BILLING CODE: 4163-18-P
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Disease Control and Prevention
National Center for Health Statistics (NCHS) Confidentiality Pledge Revision Notice
AGENCY: Centers for Disease Control and Prevention (CDC), Department of Health and Human Services (HHS).
ACTION: General Notice - Notice of Revision of Confidentiality Pledges under the Confidential Information Protection and Statistical Efficiency Act.
SUMMARY: Under 44 U.S.C. 3506(e) and 44 U.S.C. 3501, CDC’s National Center for Health Statistics (NCHS) is announcing revisions to the confidentiality pledge(s) it provides to its respondents under the Confidential Information Protection and Statistical Efficiency Act (44 U.S.C. 3501) (CIPSEA). These revisions are required by the passage and implementation of provisions of the Federal Cybersecurity Enhancement Act of 2015 (H.R. 2029, Division N, Title II, Subtitle B, Sec. 223), which permit and require the Secretary of the Department of Homeland Security (DHS) to provide Federal civilian agencies’ information technology systems with cybersecurity protection for their Internet traffic. More details on this announcement are presented in the SUPPLEMENTARY INFORMATION section below.
DATES: These revisions become effective [INSERT DATE OF PUBLICATION IN THE FEDERAL REGISTER].
ADDRESSES: Questions about this notice should be addressed to the Information Collection Review Office, Centers for Disease Control and Prevention, 1600 Clifton Road NE., MS–D74, Atlanta, Georgia 30329.
FOR FURTHER INFORMATION CONTACT: Leroy A. Richardson by telephone at 404-639-7570 (this is not a toll-free number); by email omb@cdc.gov, or by mail Information Collection Review Office, Centers for Disease Control and Prevention, 1600 Clifton Road NE., MS–D74, Atlanta, Georgia 30329. Because of delays in the receipt of regular mail related to security screening, respondents are encouraged to use electronic communications.
SUPPLEMENTARY INFORMATION: Federal statistics provide key information that the Nation uses to measure its performance and make informed choices about budgets, employment, health, investments, taxes, and a host of other significant topics. The overwhelming majority of Federal surveys are conducted on a voluntary basis. Respondents, ranging from businesses to households to institutions, may choose whether or not to provide the requested information. Many of the most valuable Federal statistics come from surveys that ask for highly sensitive information such as proprietary business data from companies or particularly personal information or practices from individuals. The CDC’s National Center for Health Statistics (NCHS) protects all data collected under its authority under the confidentiality provisions of section 308(d) of the Public Health service Act (42 USC 242m). Strong and trusted confidentiality and exclusively statistical use pledges under the Confidential Information Protection and Statistical Efficiency Act (CIPSEA) and similar statistical confidentiality pledges are effective and necessary in honoring the trust that businesses, individuals, and institutions, by their responses, place in statistical agencies.
Under CIPSEA and similar statistical confidentiality protection statutes, many Federal statistical agencies make statutory pledges that the information respondents provide will be seen only by statistical agency personnel or their sworn agents, and will be used only for statistical purposes. CIPSEA and similar statutes protect the confidentiality of information that agencies collect solely for statistical purposes and under a pledge of confidentiality. These acts protect such statistical information from administrative, law enforcement, taxation, regulatory, or any other non-statistical use and immunize the information submitted to statistical agencies from legal process. Moreover, many of these statutes carry criminal penalties of a Class E felony (fines up to $250,000, or up to five years in prison, or both) for conviction of a knowing and willful unauthorized disclosure of covered information.
As part of the Consolidated Appropriations Act for Fiscal Year 2016 signed on December 17, 2015, the Congress included the Federal Cybersecurity Enhancement Act of 2015 (H.R. 2029, Division N, Title II, Subtitle B, Sec. 223). This Act, among other provisions, permits and requires the Secretary of the Department of Homeland Security (DHS) to provide Federal civilian agencies’ information technology systems with cybersecurity protection for their Internet traffic. The technology currently used to provide this protection against cyber malware is known as Einstein 3A; it electronically searches Internet traffic in and out of Federal civilian agencies in real time for malware signatures.
When such a signature is found, the Internet packets that contain the malware signature are shunted aside for further inspection by DHS personnel. Because it is possible that such packets entering or leaving a statistical agency’s information technology system may contain a small portion of confidential statistical data, statistical agencies can no longer promise their respondents that their responses will be seen only by statistical agency personnel or their sworn agents. However, they can promise, in accordance with provisions of the Federal Cybersecurity Enhancement Act of 2015, that such monitoring can be used only to protect information and information systems from cybersecurity risks, thereby, in effect, providing stronger protection to the integrity of the respondents’ submissions.
Consequently, with the passage of the Federal Cybersecurity Enhancement Act of 2015, the Federal statistical community has an opportunity to welcome the further protection of its confidential data offered by DHS’ Einstein 3A cybersecurity protection program. The DHS cybersecurity program’s objective is to protect Federal civilian information systems from malicious malware attacks. The Federal statistical system’s objective is to ensure that the DHS Secretary performs those essential duties in a manner that honors the Government’s statutory promises to the public to protect their confidential data. Given that the Department of Homeland Security is not a Federal statistical agency, both DHS and the Federal statistical system have been successfully engaged in finding a way to balance both objectives and achieve these mutually reinforcing objectives.
However, many current CIPSEA and similar statistical confidentiality pledges promise that respondents’ data will be seen only by statistical agency personnel or their sworn agents. Since it is possible that DHS personnel could see some portion of those confidential data in the course of examining the suspicious Internet packets identified by Einstein 3A sensors, statistical agencies need to revise their confidentiality pledges to reflect this process change.
Therefore, NCHS is providing this notice to alert the public to these confidentiality pledge revisions in an efficient and coordinated fashion. Below is a table listing NCHS’s current Paperwork Reduction Act (PRA) OMB Control numbers and information collection titles and their associated revised confidentiality pledge(s) for the Information Collections whose confidentiality pledges will change to reflect the statutory implementation of DHS’ Einstein 3A monitoring for cybersecurity protection purposes.
The following NCHS statistical confidentiality pledge will now apply to the Information Collections whose Paperwork Reduction Act Office of Management and Budget numbers and titles are listed below.
We take your privacy very seriously. All information that relates to or describes identifiable characteristics of individuals, a practice, or an establishment will be used only for statistical purposes. NCHS staff, contractors, and agents will not disclose or release responses in identifiable form without the consent of the individual or establishment in accordance with section 308(d) of the Public Health Service Act (42USC 242m) and the Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA, Title 5 of Public Law 107-347). In accordance with CIPSEA, every NCHS employee, contractor, and agent has taken an oath and is subject to a jail term of up to five years, a fine of up to $250,000, or both if he or she willfully discloses ANY identifiable information about you. In addition, NCHS complies with the Federal Cybersecurity Enhancement Act of 2015. This law requires the federal government to protect federal computer networks by using computer security programs to identify cybersecurity risks like hacking, internet attacks, and other security weaknesses. If information sent through government networks triggers a cyber threat indicator, the information may be intercepted and reviewed for cyber threats by computer network experts working for, or on behalf of the government.
NCHS’s Current OMB Control Numbers
OMB Control Number |
Title of Information Collection |
0920-0119 |
National Ambulatory Medical Care Survey Supplement on Culturally and Linguistically Appropriate Services (NAMCS CLAS) |
0920-0212 |
National Hospital Care Survey |
0920-0213 |
NCHS: National Vital Statistics Report Forms |
0920-0214 |
National Health Interview Survey |
0920-0215 |
Application Form and Related Forms for the Operation of the National Death Index |
0920-0217 |
NCHS Application for Vital Statistics Training Form |
0920-0222 |
NCHS Questionnaire Design Research Laboratory |
0920-0234 |
National Ambulatory Medical Care Survey (NAMCS) |
0920-0278 |
National Hospital Ambulatory Medical Care Survey |
0920-0314 |
National Survey of Family Growth |
0920-0729 |
Customer Surveys Generic Clearance for the National Center for Health Statistics |
0920-0943 |
Data Collection for the Residential Care Community and Adult Day Services Center Components of the National Study of Long-term Care Providers |
0920-0950 |
National Health and Nutrition Examination Survey |
0920-1015 |
The National Ambulatory Medical Care Survey (NAMCS) National Electronic Health Record Survey (NEHRS) |
0920-1030 |
Developmental Studies to Improve the National Health Care Surveys |
0920-1063 |
NAMCS Supplement of Primary Care Policies (NSPCP) for Managing Patients with High Blood Pressure, High Cholesterol, or Diabetes |
Dated:
Leroy A. Richardson
Chief, Information Collection Review Office
Office of Scientific Integrity
Office of the Associate Director for Science
Office of the Director
Centers for Disease Control and Prevention
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
Author | Bugg, Paul EOP/OMB |
File Modified | 0000-00-00 |
File Created | 2021-01-23 |