purpose of providing dynamic Web sites to the general public, state and local health departments, prevention research centers, public health officials, and educational institutions in support of CoCHP programs. The platform is designed to host applications that disseminate Low-category, public data and information; provide interactive features to users of the public Web site; and collect Low-category, public-domain data and information from CoCHP’s funded and unfunded partners. All IIF used within applications on this platform are business-related contact information of public officials that are readily available through a variety of public mechanisms and do not compromise an individual’s personal information.

No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Doe s the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Revie wer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (For m) / CDC DHAP NCHHSTP Extramural Tracking and Reporting Application (eXTRA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary

Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Mar 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-02-9509-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s ): N/A

System Name: Extramural Tracking and Reporting Application (eXTRA)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nancy Haban

Provide an overview of the system: The Extramural Tracking and Reporting Application monitors and tracks document preparation and approval of funding mechanism documents for the Division of HIV/AIDS Prevention (DHAP). The most common funding mechanisms are Funding Opportunity Announcements (FOAs) and Contracts. eXTRA provides tools for:

Browsing a list of Funding Opportunity Announcements and displaying FOA details Entering new FOAs Routing FOAs to personnel for reviewing in a document management system, the Document Manager

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) host ed by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

eXTRA Does not collect IIF

eXTRA Does not collect IIF:

This is a workflow system to assist in preparation of documents such as FOAs and Contracts. The information that is collected is related to the activities that surround the process, such as, summary information on the FOA (name, anticipated budget, anticipated number of awards, …), as well as information related to the milestone process; for example, timestamp of events. All obtained data is for internal use only.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

eXTRA Does not collect IIF

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: eXTRA Does not collect IIF PIA Reviewer Approval: Comments: PIA Reviewer Name:

Sr. Official for Privacy Approval: Comments: Sr. Official for Privacy Name: Sign-off Date: Appro ved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DHPIRS NCHHSTP Prevention Program Branch Support System (PPBSS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Nov 14, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approv al Number: N/A

Other Identifying Number(s): N/A

System Name: Prevention Program Branch Support System (PPBSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wendy Harrington-Lyon

Provide an overview of the system: The PPBSS environment was established in 2005 to address the recommendation of the McKing Consulting Firm for system automation within the Prevention Program Branch. Z-Tech developers created a general support system that will operationally support the future development of PPB applications. The system consists of a web server and an SQL server data repository that supports not only data collection, but, additional administrative and reporting needs for the branch. The development of PPBSS has facilitated the move from all paper field processes for grantee files to automated processing of information, thereby increasing system efficiency. It is accessible on the CDC Intranet as well as through remote access for field officers and organizations working with Health Departments and Community Based Organization (CBO) grantees. The primary purpose of PPBSS is to process and manage grantee information and make such information available to all PPB staff, both on and off site. The functions of the PPBSS environment will be as follows:

Data collection

Manage Grantee information

Manage Agency information/contacts

Manage proposed target populations The majority of applications that will be operating within the PPBSS environment will have data flows as detailed below:

User inputs information into system

User manages collected information

User runs reports to review submitted information Manual processes within PPB have already been identified and plans to develop applications to replace those processes have already been documented.

13. Indi cate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

PPBSS DOES NOT DISCLOSE ANY IIF

PPBSS collects various business related information from Community Based Organizations and State Health Departments. This information is used to help them determine if an organization should be provided grant funding.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PPBSS IS ONLY ACCESSIBLE THROUGH THE CDC INTRANET BY USERID’S THAT ARE MANUALLY ENTERED IN BY PPBSS ADMINISTRATORS. THE SERVERS ARE IN A SECURE FACILITY THAT HAS GUARDS AND LOCKED DOORS. E-Authentication Level: N/A Risk Analysis Date: 10/20/2008 PIA Reviewer A pproval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 14, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DOH NOHSS (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DOH NOHSS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Reports data for oral health prevalence rates from a number of sources for data query.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s ) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Some of the applications provide business contact information for public officials.

No uniform process in place. Several applications have a process in place to inform users of major changes to the system. Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any informati on or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using admini strative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: S r. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC Enterprise (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?:

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission:

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number:

4. Privacy Act System of Records (SOR) Number:

5. OMB Information Co llection Approval Number:

6. Other Identifying Number(s):

7. System Name:

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:

Provide an over view of the system:

13. Indicate if the system is new or an existing one being modified:

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this syst em?:

21. Is the system subject to the Privacy Act?:

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Does the system host a website?:

37. Does the website have any information or pages directed at children under the age of thi rteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PIA Reviewer Approval: Comments: PIA Reviewer Name: Sr. Official for Privacy Approval: Comments: Sr. Official for Privacy Name: Sign-off Date: Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC Goals Tr acking System - (GTS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jul 25, 2008

2. OPDIV Name: CDC

3. Unique Project Id entifier (UPI) Number: 009-20-01-03-02-9224-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Goals Tracking System (GTS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Apoorva Patel

Provide an overview of the system: System provides Global Immunization Division with the ability to track activities by location, staff member, team and date. Each activity can be connected to a division product, objective and strategic goal and reports can be created showing goals to activities.

13. Indicate if the system is new or an existing o ne being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Information is shared with other users to allow users to assign staff members to division activities.

31. Please describe in detail any proces ses in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

Electronic consent will be sent out to all individuals with IIFs in the system.

32. Does the system host a website?: No

3 7. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access only via internal network. Users file has 256-bit encryption. Building is secured to CDC staff members only. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 9, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary f or Posting (Form) / CDC National Respiratory and Enteric Virus Surveillance System (NREVSS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 28, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-9422-00-110-246

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number( s): No

System Name: National Respiratory and Enteric Virus Surveillance System (NREVSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Catherine Panozzo

Provide an overview of the system: Collects the number of tests and positive results on respiratory and enteric viruses from about 400 laboratories.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thir teen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Rev iewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 26, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NCPHI CCHIS Public Health Information Rapid Exchange - (PHIRE) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 8, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-0610-00

Privacy Act System of Records (SOR) Number: None Required

OMB Information Collection Approval Number: None Required

Other Identifying Number(s): NO

System Name: Public Health Information Rapid Exchange (PHIRE)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Davis

Provide an overview of the system: The Centers for Disease Control and Prevention is a trusted source of important, timely information concerning actual or potential public health emergencies. PHIRE, the CDC Public Health Information Rapid Exchange, is a system that sends important real-time health information to select subscribers based on their preferences. For example, the system enables CDC to rapidly disseminate alerts about evidence of suspected pandemic influenza in the United States.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is t he system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The PHIRE application does not disclose or share IIF information. However, users of PHIRE login with their email ID. The email ID is not shared with other users. A CDC communications manager can view to all user email addresses as well as telecommunications based information. The communications manager will have the ability to broadcast user communications.

30. Please d escribe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The registration information to be collected from subscribers consists of the following: Email address Work Country Work State Work County/Parish Work City Primary Phone Number Secondary Phone Number SMS capability for phone number Fax Number Secondary E-mail Address Work Industry Work Branch Work Department Work Setting Professional Role Specialty / Area of Focus Affiliations Content Categories This information is being collected in order to notify subscribers via email, voice, fax or SMS, of any information that matches their selected content categories, work settings or geographic location. The registration data is mixed, both optional and required for subscription to PHIRE. The option to register lies

As stated, there is no IIF information exchanged during PHIRE processing. As part of the PHIRE registration, users agree to a set of terms and conditions by which consent is obtained from users regarding what IIF data is collected, stored or shared. The user agreement is contained in the Text and Messages document.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of II F?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative – IIF is secured by limiting access to only individuals who are authorized to access user data. This includes the administrators of the database which the data is held in as well as the administrative account to retrieve data for the purpose of generating e-mails or sending telecommunications based notifications to end-users. Technical – IIF is secured on the system by limiting ability to retrieve user information from the database to an administrative account that is limited to only selecting data for the purpose of generating e-mails or sending telecommunications based notifications. The data supplied by end-users is inserted and modified in the database using a separate account. Physical – Physical access to the production application and database is limited to only those individuals who have physical access to the server location as well as those who have accounts on the production servers. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice Brown Sr. Official for Privacy Approval: Comments: Sr. Official for Privacy Name: Thomas Madden Sign-off Date: Aug 24, 2007 Approved for Web Publishing : Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Cafeteria Wizard (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 19, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1212

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Cafeteria Wizard

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Cafeteria Wizard is used to enter and maintain the entrees, soups, and side items that comprise the weekly menus for the Roybal Cafeteria. Once the menu data is entered, it is displayed on the Cafeteria website.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

None

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thi rteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA R eviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Feb 21, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Carpool (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 19, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: Static HTML

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Carpool

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This is a carpool register. You can register for a carpool or search the database by area code and locations.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly de scribe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Feb 21, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Delegation of Authority - (DOA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 593

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Delegation of Authority

System Point of Contact (POC). The System POC is the person to whom questions abo ut the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Delegations of Authorities database contains all the data for the delegations of authority. It develops and processes the formed assignment of authorities to CDC senior managers. It makes recommendations concerning delegations. It has search capabilities and data can be viewed by all of CDC. MASO inputs the data.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

21. Is the system subject to the Privacy Act?: No

23. If the syst em shares or discloses IIF please specify with whom and for what purpose(s): N/A

Abstracts of Delegations of Authority within CDC..

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote C omments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Electronic Forms (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 594

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Electronic Forms

System Point of Contact (POC). The System POC is the person to whom questions about th e system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Electronic Forms allows users to use CDC and other government fillable forms. You can search by category, form number or form name for government fillable forms..

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

ELECTRONIC FORMS provides searches and selection process of electronic forms – It Does Not Collect or Share IIF.

N/A ELECTRONIC FORMS Does Not Collect or Share IIF

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen ?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: ELECTRONIC FORMS Does Not Collect or Share IIF PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Pub lishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Employee Organizations - (EO) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 20, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: No

OMB Informa tion Collection Approval Number: No

Other Identifying Number(s): No

System Name: EMPLOYEE ORGANIZATIONS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This is an informational system that includes the various organizations at CDC/ATSDR. It has 17 employee organizations that stores the officers, constitution bylaws of each organization at CDC/ATSDR

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A EMPLOYEE ORGANIZATIONS does not collect or share IIF.

Informational site only. EMPLOYEE ORGANIZATIONS does not collect or share IIF.

N/A EMPLOYEE ORGANIZATIONS does not collect or share IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there poli cies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A EMPLOYEE ORGANIZATIONS does not collect or share IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Da te Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Organization & Function - (OF) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 2, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: No

OMB Informa tion Collection Approval Number: No

Other Identifying Number(s): No

System Name: Organizations and Functions

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addr essed: Kimberly Thurmond

10. Provide an overview of the system: The Organizations and Functions system accesses the Reorganization Database for all the data relating to reorganization proposals. It tracks the status of reorganization proposals. It provides search capabilities and data can be viewed by all of CDC. MASO maintains the data.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

NNo

Does not collect information; only displays Information.

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments : Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 6, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Policy Management - (PM) (Item)

PIA SUMMARY AND APPROVAL CO MBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act Syst em of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: POLICY MANAGEMENT

System Point of Contact (POC). The System POC is the person to whom questions about the system and th e responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The POLICY MANAGEMENT database provides users with copies of CDC Policies which are available by a key word and/or function search. The website and search feature will be reviewed and redesigned in 2007 to add functionality.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No POLICY MANAGEMENT does not collect or share IIF

POLICY MANAGEMENT does not collect or share IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and des truction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: POLICY MANAGEMENT does not collect or share IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer N ame: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 22, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD ITSO Life Guard Tracking System - (LTS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Sub mission: Jul 31, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-02-00-01-1152-00-404-139

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Lifeguard Tracking System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Phillip Navin

Provide an overview of the system: The Lifeguard Tracking system provides the capability to track deployed and non-deployed staff that has a Java enabled Blackberry device with GPS chip set. The Lifeguard Tracking system consists of a Java based program that is installed upon the Blackberry device, which at fifteen minute intervals polls GPS satellites and/or cellular towers to gain positional coordinates. If GPS coordinates are available, Lifeguard will send HTML POST statements to specially crafted web pages. Data transmitted includes Device Pin Number, date/time, status, method, and NMEA standard location sting information. The specially crafted web pages are hosted on servers at Clifton and DR sites. The web pages write the data to an internal SQL server, which is accessible by PWMS.

13. Indicate if the system is new or an existing one being modified: New

2 1. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO

Please describe in detail any processes in pla ce to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Dec 6, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD ITSO Voice Over IP - (VoIP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 16, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-02-00-02-1152-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC Internal VoIP (VoIP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: James Deberry

Provide an overview of the system: The CDC Internal VoIP provides scalable IP telephony solutions. This provided telephony solution will consist of a split core design interconnected between the Chamblee building 106 and Clifton building 21 campus locations. The ultimate purpose of this system will be to provide TDM phone service to the users at each location.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, ma intain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name : Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 24, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC O D MASO Records Management (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Aug 15, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 382

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Records Management Database

System Point of Contac t (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Records Management Database facilitates the management of approximately 50k retired CDC/ATSDR records located in five Federal Records Centers across the US. The system tracks use and reference of records by lawyers, staff, public, scientists and others. It also assists in the destruction process, transfer of permanent records to NARA, preserves metadata and indicates closure and access data on the records. This database will be expanded to better track the individual activities and statistics of CIOs. It will allow virtually all records retirement processes such as disposals, reference, tracking, destruction, donation, and permanent transfer processes to be conducted in a completely automated format. The search and report capability of the system will be expanded so that individual CIOs can print out reports on their records, perform complex boolean searches, and use the database without major training from MASO.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No Records Management Database does NOT collect or store IIF

Retirement of documents. No IIF

No Records Management Database does NOT collect or store IIF

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A Records Management Database does NOT collect or store IIF PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 22, 2008 Approved for Web Publishing: Yes

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD MISO Individual Learning Account - (ILA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-1015-00

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Individual Learning Account

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joan Cioffi

Provide an overview of the system: The application will provide the capability to track and manage all training and financial information for all CDC employee Individual Learning Accounts (ILA’s). The primary purpose of the system is to maintain training records for the individuals involved in accordance with the requirements specified by OPM and ILA funs usage

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose (s): Yes

- HHS – To provide training records to the HHS System for tracking all employee courses taken.

Most of the IIF contained in ILA system are obtained from other systems hosted by Mainframe which is on the CDC network. Individual training records are directly input into the ILA system by the training administrator or personnel with a valid system role and permission within an access data range. CDC adheres to Public Law 104-134 that requires any person doing business with the Federal Government voluntarily provide Social Security Number as well as other data.

32. Does the system host a website?: Yes

37. Does the web site have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The ILA System is installed on the CDC Mainframe in a specific Logical Partition (LPAR). Access to the LPAR is protected through the use of IBM RACF. For further information about the CDC Mainframe and its operating environment see the Mainframe System Security Plan (SSP). PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 6, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCSO OMB Peer Review (Item)

PIA SUMMARY AND APPROV AL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 5, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-1425-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: OMB Peer Review

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Maryam Daneshvar

Provide an overview of the system: The OMB Clearance process requires detailed tracking of events that occur within the clearance process. This application allows OMB personnel to search for projects using the assigned project number, the official OMB number, project title, fiscal year (FY), and/or CIO. The project detail screen will be dominated by the list of events that will provide staff with an exact timeline for a particular project.

13. In dicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF is collected

Collects information regarding studies that involves human subjects.

individuals regarding what IIF is being collected from them and how the information will be used or shared: No IIF is collected

32. D oes the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF or PII collected PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Appro val: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD OES Inspector General-Government Accountability Office - (IG/GAO) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 11, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: IG/GAO

System Point of Contact (POC). Th e System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alioune Thiam

Provide an overview of the system: This application helps log and track IGGAO (Inspector General - Government Accountability Office) projects for CDC. It allows OES employees to record the subject matter of each project, the Centers and Coordinating Centers to which the project is routed, and the actions taken for the project. The data is collected and used for an Executive Leadership Board (ELB) report. OES is responsible for managing IGGAO projects involving the CDC. IGGAO Office in Washington re initiates projects for CDC. When received, a project file is logged in the IGGAO application, assigned subject matters, routed to different Centers and Coordinating Centers, categorized and sent to the appropriate person who needs to handle it. Actions that document the steps taken are also entered into the application. Information from the application is used to generate reports that are distributed to the ELB (Executive Leadership Board) for discussion during their meetings.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF in system.

No IIF in system.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF in system. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 7, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD PGO Remote Property (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 27, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-01-02-1132-00

Privacy Act System of Records (SOR) Number: NONE

OMB Information Collection Approval Number: NONE

Other Identifying Number(s): NONE

System Name: The Remote Property Inventory Verification System (Remote Property)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Teresa Kinley

Provide an overview of th e system: In response to the CDC Property Taskforce Inventory Reconciliation 13 Point Action Plan, the certification of all offsite equipment will take place within a predetermined deadline; currently set for September 15th 2007. The Remote Inventory Questionnaire will collect remote inventory information, the user will certify their possession of the item(s), and custodial officers will receive questionnaire details to aid in property inventory reconciliation activities. All remote users (who have a Secure ID keyfob) will be encouraged to access the questionnaire via CITGO or intranet URL. Users will receive a link/icon to access the Remote Inventory Questionnaire. All users will be required to enter barcode number(s) of all offsite equipment or certify they have none; failure to comply will result in their Secure ID KeyFob being disabled.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF wi thin any database(s), record(s), file(s) or website(s) hosted by this system?: No

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

– No IIF collected

No – No IIF collected

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the r etention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No – No IIF collected PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 3, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC ODR EEO Equ al Employment Opportunity – Accommodation Tracking System (EEO-ATS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 21, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: 09-20-0055

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Equal Employment Opportunity – Accommodation Tracking System (EEO-ATS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gilbert Camacho

Provide an overview of the system: The EEO-ATS (Equal Employment Opportunity - Accommodation Tracking System) is a tool that helps CDC employees submit and track Reasonable Accommodation based on office medical needs requests to the EEO. It helps EEO staff automatically coordinate the process to manage those requests.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this sy stem?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system keeps personal information including health related information. This information is shared between the employee, the EEO coordinators and OHS medical reviewers. It’s used to validate one’s request.

EEO requires employees to sign consent forms that provide EEO the right to access employee IIF when they submit a request.

32. Does the sy stem host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in det ail how the IIF will be secured on the system using administrative, technical, and physical controls.: All information collected in this application will be secured in CDC servers that are located in CDC secured facilities. Only user with the appropriate rights will have access to the data.

E-Authentication Assurance Level = N/A Risk Analysis Date = 11/13/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 25, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC PIO NCHHSTP IRB Protocol Tracking (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: May 22, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: (FY-07): 009-20-01-02-02-9122-00-110-246 (FY-08): 009-20-01-02-02-9122-00

4. Privacy Act System of Records (SOR) Number: 09-90-0018

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Institutional Review Board Protocol Tracking System (IRB Protocol Tracking)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Allyn Nakashima

Provide an overview of the sys tem: IRB Protocol Tracking tracks both research non-research protocol requests from the time NCHHSTP/Office of the Director (OD) Associate Director of Science (ADS) receives them from the respective Divisions until the protocols are terminated as well as the automation and electronic storage of protocol documents, clearance/approval forms and the array of associated attachments.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares o r discloses IIF please specify with whom and for what purpose(s):

System does not share or disclose IIF

Type of data collected:

Protocol Number

Protocol title

Primary Investigator

Project objective/purpose

Study Category

-Study Setting

Expected number of participants

Participant groupings

Source of data collection

Laboratory procedures

type of specimens collected

Consent information

Vulnerable Populations

Study site (Domestic or International) IRB Committee

-Review type

-Disposition The only IIF contained in the system is the name and business phone number of the CDC primary Investigator. Primary Investigators voluntarily submit IIF

31. Please descri be in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

Primary Investigators give their IIF (name and business phone number) to administrative assistants to enter into the system. They are aware that their business contact information will be used to contact them regarding protocols and consent is implied. In the event of major changes to the system. Users would be notified via a general OD announcement and Primary Investigators would be notified by administrative staff.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in plac e with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls include role based access with user ID’s and passwords. Tech controls: User ID’s, Passwords, firewall and an intrusion detection system. Physical access controls: security guards, ID badges and key cards. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 30, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC Respiratory Protection Program (RPP ) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 28, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-9409-00

Privacy Act System of Records (SOR) Number: 09-20-0154

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Respiratory Protection Program

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alioune Thiam

Provide an overview of the system: The Office of Health and Safety (OHS) works with CDC management and staff to create a healthy and safe working environment by identifying hazards, assessing and controlling risk, and preventing work related injury and environmental damage. The Respiratory Protection Program of OHS provides advice, equipment, and training to employees that work in environments that require respiratory protection. Information about required training in the use and fitting of respiratory protection equipment is maintained in this system. This information is then used in the deployment of CDC personal for different emergency responses. It is also used to maintain information about the equipping of employees as needed to safely and successfully complete their regular work duties.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the syst em collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF ple ase specify with whom and for what purpose(s): Yes DEOC

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Yes. Collects name, user ID, in order to link person with RPP training status.

During RPP training, users are informed that their IIF will be stored in the RPP database.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The database is located inside the CDC network and protected by the CDC Federal infrastructure. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 14, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD MASO Internal Controls Program - (ICP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1506

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Internal Controls Program

System Point of Contact (POC). The System POC is the person to whom questions about the system and the response s to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This system will implement the A-123 program and serve as a repository of documentation of program functions.

13. Indicate if the system is new or an existing one bein g modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: Evaluation of CDC’s ICS as required by OMB-A-123

N/A

32. Do es the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. O fficial for Privacy Name: Thomas P. Madden Sign-off Date: Mar 28, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC ATSDR DHAC Identifying Exposure Pathways (IEP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 5, 2009

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC ATSDR DHAC Identifying Exposure Pathways (IEP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert L. Kay

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, does not contain PII

No, does not contain PII

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Consolidated Data Request Tracking System (CDRTS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC CCEHIP NCEH Consolidated Data Request Tracking System (CDRTS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Carol Waller

well as to the requestor. The online request form connects to a database to populate various drop-down lists which provide the user with request options.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP N CEH Inorganic and Radiological Analytic Toxicology Data Submission (IRATDS)(Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC CCEHIP NCEH Inorganic and Radiological Analytic Toxicology Data Submission (IRATDS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kathleen Caldwell

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

The information collected does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Lipid and Clinical Chemistry Databases (LCCDB) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Lipid and Clinical Chemistry Databases (LCCDB)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mary Kimberly

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not contain PII.

The system does not contain PII.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Lipid Standardization Program Data Submission (LSPDS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC CCEHIP NCEH Lipid Standardization Program Data Submission (LSPDS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mary Kimberly

Provide an overview of the system: Lipid Standardization Program, aka LSP, Data Submission (LSPDS) is a custom web-based application designed to collect Quality Assurance (QA)/Quality Control (QC) analysis results from external laboratories for internal analysis by the Division of Laboratory Science’s Clinical Chemistry branch (CCB), as well as to provide a means by which those laboratories can access performance reports created from previously submitted data. During each quarterly round the LSP laboratory provides vials of serum to participating domestic and international laboratories for sample analysis to measure levels of cholesterol. These quality control sample vials are processed by scientists, researchers or technicians from each external health laboratory who then access the LSPDS online system to report their results using a web-based form. The results from the data, which consists almost entirely of numeric values and contains no Personally Identifiable Information (PII), is stored in a SQL Server database for later retrieval and internal analysis by the LSP laboratory at the end of each quarter, resulting in the performance reports.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

The information collected does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The information collected does not contain PII. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jan 12, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 H HS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Radiation Studies Bibliographic Database (RSBD) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC CCEHIP NCEH Radiation Studies Bibliographic Database (RSBD)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert (Bob) Whitcomb

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): RSBD does not contain IIF information.

RSBD does not contain IIF information.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCIPC National Violent Death Reporting System (NVDRS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: National Violent Death Reporting System (NVDRS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joyce McCurdy

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, does not contain IIF

The system does not contain IIF.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain IIF. E-Authentication Assurance Level = N/A Risk Analysis Date = 11/4/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 6, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA S ummary for Posting (Form) / CDC CCID NCHHSTP Capacity Building Assistance Reports (CBA Reports) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Capacity Building Assistance Reports (CBA Reports)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rashad Burgess

from CRIS and GEMS and compiles it into reports. It has a report wizard where the users can design their own reports and choose the criteria that will be included in the reports. CBA Reports has the capability to produce data for management level quarterly reports.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Public Health Advisor Staff Tracking (PHAST) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: 09-90-0018 5. OMB Information Collection Approval Number: N/A 6. Other Identifying Number(s): N/A

7. System Name: CDC CCID NCHHSTP Public Health Advisor Staff Tracking (PHAST)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Audriene Bishop-Cline

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

-Name

- Date of birth

-Gender

Race

Position start date

-Division

-FTE number

-Duty Date

Service comp date

Mailing address

-Work Phone

- Home Phone

-Education

Training history

Emergency contact

International contact info Information contains PIF. Submission is voluntary

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Tanzania GAP Site (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jenny Parker

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCIRD CDC Federal Contract Vaccine Availability, Package and NDC (NDC) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC Federal Contract Vaccine Availability, Package and NDC (NDC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cathy Hogan

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCIRD Polio Entero Virus Database (EVDB) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Polio Entero Virus Database (EVDB)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Steve Oberste

Provide an overview of the system: The system stores Polio Enterovirus lab results and specimen information.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No PII information is shared.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: SQL Server is physically located in the central facility and is not accessible by general CDC users. Access to the database and modification must adhere to ITSO CM. E-Authentication Assurance Level = N/A Risk Analysis Date = 11/13/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 2, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID Biotechnology Core Facility Job Tracking Database (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Biotechnology Core Facility Job Tracking Database

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Elizabeth Neuhaus

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Business IIF Collected. E-Authentication Assurance Level = N/A Risk Analysis Date = 11/26/08 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Dec 11, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID N CPDCID Global Emerging Infections Sentinel Network (GeoSentinel) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Global Emerging Infections Sentinel Network (GeoSentinel)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nina Marano

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No. System does not share or disclose information.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCPDCID NCID Informatics Portal (NCID Portal) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC CCID NCPDCID NCID Informatics Portal (NCID Portal)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Charlie Miller

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

information that was collected in the NCID Portal was “project related” and was for internal use only. As the NCID Office of Informatics had many organizations and people that it needed to service, the NCID Portal was thought of as a way for our organization to have transparency to those groups who we were servicing. Anyone with access to the CDC intranet had “View” access to most of the information on the NCID Portal including project documentation and list of projects/resources. Members of the office of informatics were asked to “log in” to keep project information up to date as well as upload documentation/files.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jan 28, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED National Outbreak Reporting System (NORS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: National Outbreak Reporting System (NORS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ian Williams

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The National Outbreak Reporting System (NORS) provides collection and storage of aggregate outbreak data from State Health Departments. The data is studied and analyzed as a part of national surveillance. Aggregate outbreak data is entered into the system as individual incident reports via client web interface for study as a passive surveillance tool.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Post ing (Form) / CDC CCID NCZVED OutbreakNet (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC CCID NCZVED OutbreakNet

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Richard Williams

enable reporting and hypothesis generation during a foodborne outbreak. From this data the system will generate reports and allow direct connectivity for statisticians within the CDC. Allowing for greater analysis and easier reporting to allow more focus on the science behind the outbreak.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The application collects both line list and outbreak data that relates to cases but does not contain PII. The data is used to enable reporting and hypothesis generation during a foodborne outbreak. The data entered into the system is largely captured by state health departments and then shared voluntarily with the CDC. Once entered into OutbreakNet, states will not be able to download or read other states data.

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Feb 3, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCZVED Project Planning and Budget Integration Database (Vertical Planning) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Oct 21, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number:

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC CCID NCZVED Project Planning and Budget Integration Database (Vertical Planning)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Richard Williams

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 21, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CC ID NIP New Vaccine Surveillance Network (NVSN) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

7. System Name: New Vaccine Surveillance Network (NVSN)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Marika Iwane

Provide an overview of the system: The system collects inpatient, outpatient, and well-child new vaccine surveillance data to evaluate the impact of new vaccines and vaccine policies.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, System does not share or disclose information.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The surveillance data on symptoms, diagnosis, interview, lab results, and vaccine verification are used to evaluate the impact of new vaccines and vaccine policies.

Yes, Date of Birth, Business Contact Information

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls: IIF data are backed up daily and copies stored in a separate facility. The SQL Server database administration is maintained by ITSO. All modification to the database conforms to ITSO CM. Technical controls: Access to the data is controlled by user ID and password in addition to the user ID and password needed to access the network. Physical controls include security guards, ID badges, cardkeys and cipher locks. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 6, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID OD Coordinating Center for Infectious Disease (CCID) Informatics Customer Support (c.Support) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Coordinating Center for Infectious Disease (CCID) Informatics Customer Support (c.Support)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tonya Martin

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Other CDC and CDC Contracted Expert Resources for Incident Resolution.

Records business email address, business phone, fax, and mailing address. Submission is mandatory.

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

Risk Analysis Date = 10/31/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 24, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID OD Space Manag ement System (SMS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Space Management System (SMS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Marianne Simon

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC CoCHIS NCPHI Data Warehousing (DW) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robb Chapman

Provide an overview of the system: DW collects data pertaining to diseases across states with disparate systems into a repository used for surveillance and analysis.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system collects voluntary or involuntarily collected data about flu reports, nationally notifiable diseases, epidemics and routine public health events

None

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: DW is subject to certification and accreditation requirements of CDC "Moderate" security systems. It is subject to oversight from an assigned security professional, as well as OIG audit and OCISO requirements. E-Authentication Assurance Level = N/A Risk Analysis Date = 10/1/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 14, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER DEOC Decision Support System (DDSS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC COTPER DEOC Decision Support System (DDSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ron Abernathy

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC DBS COTPER COP TER C-Support (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Chris Symons

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Data is used internally for case management only

Name, email address, and phone numbers

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Customer information is stored on a Microsoft SQL Server inside the firewall and protected by all CDC network protections. E-Authentication Assurance Level = N/A Risk Analysis Date = 10/21/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 14, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DGA NCHHSTP Haiti GAP Sitef (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jenny Parker

10. Provide an overview of the system: This is a general office support system for CDC GAP Haiti and provides a file server, exchange server, webmail server; authentication is performed via CDC Active Directory with a failover to local host.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Mike Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Oct 27, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DHPIRS NC HHSTP Capacity Building Assistance Request Information System (CRIS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Capacity Building Assistance Request Information System (CRIS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Rashad Burgess

CBA requests for individuals

CBA requests for groups

Triage

Action plan for CBA providers

Generation of reports Administration of the system

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC DHPIRS N CHHSTP PRS Evidence Based Search (PRS EBS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: PRS Evidence Based Search (PRS EBS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: David Purcell

-Admin report (for internal use) of essentially a data dump to be able to review & verify data accuracy (particularly important after updates to records or new fields are added) -Have a link to close the search and return back to the already opened PRS EBI website where the user left to go search

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO PII/IIF COLLECTED

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: THE SYSTEM WILL COLLECT SEARCH CRITERIA FOR USERS TO LOCATE FACT SHEETS ABOUT EVIDENCE BASED INTERVENTIONS MOST APPROPRIATE FOR THE USERS COMMUNITY. NO PII/IIF IS CONTAINED IN THE FACT SHEETS NOR THE SEARCH ENGINE AS EVERYTHING IS PUBLICLY ACCESSIBLE.

NO PII/IIF IS COLLECTED/STORED IN PRS EBS.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC DLS NCEH NH DNA Bank (NHDNABANK) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 7, 2008

OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 4. Privacy Act System of Records (SOR) Number: No 5. OMB Information Collection Approval Number: No 6. Other Identifying Number(s): No 7. System Name: NH DNA Bank (NHDNABANK)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Margaret Gallagher

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No, the system does not contain IIF

No, the system does not contain IIF

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC DSTDP NCHHSTP HPV Impact Project Database (HPV) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC DSTDP NCHHSTP HPV Impact Project Database (HPV)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Susan Hariri

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or any other information.

No IIF or any other information.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 3, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DTE NCHHSTP TB Genotyping Information Management System (TB GIMS) Pilot (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: TB Genotyping Information Management System (TB GIMS) Pilot

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Thomas Navin

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

No IIF collected.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC NCEH CCEHIP Vessel Sanitation Program (VSP) Inspection Reporting System (IRS) (VSPIRS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC NCEH CCEHIP Vessel Sanitation Program (VSP) Inspection Reporting System (IRS) (VSPIRS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jaret Ames

Provide an overview of the system: Vessel Sanitation Program (VSP) Inspection Reporting System (IRS)

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The System does not contain PII.

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The System does not contain PII.

The System does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC NCHHSTP GAP Ethiopia GAP Site (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Feb 9, 2009

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number:

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CDC NCHHSTP GAP Ethiopia GAP Site

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Calvin Johnson

Provide an overview of the system: None Provided - see Michael Harris

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Feb 10, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NCHHSTP GAP Rwanda GAP Site (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC NCHHSTP GAP Rwanda GAP Site

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Calvin Johnson

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Nov 25, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Su mmary for Posting (Form) / CDC NIOSH DART DART Applications (DARTApps) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC NIOSH DART DART Applications (DARTApps)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Williams J. Murphy

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Nov 3, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NIOSH EID NIOSHTIC-2 (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: William D. Bennett

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jan 15, 2009 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NIOSH HELD Publication Management System (HELD iPubs) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC NIOSH HELD Publication Management System (HELD iPubs)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Eric Knutsen

10. Provide an overview of the system: The system is a publication management system for the Heatlh Effects Laboratory Division. It facilitates the processes associated with publications including clearance, status monitoring, and division /branch/team/individual level reporting on publication production.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 16, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Asset Management Tool (AMT) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC OCOO Asset Management Tool (AMT)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wayne Knight

Provide an overview of the system: This system will provide day to day operational tools for ITSO to address: 1.Inventory and Reconciliation of ITSO property

Management of storage and handling of CDC computing assets

Reporting of various functionality of various network and enterprise system information

Monitor SLA requirements

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

No IIF is collected, disseminated, or maintained in the system.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO ITSO Office Communications Server 2007 (OCS 2007) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

7. System Name: CDC OCOO ITSO Office Communications Server 2007 (OCS 2007)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Doug McClelland

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

N/A

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Oct 28, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Su mmary for Posting (Form) / CDC OD NCHM Publications Inquiry Web (PI Web) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

7. System Name: Publications Inquiry Web (PI Web )

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Susan Robinson

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): This system does not share IIF.

- Name/quantity of publication ordered

-Name

Organization

Email address (for order confirmation)

Street address

Telephone

Profession Category

Employer Category

Internet source

Comments about the order

All Individuals affected can be notified via email if major changes occur to the system.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCSO Information Quality for Peer Review Tracking System (CDC Peer Review) (I tem)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

7. System Name: Information Quality for Peer Review Tracking System (CDC Peer Review)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Maryam Daneshvar

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A-This system does not share or disclose the PII it collects.

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The system collects Name and UserID of each employee to indicate who has reviewed the research and who has made changes.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

06.3 HHS PIA Summary for Posting (Form) / Countermeasure Resp onse Administration (CRA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 18, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-1101-00-110-218

Privacy Act System of Records (SOR) Number: 09-20-0136, “Epidemiologic Studies and Surveillance of Disease Problems,” and 09-20-0113, “Epidemic Investigation Case Records.”

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Countermeasure Response Administration (CRA)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: John Lindsey

combined with similar data that is uploaded and shared with the NIP datamart. The data in the datamart is used to create various aggregate reports for the Grantees and for internal research at CDC.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): State and local health departments for appropriate capability to respond in an emergency

There is no notification system in place

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

06.3 HHS PIA Summary for Posting (Form) / CDC ATSDR Triage Tracking System (TTS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new P IA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 11, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-9221-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Triage Tracking System (TTS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Griffin Mitchell

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass throu gh IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory:

Document and health education activities tracking for current status of document. Reports are for internal use. TTS does not contain IIF information.

31. Please describe in detail any process es in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

TTS does not contain IIF information.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrati ve, technical, and physical controls.: TTS does not contain IIF information. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 14, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR Centralized Information Management System - (SEQUOIA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Feb 11, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-02-1411-00

4. Privacy Act Syste m of Records (SOR) Number: 09-90-0018

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Centralized Information Management System (CIMS) aka Sequoia

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Keith West

13. Indicate if the system is new or an existing one being modif ied: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the sy stem shares or discloses IIF please specify with whom and for what purpose(s):

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative Controls: In order to ensure least privilege and accountability, read-only access is given by default. Additional access must be requested by the user’s manager/supervisor and granted by the system administrator. Technical Controls: integrated with AD for login, SQL server security including encryption. Physical Controls: Guards, ID badges, key cards, locked offices, locked server rooms. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Co mments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 23, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP ATSDR RssReader (Item)

PIA SUMMARY AND APPROVAL COMBINE D

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 22, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9623-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: RssReader (ATSDR News Room)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wilma Lopez

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

The system does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain PII. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 11, 2008 Approved for Web Publishing: Yes Date Pub lished: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH NCIRD Environmental Health Specialists Network Information System - (EHSNIS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Dec 17, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9221-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection App roval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC CCEHIP NCEH NCIRD Environmental Health Specialists Network Information System- (EHSNIS)

System Point of Contact (POC). The System POC is the person to whom questions about the syst em and the responses to this PIA may be addressed: Debbie Bankston

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The system does not contain PII.

The system does not contain PII.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system does not contain PII. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia Kittles Sr. Official for Privacy Approval: Promote Comments: Sr. Official f or Privacy Name: Thomas P. Madden Sign-off Date: Dec 18, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCEH Rapid Data Collector (RDC) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Dec 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: N\A

OMB Information Collection Approval Number: N\A

Other Identifying Number(s): N\A

System Name: Research Data Center (RDC)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Peter Meyer

Confidentiality Officer. The committee may grant three types of access to these data: 1) Onsite, 2) Remote, and 3) Census RDC. Each of these access methods uses different types of information technology to control what data elements user can access. The term access is very specific to the operations of the RDC. Researchers may work with the data but they are not permitted remove it from the controlled environment. When the proposed research and analysis are complete, they may take the results of their analysis away from the RDC after it undergoes a disclosure risk avoidance examination by RDC staff. No micro data or data sets are permitted to leave the RDC. Descriptions of the RDC’s three access methods follow:

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF shared or disclosed

Data is unique to the individual project and is not maintained by the RDC beyond the duration of the project.

Data in the RDC do not contain IIF.

N/A

32. Does the system host a we bsite?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Comments: Sr. Official for P rivacy Name: Thomas P Madden Sign-off Date: Dec 12, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCEHIP NCIPC Web-based Injury Statistics Query and Reporting System - (WISQARS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Nov 7, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-04-00-0897-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Web-based Injury Statistics Query and Reporting System (WISQARS)

System Point of Conta ct (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kevin Webb

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pas s through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 23, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC CCID NCHHSTP Tuberculosis Epidemiologic Studies Consortium Data Management and Communications System - (DMACS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Oct 3, 2006

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-02-9122-00-110-246

Privacy Act System of Records (SOR) Number: N/A

OMB Informat ion Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DMACS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jose Becerra

Pr ovide an overview of the system: The Division of Tuberculosis Elimination (DTBE) of the Centers for Disease Control and Prevention (CDC) established the Tuberculosis Epidemiologic Studies Consortium (TBESC) in order to strengthen, focus, and coordinate tuberculosis (TB) research. The TBESC is designed to build the scientific research capacities of state and metropolitan TB control programs, participating laboratories, academic institutions, hospitals, and both non- and for-profit organizations. It operates within an environment that fosters creative and open intellectual input. The research agenda is developed through a process of mutually negotiated scientific and programmatic peer review. It is guided by a national, comprehensive research agenda responsive to the Institute of Medicine’s (IOM) report, Ending Neglect: The Elimination of Tuberculosis in the United States (2000), (http://www.cdc.gov/nchstp/tb/pubs/iom/iomresponse/toc.htm), and DTBE’s priorities. The Data Management and Communications System (DMACS) is developed to support the TBESC mission and help data collection to the centralized database.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

System does not have IIF

NO IIF is Collected

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is Collected PIA R eviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown

Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas. P. Madden Sign-off Date: Oct 30, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COCHIS NCPHI All Threat Agent Content System - ATACS (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 18, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-04-02-1196-00-110-028

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Numb er(s): N/A

System Name: All Threats Agent Content System (ATACS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Susan Willkin

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF wi thin any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

System does not have IIF

Please describe in de tail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

No IIF is Collected

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF is collected by the system PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Sep 10, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COCHP DCBDDD Metrop olitan Atlanta Developmental Disabilities Surveillance Program - (MADDSP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 11, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: N/A

Privacy Act System of Records (SOR) Number: 09-20-0136

OMB Information Collection Approval Number: 0920-0693

Other Identifying Number(s): N/A

System Name: Metropolitan Atlanta Developmental Disabilities Surveillance Program (MADDSP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Andrew R. Autry

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

Since these data are being collected under a public health surveillance program, the persons under study do not know that their IIF is being collected; permission to access the IIF is obtained from the service agencies rather than the individuals. It is important to obtain a complete count of individuals with these conditions.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER Action Item Registry - (AIR) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 16, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): none

System Name: Action Item Registry - (AIR)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

None

32. Does the system host a website?: Yes

37. Does the website have any information or pag es directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Mar 27, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER COTPER Intranet (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Nov 15, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

4. Privacy Act System of Records (SOR) Number: No

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: COTPER Intranet

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children u nder the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical c ontrols.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Mar 28, 2008 Approved for Web Publishing: Yes Date P ublished: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER COTPER Stockpile Resource Plan - (SRP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: May 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-01-1352-00-110-246

OMB Information Collection Approval Number: N/A

Other Ident ifying Number(s): N/A

System Name: Stockpile Resource Plan (SRP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Robert Phillips

Provide an overview of t he system: The Division of the Strategic National Stockpile (DSNS) program provides pharmaceuticals, vaccines, medical supplies, and medical equipment to augment depleted state and local resources during response to terrorist attacks or other emergencies. System does not constitute a "System of Records" under the Privacy Act. All information collected on individuals is business related, and data are normally retrieved by product numbers and location.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The Veterans Administration/ National Acquisition Center (VA/NAC) receives ordering information for emergency response planning and deployments.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The IIF the CDC will collect, maintain, or disseminate is work related and includes name, business address, business phone number and business e-mail address and user ID for system users on a voluntary basis. Vendor information is collected as part of ongoing contractual activities associated with procurement of goods and services for the CDC. This is the minimum necessary to accomplish system purposes. Submission is voluntary. All information collected on individuals is business related, and data are normally retrieved by product numbers and location. While names are collected, names are incidental to the system as points of contact.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared:

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are the re policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER PMET Terrorism Database - (PMET) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: PMET Terrorism Project Database

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

For more information please refer to the Webform Submission Guidance: http://intraapps.cdc.gov/od/otper/spendplan/FY2007/docs/FY2007%20Reporting%20Period%203%20Guidance.pdf

The system architecture contains a web front-end with a Microsoft SQL backend which is hosted in the Designated Server Site (DSS) and managed by ITSO.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Brief ly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER RSS Inventory Tracking System (RITS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 16, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-02-1486-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Receipt, Storage and Staging Inventory Tracking System (RITS)

System Point of Conta ct (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Gary Nakashian

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guideline s in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 13, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / C DC COTPER Science Action Item Registry - (SAIR) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 16, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-8121-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Science Action Item Registry (SAIR)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Joseph Dell

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF or PII is collected

None

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destructi on of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approv al: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Mar 27, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC COTPER State and Local Preparedness Program Manage ment Information System - (PERFORMS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: May 2, 2008

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-04-00-02-1290-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: State and Local Preparedness Program Management Information System (PERFORMS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Prachi Mehta

Provide an overview of the sy stem: The Coordinating Office for Terrorism Preparedness and Emergency Response has maintained a management information system on CDC's Secure Data Network (SDN) since FY 2004. This system is used to receive, process, monitor, and evaluate cooperative agreements of over $800 million per year for 62 grantees. These funds are used to establish critical systems to prepare for and respond to terrorism, outbreaks of infectious diseases, and other public health threats and emergencies. Use of the PERFORMS is mandatory for submission of progress reports, applications and budget information.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

N/A

32. Does the system host a website?: Yes

37. Doe s the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 6, 2008 Approved for Web Publishing: Yes

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DCPC GA - Issue Tracker (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 9, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9023-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: DCPC GA - Issue Tracker

System Point of Contact (POC). The System POC is the person to whom questions ab out the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Tracks user issues with Registry Plus software.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Some of the applications provide business contact information for public officials.

No uniform process in place. Several applications have a process in place to inform users of major changes to the system.

Users are aware of the IIF collected and how it is being used. Users must volunteer their IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Bri efly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: All of the data, including the IIF, follow the security controls of the EMSSP. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DHAP NCHHSTP Extramural Tracking and Reporting Application (eXTRA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: Initial PIA Migration to ProSight

Date of this Submission: Mar 14, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-02-9509-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Extramural Tracking and Reporting Application (eXTRA)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Nancy Haban

Provide an overview o f the system: The Extramural Tracking and Reporting Application monitors and tracks document preparation and approval of funding mechanism documents for the Division of HIV/AIDS Prevention (DHAP). The most common funding mechanisms are Funding Opportunity Announcements (FOAs) and Contracts. eXTRA provides tools for:

Browsing a list of Funding Opportunity Announcements and displaying FOA details Entering new FOAs Routing FOAs to personnel for reviewing in a document management system, the Document Manager

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

eXTRA Does not collect IIF

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: eXTRA Does not collect IIF:

eXTRA Does not collect IIF

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at childre n under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physica l controls.: eXTRA Does not collect IIF PIA Reviewer Approval: Comments: PIA Reviewer Name: Sr. Official for Privacy Approval: Comments: Sr. Official for Privacy Name: Sign-off Date: Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Su mmary for Posting (Form) / CDC DHPIRS NCHHSTP Prevention Program Branch Support System (PPBSS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision: PIA Validation

Date of this Submission: Nov 14, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Prevention Program Branch Support System (PPBSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Wendy Harrington-Lyon

• Data collection

• Manage Grantee information

• Manage Agency information/contacts

• Manage proposed target populations The majority of applications that will be operating within the PPBSS environment will have data flows as detailed below:

• User inputs information into system

• User manages collected information

• User runs reports to review submitted information Manual processes within PPB have already been identified and plans to develop applications to replace those processes have already been documented.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

PPBSS DOES NOT DISCLOSE ANY IIF

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PPBSS IS ONLY ACCESSIBLE THROUGH THE CDC INTRANET BY USERID’S THAT ARE MANUALLY ENTERED IN BY PPBSS ADMINISTRATORS. THE SERVERS ARE IN A SECURE FACILITY THAT HAS GUARDS AND LOCKED DOORS. E-Authentication Level: N/A Risk Analysis Date: 10/20/2008 PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Felicia P. Kittles OCISO C&E PM Sr. Official for Privacy Approval: Promote Com ments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 14, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC DOH NOHSS (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 26, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9121-00

Privacy Act System of Records (SOR ) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC DOH NOHSS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Cindy Allen

Provide an overview of the system: Reports data for oral health prevalence rates from a number of sources for data query.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Some of the applications provide business contact information for public officials.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 25, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC Enterprise (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?:

If this is an existing PIA, please provide a reason for revision:

Date of this Submission:

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number:

OMB Information Collection Approval Number:

Other Identifying Number(s):

System Name:

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed:

Provide an overview of the system:

13. Indicate if the syste m is new or an existing one being modified:

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?:

21. Is the system subject to the Privacy Act?:

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Does the system host a website?:

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: PIA Reviewer Approval: Comme nts: PIA Reviewer Name: Sr. Official for Privacy Approval: Comments:

Sr. Official for Privacy Name: Sign-off Date: Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC Goals Tracking System - (GTS) (Item )

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 25, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-03-02-9224-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Goals Tracking System (GTS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Apoorva Patel

13. Indicate if the system is new or an existing o ne being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

Information is shared with other users to allow users to assign staff members to division activities.

Electronic consent will be sent out to all individuals with IIFs in the system.

32. Does the system host a website?: No

37. Does the webs ite have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on t he system using administrative, technical, and physical controls.: Access only via internal network. Users file has 256-bit encryption. Building is secured to CDC staff members only.

PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jul 9, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC National Respir atory and Enteric Virus Surveillance System (NREVSS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 28, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-05-02-9422-00-110-246

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: National Respiratory and Enteric Virus Surveillance System (NREVSS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Catherine Panozzo

Provide an overview of the system: Collects the number of tests and positive results on respiratory and enteric viruses from about 400 laboratories.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Plea se describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: We collect information on the number of positive and number of tests performed for several respiratory and enteric viruses. We also collect information on the test type, date of testing, and basic lab contact info. There is no IIF data.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Jun 26, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC NCPHI CCHIS Public Health Information Rapid Exchange - (PHIRE) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 8, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-0610-00

Privacy Act System of Rec ords (SOR) Number: None Required

OMB Information Collection Approval Number: None Required

Other Identifying Number(s): NO

System Name: Public Health Information Rapid Exchange (PHIRE)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alan Davis

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect , maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specif y with whom and for what purpose(s): The PHIRE application does not disclose or share IIF information. However, users of PHIRE login with their email ID. The email ID is not shared with other users. A CDC communications manager can view to all user email addresses as well as telecommunications based information. The communications manager will have the ability to broadcast user communications.

Work State Work County/Parish Work City Primary Phone Number Secondary Phone Number SMS capability for phone number Fax Number Secondary E-mail Address Work Industry Work Branch Work Department Work Setting Professional Role Specialty / Area of Focus Affiliations Content Categories This information is being collected in order to notify subscribers via email, voice, fax or SMS, of any information that matches their selected content categories, work settings or geographic location. The registration data is mixed, both optional and required for subscription to PHIRE. The option to register lies

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at child ren under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physi cal controls.: Administrative – IIF is secured by limiting access to only individuals who are authorized to access user data. This includes the administrators of the database which the data is held in as well as the administrative account to retrieve data for the purpose of generating e-mails or sending telecommunications based notifications to end-users. Technical – IIF is secured on the system by limiting ability to retrieve user information from the database to an administrative account that is limited to only selecting data for the purpose of generating e-mails or sending telecommunications based notifications. The data supplied by end-users is inserted and modified in the database using a separate account. Physical – Physical access to the production application and database is limited to only those individuals who have physical access to the server location as well as those who have accounts on the production servers. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice Brown Sr. Official for Privacy Approval: Comments: Sr. Official for Privacy Name: Thomas Madden Sign-off Date: Aug 24, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Cafeteria Wizard (Item)

PIA SU MMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 19, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1212

Privacy Act S ystem of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Cafeteria Wizard

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses I IF please specify with whom and for what purpose(s): N/A

None

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval : Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Feb 21, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS P IA Summary for Posting (Form) / CDC OCOO MASO Carpool (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 19, 2007

OPDIV Nam e: CDC

Unique Project Identifier (UPI) Number: Static HTML

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Carpool

System Point of Conta ct (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: This is a carpool register. You can register for a carpool or search the database by area code and locations.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website( s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thi rteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA R eviewer Approval: Promote Comments: PIA Reviewer Name: Alice M Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Feb 21, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Delegation of Authority - (DOA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 593

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Delegation of Authority

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or webs ite(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Abstracts of Delegations of Authority within CDC..

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thi rteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA R eviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Electronic Forms (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 594

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Electronic Forms

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (sto re), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and f or what purpose(s): N/A

ELECTRONIC FORMS provides searches and selection process of electronic forms – It Does Not Collect or Share IIF.

N/A ELECTRONIC FORMS Does Not Collect or Share IIF

32. Does the system host a website ?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: ELECTRONIC FORMS Does Not Collect or Share IIF PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Employee Organizations - (EO) (Item)

PIA SUMMARY AN D APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Sep 20, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: EMPLOYEE ORGANIZATIONS

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A EMPLOYEE ORGANIZATIONS does not collect or share IIF.

Informational site only. EMPLOYEE ORGANIZATIONS does not collect or share IIF.

N/A EMPLOYEE ORGANIZATIONS does not collect or share IIF.

32. Does the system host a website?: Yes

37. Does the website have any informat ion or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using admini strative, technical, and physical controls.: N/A EMPLOYEE ORGANIZATIONS does not collect or share IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Organization & Function - (OF) (Item)

PIA SUMMARY AND APPROVAL COMBI NED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 2, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Organizations and Functions

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

Provide an overview of the system: The Organizations and Functions system accesses the Reorganization Database for all the data relating to reorganization proposals. It tracks the status of reorganization proposals. It provides search capabilities and data can be viewed by all of CDC. MASO maintains the data.

13. Indicate if th e system is new or an existing one being modified: Existing

21. Is the syst em subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

NNo

Does not collect information; only displays Information.

N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of I IF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 6, 2008 Approved for Web Publishing: Yes

Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OCOO MASO Policy Management - (PM) (Ite m)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: POLICY MANAGEMENT

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate an d/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No POLICY MANAGEMENT does not collect or share IIF

POLICY MANAGEMENT does not collect or share IIF.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: POLICY MANAGEMENT does not collect or share IIF. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden

Sign-off Date: Apr 22, 2008 Approved for Web Publishing : Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD ITSO Life Guard Tracking System - (LTS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jul 31, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-01-1152-00-404-139

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Lifeguard Tracking System

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Phillip Navin

Provide an overvie w of the system: The Lifeguard Tracking system provides the capability to track deployed and non-deployed staff that has a Java enabled Blackberry device with GPS chip set. The Lifeguard Tracking system consists of a Java based program that is installed upon the Blackberry device, which at fifteen minute intervals polls GPS satellites and/or cellular towers to gain positional coordinates. If GPS coordinates are available, Lifeguard will send HTML POST statements to specially crafted web pages. Data transmitted includes Device Pin Number, date/time, status, method, and NMEA standard location sting information. The specially crafted web pages are hosted on servers at Clifton and DR sites. The web pages write the data to an internal SQL server, which is accessible by PWMS.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this syst em?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): NO

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administr ative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments:

PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Dec 6, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD ITSO Voice Over IP - (VoIP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 16, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-02-00-02-1152-00

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: CDC Internal VoIP (VoIP)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: James Deberry

Provide an ov erview of the system: The CDC Internal VoIP provides scalable IP telephony solutions. This provided telephony solution will consist of a split core design interconnected between the Chamblee building 106 and Clifton building 21 campus locations. The ultimate purpose of this system will be to provide TDM phone service to the users at each location.

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Please descr ibe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Brief ly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No PIA Reviewer Approval: Promote Comments:

PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 24, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD MASO Records Management (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: No If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 15, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 382

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Records Management Database

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Kimberly Thurmond

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No Records Management Database does NOT collect or store IIF

Retirement of documents. No IIF

individuals regarding what IIF is being collected from them and how the information will be used or shared: No

Records Management Database does NOT collect or store IIF

32. Does the system host a website?: Yes

37. Does the website have any info rmation or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using ad ministrative, technical, and physical controls.: N/A Records Management Database does NOT collect or store IIF PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 22, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD MISO Individual Learning Account - (ILA) (Item)

PIA SUMMARY AND APPROVAL COMBINED

P IA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 13, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-1015-00

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Individual Learning Account

System Point of Contact (POC). The System POC is the person to whom qu estions about the system and the responses to this PIA may be addressed: Joan Cioffi

13. Indicate if the system is new or an existing one bein g modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Ac t?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Yes

- HHS – To provide training records to the HHS System for tracking all employee courses taken.

information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The application collects the data required by OPM for the completion of attendees training records. The application provides an efficient means of cost distribution and tracking to aid in the budgetary process within CDC. The ILA tracks funds associated with the training record for CDC employees regarding the training that is received, when it was received. The submission of the information is voluntary.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical contr ols.: The ILA System is installed on the CDC Mainframe in a specific Logical Partition (LPAR). Access to the LPAR is protected through the use of IBM RACF. For further information about the CDC Mainframe and its operating environment see the Mainframe System Security Plan (SSP). PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 6, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD OCSO OMB Peer Review (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 5, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-1425-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: OMB Peer Review

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Maryam Daneshvar

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (stor e), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and f or what purpose(s): No IIF is collected

Collects information regarding studies that involves human subjects.

No IIF is collected

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF or PII collected PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Apr 4, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD OE S Inspector General-Government Accountability Office - (IG/GAO) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Feb 11, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-06-02-9409-00

Privacy Act System of Records (SOR) Number: No

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: IG/GAO

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Alioune Thiam

OES is responsible for managing IGGAO projects involving the CDC. IGGAO Office in Washington re initiates projects for CDC. When received, a project file is logged in the IGGAO application, assigned subject matters, routed to different Centers and Coordinating Centers, categorized and sent to the appropriate person who needs to handle it. Actions that document the steps taken are also entered into the application. Information from the application is used to generate reports that are distributed to the ELB (Executive Leadership Board) for discussion during their meetings.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or p ass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No IIF in system.

No IIF in system.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelin es in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No IIF in system. PIA Reviewer Approval: Promote Comment s: PIA Reviewer Name: David Knowles Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: May 7, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Post ing (Form) / CDC OD PGO Remote Property (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Sep 27, 2007

2. OPDIV Name: CDC

3. Unique Project Identifier (UPI) Number: 009-20-01-01-02-1132-00

4. Privacy Act System of Records (SOR) Number: NONE

5. OMB Information Collection Approval Number: NONE

6. Other Identifying Number(s): NONE

7. System Name: The Remote Property Inventory Verification System (Remote Property)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Teresa Kinley

Provide an overview of the system: In response to the CDC Property Taskforce Inventory Reconciliation 13 Point Action Plan, the certification of all offsite equipment will take place within a predetermined deadline; currently set for September 15th 2007. The Remote Inventory Questionnaire will collect remote inventory information, the user will certify their possession of the item(s), and custodial officers will receive questionnaire details to aid in property inventory reconciliation activities. All remote users (who have a Secure ID keyfob) will be encouraged to access the questionnaire via CITGO or intranet URL. Users will receive a link/icon to access the Remote Inventory Questionnaire. All users will be required to enter barcode number(s) of all offsite equipment or certify they have none; failure to comply will result in their Secure ID KeyFob being disabled.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

– No IIF collected

No – No IIF collected

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

06.3 HHS PIA Summary for Posting (Form) / CDC ODR EEO Equal Employment Opportunity – Accommodation Tracking System (EEO-ATS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Nov 21, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number:

Privacy Act System of Records (SOR) Number: 09-20-0055

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Equal Employment Opportunity – Accommodation Tracking System (EEO-ATS)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the response s to this PIA may be addressed: Gilbert Camacho

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hoste d by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

EEO requires employees to sign consent forms that provide EEO the right to access employee IIF when they submit a request.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?:

54. Briefly describe in detail how the IIF will be secured on the system using administrative, tech nical, and physical controls.: All information collected in this application will be secured in CDC servers that are located in CDC secured facilities. Only user with the appropriate rights will have access to the data.

Comments: Sr. Official for Privacy Name: Thomas P Madden Sign-off Date: Nov 25, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC PIO NCHHSTP IRB Protocol Tracking (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: May 22, 2007

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: (FY-07): 009-20-01-02-02-9122-00-110-246 (FY-08): 009-20-01-02-02-9122-00

Privacy Act System of Records (SOR) Number: 09-90-0018

OMB Information Collection Approval Number: N/A

Other Identifying Number(s): N/A

System Name: Institutional Review Board Protocol Tracking System (IRB Protocol Tracking)

System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Allyn Nakashima

Provide an overview of the system: IRB Protocol Tracking tracks both research non-research protocol requests from the time NCHHSTP/Office of the Director (OD) Associate Director of Science (ADS) receives them from the respective Divisions until the protocols are terminated as well as the automation and electronic storage of protocol documents, clearance/approval forms and the array of associated attachments.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hos ted by this system?: Yes Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA. If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

System does not share or disclose IIF

Type of data collected:

Protocol Number

Protocol title

Primary Investigator

Project objective/purpose

Study Category

-Study Setting

Expected number of participants

Participant groupings

Source of data collection

Laboratory procedures

type of specimens collected

Consent information

Vulnerable Populations

Study site (Domestic or International) IRB Committee

-Review type

-Disposition The only IIF contained in the system is the name and business phone number of the CDC primary Investigator. Primary Investigators voluntarily submit IIF

32. Does the syste m host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Administrative controls include role based access with user ID’s and passwords. Tech controls: User ID’s, Passwords, firewall and an intrusion detection system. Physical access controls: security guards, ID badges and key cards. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Nam e: Thomas P. Madden Sign-off Date: Oct 30, 2007 Approved for Web Publishing: Yes Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC Respiratory Protection Program (RPP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Aug 28, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 009-20-01-09-02-9409-00

Privacy Act System of R ecords (SOR) Number: 09-20-0154

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Respiratory Protection Program

System Point of Contact (POC). The System POC is the person to whom questions about the sys tem and the responses to this PIA may be addressed: Alioune Thiam

13. Indicate if the system is new or an existing one being modified: New

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Yes DEOC

Yes. Collects name, user ID, in order to link person with RPP training status.

During RPP training, users are informed that their IIF will be stored in the RPP database.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrati ve, technical, and physical controls.: The database is located inside the CDC network and protected by the CDC Federal infrastructure. PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Michael W. Harris Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Aug 14, 2008 Approved for Web Publishing: Date Published: Mar 2, 2009

06.3 HHS PIA Summary for Posting (Form) / CDC OD MASO Internal Controls Program - (ICP) (Item)

PIA SUMMARY AND APPROVAL COMBINED

PIA Summary Is this a new PIA 2008?: Yes If this is an existing PIA, please provide a reason for revision:

Date of this Submission: Jan 8, 2008

OPDIV Name: CDC

Unique Project Identifier (UPI) Number: 1506

Privacy Act System of Records (SOR) Number: N/A

OMB Information Collection Approval Number: No

Other Identifying Number(s): No

System Name: Internal Controls Program

9. System Point of Contact (POC). The System POC is the person to whom questions about t he system and the responses to this PIA may be addressed: Kimberly Thurmond

10. Provide an overview of the system: This system will implement the A-123 program and serve as a repository of documentation of program functions.

13. Indicate if the system is new or an existing one being modified: Existing

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

Evaluation of CDC’s ICS as required by OMB-A-123

N/A

32. Does the system host a website?: Yes

37. Does the website have any in formation or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: N/A PIA Reviewer Approval: Promote Comments: PIA Reviewer Name: Alice M. Brown Sr. Official for Privacy Approval: Promote Comments: Sr. Official for Privacy Name: Thomas P. Madden Sign-off Date: Mar 28, 2008 Approved for Web Publishing: Yes Date Published: Mar 2, 2009