Privacy Act System Notice 09-20-0168
This page contains several links to PDF files which may require a browser plug-in to view correctly. If you do not have the most recent version of Adobe Acrobat Reader, or are having difficulty viewing the PDF, download the plug-in here.
System name: Curricula Vitae of Consultants to the National Center for Health Statistics. HHS/CDC/NCHS.
System location: National Center for Health Statistics, Coordinating Center for Health Information and Service (CCHIS), Prince George’s Metro IV Bldg., Room 7209, Centers for Disease Control and Prevention, 3311 Toledo Road, Hyattsville, MD 20782.
Categories of individuals covered by the system: Persons who are current or potential consultants to the National Center for Health Statistics (NCHS). These are persons with special expertise who may be able to assist NCHS on a consultant basis in the planning and conducting of surveys, studies, statistical reporting programs, statistical analyses of data, in providing training and technical assistance, or assisting in conducting conferences.
Categories of records in the system: Information relating to the professional training and experience of the consultant. This includes: address; current position; employer; duties; place, time, and length of education; degrees received; honors received; former positions and work experiences; memberships in professional organizations; special committee and task force assignments; offices held; publications; references; health condition; availability for, and interest in travel and accepting certain assignments; compensation required, etc.
Authority for maintenance of the system: Public Health Service Act, Section 304(b) (42 U.S.C. 242b), authorizing the Secretary to take the necessary steps to implement statistical and epidemiological activities relating to health.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses: Where Federal agencies having the power to subpoena other Federal agencies' records, such as the Internal Revenue Service, issue a subpoena to the Department for records in this system of records, the Department will make such records available.
The Department occasionally contracts with a private firm for the purpose of collecting, analyzing, aggregating or otherwise refining records in this system. Relevant records are disclosed to such a contractor. The contractor is required to maintain Privacy Act safeguards with respect to such records.
Disclosure may be made to a congressional office from the record of an individual in response to an inquiry from the congressional office made at the request of that individual.
The Department of Health and Human Services (HHS) may disclose information from this system of records to the Department of Justice, or to a court or other tribunal, when: (a) HHS, or any component thereof; or (b) any HHS employee in his or her official capacity; or (c) any HHS employee in his or her individual capacity where the Department of Justice (or HHS, where it is authorized to do so) has agreed to represent the employee; or (d) the United States or any agency thereof where HHS determines that the litigation is likely to affect HHS or any of its components, is a party to litigation or has an interest in such litigation, and HHS determines that the use of such records by the Department of Justice, the court or other tribunal is relevant and necessary to the litigation and would help in the effective representation of the governmental party, provided, however, that in each case, HHS determines that such disclosure is compatible with the purpose for which the records were collected.
Safeguards: Measures to prevent unauthorized disclosures are implemented as appropriate for the particular records maintained. NCHS implements personnel, physical and procedural safeguards as follows:
- Authorized Users: Records are used only by staff whose official job duties require them to use records on consultants.
- Physical Safeguards: Hard copy records are stored in locked files or offices when not in use. Building security includes the use of identification badges by employees and a card key system used to enter NCHS occupied space.
- Procedural Safeguards: Users of individually identified data protect information from public scrutiny, and only specifically authorized personnel may be admitted to the record storage area. NCHS employees who maintain records are instructed to check with the system manager prior to making disclosures of data.
Protection for computerized records both on the mainframe and the National Center Local Area Network (LAN) includes programmed verification of valid user identification code and password prior to logging on to the system, mandatory password changes, limited log-ins, virus protection, and user rights/file attribute restrictions. Password protection imposes user name and password log-in requirements to prevent unauthorized access. Each user name is assigned limited access rights to files and directories at varying levels to control file sharing. There are routine daily backup procedures and secure off-site storage is available for backup tapes. Additional safeguards may be built into the program by the system analyst as warranted by the sensitivity of the data.
All employees of NCHS and contractor personnel with access to NCHS records are required, as a condition of employment, to sign an affidavit binding them to nondisclosure of individually identifiable information and to view an NCHS video tape addressing confidentiality and systems security. Periodic correspondence is sent to staff to reinforce security procedures.
Contractors who maintain records in the system are instructed to make no further disclosure of the records. Privacy Act requirements are specifically included in contracts. The HHS contract officers and project officers oversee compliance with these requirements.
- Implementation Guidelines: The safeguards outlined above are in accordance with the HHS Information Security Program Policy and FIPS Pub 200, “Minimum Security Requirements for Federal Information and Information Systems,” and the NCHS Staff Manual on Confidentiality. Data maintained on CDC’s Mainframe and the National Center LAN are in compliance with OMB Circular A-130, Appendix III. Security is provided for information collection, processing, transmission, storage, and dissemination in general support systems and major applications.
Retention and disposal: Records are retained and disposed of in accordance with the CDC Records Control Schedule for NCHS records. Records are maintained until the consultant's death, disability for consultant work, or request that his or her records be removed from the file.
System manager(s) and address: Director, National Center for Health Statistics, CCHIS, Prince George’s Metro IV Bldg., Rm. 7209, MS P08, Centers for Disease Control and Prevention, 3311 Toledo Road, Hyattsville, MD 20782.
Record access procedures: Same as notification procedures. Requesters should also reasonably specify the record contents being sought. Positive identification is required from anyone seeking access. Individuals may also request an accounting of disclosures that have been made of his or her record, if any.
Contesting record procedures: Write to the official at the address specified under notification procedures above, and reasonably identify the record, specify the information being contested, the corrective action sought, and the reasons for requesting the correction, along with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.
Record source categories: Records are obtained from the consultants themselves, except that references may be obtained from present and former employers or supervisors of the consultants, or from individuals given as references by the consultants.
- Page last updated: April 11, 2012