Privacy Act System Notice 09-20-0164
This page contains several links to PDF files which may require a browser plug-in to view correctly. If you do not have the most recent version of Adobe Acrobat Reader, or are having difficulty viewing the PDF, download the plug-in here.
System name: Health and Demographic Surveys Conducted in Probability Samples of the United States Population. HHS/CDC/NCHS.
Security classification: None.
System location: National Center for Health Statistics, Coordinating Center for Health Information and Service (CCHIS), Metro IV Bldg., Room 2219, Centers for Disease Control and Prevention, 3311 Toledo Road, Hyattsville, MD 20782.
Categories of individuals covered by the system: Individuals and members of households selected by probability sampling techniques to be representative of the civilian population of the United States.
Categories of records in the system: Records containing information on: (1) the incidence of illness and accidental injuries, prevalence of diseases and impairments, the extent of disability, the utilization and cost of health care services, and other health characteristics of individuals obtained in household interviews and from their named health care providers and insurers; or (2) the nutritional status, prevalence levels of specially defined chronic diseases, growth and development patterns and distributions of various health related measurements and related data obtained in surveys involving health examinations, tests, and other measurement procedures; or (3) marital and child bearing history and intended future births, the use of prenatal care, and the family planning practices of individual women obtained by interview. Demographic and socioeconomic characteristics such as age, marital status, education, occupation, and family income are also obtained.
Authority for maintenance of the system: Public Health Service Act, Section 306(b) (42 U.S.C. 242k).
Purpose(s): The data are used for statistical purposes only. Uses within the Department include the preparation of aggregated data in the form of statistical tables for publication, analysis, and interpretation, to meet the legislative mandates of 42 U.S.C. 242k, i.e., to determine levels of illness and disability and their effects on the population, the use of health care facilities, trends in family formation and dissolution, and the like.
Routine uses of records maintained in the system, including categories of users and the purposes of such uses: The Department occasionally contracts with a private firm for the purpose of collecting, analyzing, aggregating, or otherwise refining records in this system. Relevant records are disclosed to such a contractor. The contractor is required to maintain Privacy Act safeguards and to strictly follow Section 308(d) of the Public Health Service Act with respect to such records.
NCHS may disclose selected identifiable information to authorized recipients such as the Social Security Administration for statistical analysis purposes only, consistent with the requirements of Section 308(d) of the Public Health Service Act and the Privacy Act.
Policies and practices for storing, retrieving, accessing, retaining, and disposing of records in the system:
Storage: Paper files, computer tapes/disks, and CD-ROMS.
Retrievability: A serial number tied to the selection process of successively smaller geographic areas is assigned to each record on computer tape. This serial number is cross-indexed to the original, individually identifiable record.
Safeguards: Measures to prevent unauthorized disclosures are implemented as appropriate for the particular records maintained. NCHS and its contractors implement personnel, physical and procedural safeguards as follows:
- Authorized Users: Persons authorized and needing to use the records to perform job related duties, including Project Directors, contract officers, interviewers, analysts, statisticians, statistical clerks, and data entry personnel on the staffs of the Center and the contractors.
- Physical Safeguards: Paper copies of the records are stored in locked files or offices when not in use. Building security in Hyattsville, MD includes the use of identification badges by employees and a card key system used to enter NCHS occupied space. In the Research Triangle Park, North Carolina facility, access is controlled by a security guard, a cardkey system, and the use of identification badges by employees.
- Procedural Safeguards: All employees of NCHS and contractor personnel with access to NCHS records are required, as a condition of employment, to sign an affidavit binding them to nondisclosure of individually identifiable information and to view an NCHS video tape addressing confidentiality and systems security. Periodic correspondence is sent to staff to reinforce confidentiality regulations, guidelines, and procedures. Protection for computerized records both on the mainframe and the National Center Local Area Network (LAN) includes programmed verification of valid user identification code and password prior to logging on to the system, mandatory password changes, limited log-ins, virus protection, and user rights/file attribute restrictions. Password protection imposes user name and password log-in requirements to prevent unauthorized access. Each user name is assigned limited access rights to files and directories at varying levels to control file sharing. There are routine daily backup procedures and secure off-site storage is available for backup files. Additional safeguards may be built into the program by the system analyst as warranted by the sensitivity of the data.
Contractors who maintain records in the system are instructed to make no further disclosure of the records. Privacy Act and Section 308(d) of the Public Health Service Act requirements are specifically included in contracts for survey and research activities related to this system. The HHS Project Directors, contract officers, and project officers oversee compliance with these requirements.
- Implementation Guidelines: The safeguards outlined above are in accordance with the HHS Information Security Program Policy and FIPS Pub 200, “Minimum Security Requirements for Federal Information and Information Systems,” and the NCHS Staff Manual on Confidentiality. Data maintained on CDC’s Mainframe and the National Center LAN are in compliance with OMB Circular A-130, Appendix III. Security is provided for information collection, processing, transmission, storage, and dissemination in general support systems and major applications.
Retention and disposal: Records are retained and disposed of in accordance with the CDC Records Control Schedule for NCHS records. Original survey records are reviewed for accuracy, edited, and data (without personal identifiers such as name or Social Security number) are transferred to computer files. The original records are retained in locked office files of NCHS until the process of conversion to computer tape and verification of information is completed.
System manager(s) and address: Deputy Director, Division of Health Interview Statistics, National Center for Health Statistics, CCHIS, Metro IV Bldg., Rm. 2219, MS P08, Centers for Disease Control and Prevention, 3311 Toledo Road, Hyattsville, MD 20782.
Notification procedure: To determine if a record exists, write to the system manager.
Record access procedures: Access to record systems which have been granted an exemption from the Privacy Act access requirement may be made at the discretion of the system manager. Positive identification is required from anyone seeking access. Appeal of access refusal may be made to the Director, FOI/Privacy Acts Division, Office of Public Affairs, HHS Office of the Secretary. An individual may also request an accounting of disclosures of his or her record, if any.
Contesting record procedures: If access has been granted, contact the system manager and reasonably identify the record, specify the information being contested, and state the corrective active sought, with supporting information to show how the record is inaccurate, incomplete, untimely, or irrelevant.
Record source categories: Respondents included in the survey samples.
Systems exempted from certain provisions of the act: With respect to this system of records, exemption has been granted from the requirements contained in subsections 552a(c)(3), (d)(1) through (4), and (e)(4)(G) and (H) in accordance with the provisions of subsection 552a(k)(4) of the Privacy Act of 1974. The reason this system has been exempted is that this system contains only records required by statute to be maintained and used solely as statistical records. The exemption was published in the Federal Register, October 8, 1975, page 47413.
[Federal Register: September 25, 1984 (Volume 49, Number 187)] [Notices] [Page 37693-37694] (PDF - 733 Kb)
- Page last updated: April 11, 2012
Contact Us:
- Centers for Disease Control and Prevention
1600 Clifton Rd
Atlanta, GA 30333 - 800-CDC-INFO
(800-232-4636)
TTY: (888) 232-6348
New Hours of Operation
8am-8pm ET/
Monday-Friday
Closed Holidays - cdcinfo@cdc.gov