Download:
pdf |
pdfSave
Privacy Impact Assessment Form
v 1.21
Status
Form Number
Form Date
Question
Answer
1
OPDIV:
CDC
2
PIA Unique Identifier:
TBD
2a Name:
01/08/20
Distribution of Traceable Opioid Material Kits across U.S. Labora
General Support System (GSS)
Major Application
3
The subject of this PIA is which of the following?
Minor Application (stand-alone)
Minor Application (child)
Electronic Information Collection
Unknown
3a
Identify the Enterprise Performance Lifecycle Phase
of the system.
Operations and Maintenance
Yes
3b Is this a FISMA-Reportable system?
4
Does the system include a Website or online
application available to and for the use of the general
public?
5
Identify the operator.
6
Point of Contact (POC):
7
Is this a new or existing system?
8
Does the system have Security Authorization (SA)?
No
Yes
No
Agency
Contractor
POC Title
Senior Service Fellow
POC Name
Melissa Carter
POC Organization DHHS/CDC/DDNID/NCEH/DLS/ER
POC Email
melissa.carter@cdc.hhs.gov
POC Phone
770-488-7263
New
Existing
Yes
No
8b Planned Date of Security Authorization
Not Applicable
Page 1 of 4
Save
8c
Briefly explain why security authorization is not
required
10
Describe in further detail any changes to the system
that have occurred since the last PIA.
11 Describe the purpose of the system.
Vendor will be collecting information.
The purpose of this information collection (IC) is to respond to
the US opioid epidemic and ensure that labs have the test
materials they need to detect various opioids. CDC, through a
vendor, will assure that the Traceable Opioid Material Kits
(TOM Kits) are being distributed to different types of
laboratories in public, private, and non-profit sectors.
The types of information the study will collect and maintain
will be:
Lab Contact Information (address, phone number, email);
lab contact information would be for the lab itself and not
specific to any individual working for that lab.
Lab Survey (capacity, analysis techniques, size, testing type,
DEA number, monthly sample volume)
Describe the type of information the system will
collect, maintain (store), or share. (Subsequent
12
questions will identify if this information is PII and ask
about the specific data elements.)
The information collected will be used to determine which
laboratories will receive kits and the number of kits needed.
This information will not be shared outside of CDC.
Laboratories will not be authenticated when submitting
information. The vendor will authenticate all of its internal
users.
Manufacturers of the TOM Kits will use their established client
relationship management systems to manage laboratory
requests for kits and their responses to study questions. The
types of information the study will collect and maintain will be:
Provide an overview of the system and describe the
13 information it will collect, maintain (store), or share,
either permanently or temporarily.
Lab Contact Information (address, phone number, email);
lab contact information would be for the lab itself and not
specific to any individual working for that lab.
Lab Survey (capacity, analysis techniques, size, testing type,
DEA number, monthly sample volume)
The information collected will allow CDC to prioritize the
distribution of TOM Kits by (1) the recipient DEA number, (2)
which laboratories requested kits and the number of kits
requested, and (3) then mail kits to the selected laboratories.
Information in the study will be submitted by various
academic, public, private, and commercial laboratories. This
information will not be shared outside of CDC. Laboratories
will not be authenticated when submitting information. The
vendor will authenticate all of its internal users.
14 Does the system collect, maintain, use or share PII?
Yes
No
Page 2 of 4
Save
Reviewer Questions
Answer
REVIEWER QUESTIONS: The following section contains Reviewer Questions which are not to be filled out unless the user is an OPDIV
Senior Officer for Privacy.
Reviewer Questions
1
Are the questions on the PIA answered correctly, accurately, and completely?
Answer
Yes
No
Reviewer
Notes
2
Does the PIA appropriately communicate the purpose of PII in the system and is the purpose
justified by appropriate legal authorities?
Yes
Do system owners demonstrate appropriate understanding of the impact of the PII in the
system and provide sufficient oversight to employees and contractors?
Yes
No
Reviewer
Notes
3
No
Reviewer
Notes
4
Does the PIA appropriately describe the PII quality and integrity of the data?
Yes
No
Reviewer
Notes
5
Is this a candidate for PII minimization?
Yes
No
Reviewer
Notes
6
Does the PIA accurately identify data retention procedures and records retention schedules?
Yes
No
Reviewer
Notes
7
Are the individuals whose PII is in the system provided appropriate participation?
Yes
No
Reviewer
Notes
8
Does the PIA raise any concerns about the security of the PII?
Yes
No
Reviewer
Notes
9
Is applicability of the Privacy Act captured correctly and is a SORN published or does it need
to be?
Yes
No
Reviewer
Notes
10
Is the PII appropriately limited for use internally and with third parties?
Yes
No
Page 3 of 4
Save
Reviewer Questions
Answer
Reviewer
Notes
11
Does the PIA demonstrate compliance with all Web privacy requirements?
Yes
No
Reviewer
Notes
12
Were any changes made to the system because of the completion of this PIA?
Yes
No
Reviewer
Notes
General Comments
OPDIV Senior Official
for Privacy Signature
Beverly E.
Walker -S
Digitally signed by
Beverly E. Walker -S
Date: 2020.02.04
14:23:35 -05'00'
HHS Senior
Agency Official
for Privacy
Page 4 of 4
File Type | application/pdf |
File Modified | 2020-02-04 |
File Created | 2013-03-29 |