PIA - 17A. Provide the reason of access for each of the groups identified in PIA -17 PIA - 17B: Contractors: RTI requires access to prevent duplicate the unique study ID to connect screener and survey da completed the survey. Others: Creative Group will receive email addresses of Select the type of contractor and fraudulent responses. RTI creates ta and determine if participants have participants to distribute incentives. Third-Party Contractor (Contractors other than HHS Direct Contractors) PIA - 18: Describe the administrative procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII System roles are reviewed and authorized by project management and granted by the appropriate administrator. Role-based access controls are applied for all PII. Contractor system administrators for the project have role-based access to PII and utilize only the PII necessary to perform job duties identified with their role. Other RTI employees (i.e., project director, data collection task leader, programming task leader, programming team, data collection managers, data collection supervisors, data collectors, analysts) are provided with access to the secure project share to access PII or survey data to perform role-based programming, data management, data collection, analysis, and/or reporting job duties. Role-based access control is employed so that users only have “need-to-know” access to the data necessary to perform their job duties. PIA - 19: Describe the technical methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job The data collection system employs data access through the use of controls advised by NIST Special Publication PIA - 20: Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained 800-53 that are deployed in RTI’s network to ensure that access to any data is restricted by role. Unaffiliated with the project team, RTI Global Technology Solutions (GTS) maintains all role-based access controls independently from project staff. Inclusion of project staff users in role groups must be formally requested to RTI GTS and specifically approved by the RTI project director or project manager for any user to obtain access to systems or data. Membership in spec...
PIA - 17A. Provide the reason of access for each of the groups identified in PIA -17 Users: Users create, review, manage and execute recruitment packages, personnel action request (PAR) actions, position and employee management. Administrators: For System Administration within HR-PBM. Developers: For System Development within HR-PBM. Contractors: Direct Contractors have access to this data for system administration and development work to address FDA’s business needs. PIA - 17B: Select the type of contractor HHS/OpDiv Direct Contractor PIA - 18: Describe the administrative procedures in place to determine All access to HR-PBM require supervisor approval prior to the user which system users (administrators, developers, contractors, etc.) may access PII gaining access. Systems access is reviewed on a quarterly basis to identify and remove unnecessary accounts. PIA - 19: Describe the technical methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job Access for system administration is limited to a work need basis. Administrators are subject to a higher level of background check. CDRH revises the access list and restrictions are reviewed on a quarterly basis during which time users' access permissions are reviewed/adjusted and unnecessary accounts and permissions are identified and removed or adjusted. PIA - 20: Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained All personnel, including Direct Contractors complete Security and Privacy Awareness training at least annually. PIA - 21: Describe training system users receive (above and beyond general security and privacy awareness training). No additional system-specific training is provided. Personnel may contact FDA's privacy staff for guidance.
PIA - 17A. Provide the reason of access for each of the groups identified in PIA -17 Users - CTP users need PII access to respond to inquiries Administrators - Require PII access to address defects in the system. Contractors - Badged FDA direct contractors have access to the system to customize and deploy TriCS based on stakeholder PIA - 17B: Select the type of contractor HHS/OpDiv Direct Contractor
PIA - 17A. Provide the reason of access for each of the groups identified in PIA -17 req uired to collect this information as a part of ers will work with the ag ency POC's to create e medical pan el for testing purposes. access to data but will not have a need to know orded and audited. Developers Reasoning: em and performing work for FOH include nurses, man ag ers. These individuals curren tly have access ists will have minimal access to the PII data in All end-user accounts will be man ag ed by the FedHealth IT Configuration team within FOH. Customers may submit req uests for access to their FOH Account Executive who will work with the FOH FedHealth IT Configuration team to accommodate such requests. An online form will be made available to customers which will include the proper approvals for granting access to employees within an agency. Only specific positions and roles within FOH are allowed access to PII and PHI. Background clearances are standard with the provision of such data access. Authorized individuals (sup ervisors) of req uesting end-user accounts must approve access to FedHealth based upon the role req uested. Each potential end-user of FedHealth must attend application and FedHealth security training prior to being approved for a FedHealth end-user account. Ongoing FedHealth security and application training is provided and will be mandatory for all end-user groups, especially those that may have access to PII and PHI. FedHealth is cap able of restricting end-user's access by organization, functional module, and objects within a module. FOH FedHealth IT Configuration team will work with FOH Account Executive to manage and control end-user's access. All system users will complete req uired Annual HHS Security Awaren ess and Privacy Awaren ess Training. Users will receive training on Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the FedHealth System Training. Users working with customer employee records will be training on identification validation practices within the clinical setting. PII data will not be deleted or purged from the system. All inactive information will be flagged with In-active Status. National Archives and Records Administration (NARA) Gen eral Records Sched ules (GRS)-1 is the retention sched ule for the FedHealth system.
PIA - 17A. Provide the reason of access for each of the groups identified in PIA -17 Users : Use reports / dashbo ards assign ed to them which have PII. Administrators: Complete access to the system for management and support. Developers: Selected developers with HRSA GFE create reports / dashbo ards for the users Contractors: Direct Contractors with HRSA and with PIV/Government furnished equipment(GFE) for development and operations of the system PIA - 17B: Select the type of contractor HHS/OpDiv Direct Contractor PIA - 18: Describe the administrative procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII HRSA bureau office determines the users who need access to DMACS and a req uest is sent to the OIT office for approval. Upon approval, the request is sent to DMACS Administrator, who will then create these user accounts. Users : Use reports / dashbo ards assign ed to them which have PII. Administrators: Complete access to the system for management and support. Developers: Selected developers with HRSA GFE create reports / dashboards for the users Contractors: Direct Contractors with HRSA and with PIV/Government furnished equipment(GFE) for development and operations of the system PIA - 19: Describe the technical methods in place to allow those DMACS establishes user access through RBAC.RBAC enforces the principle of least privileges which grant users just enough permissions need ed to perform their business functions. PIA - 20: with access to PII to only access the minimum amount of information necessary toperform their job Identify training and awaren ess provided to personnel (system owners, man ag ers, operators,contractors and/or program managers) using the system to make them aware oftheir responsibilities for protecting the information being collected and maintained All HRSA employees and direct contractors that use the HRSA PRF are req uired to take government-furnished a security awaren ess training. All system users will receive system training and HRSA PRF user guides to support the various functions of the s All HRSA employees and direct contractors that use the HRSA PRF System are req uired to take government-fur annual security awaren ess trainings. Upon accessing the initial HRSA PRF System trainings all users will be requ acknowled ge that they have completed all of the req uisite HHS privacy trainings, including: the Annual HHS Infor Systems Security Awaren ess Training; the Annual HHS Priv...
PIA - 17A. Provide the reason of access for each of the groups identified in PIA -17 Users: Meeting and training attendees have access to names as they appear on attendee rosters. Attendees and members of the public do not normally have access to email addresses. They can have access to email addresses if Adobe Connect content creators, course developers need to track attendance of training taken and course completion or for controlling access to meetings. Administrators: The FDA Adobe Connect System Administrators have access to all PII within the system because they control access to Adobe Connect. They have access to content creators that have received cred entials to create content using the system. Some Administrators are Direct Contractors. Contractors: The FDA Adobe Connect System Administrators have access to all PII within the system because they control access to Adobe Connect. They have access to content creators that have received cred entials to create content using the system. Some Administrators are Direct Contractors. Others: Adobe Connect hosts (FDA employees, Direct Contractors, and third-party contractors) have access to names and email addresses to control and track attendance. The FDA Adobe Connect System Administrators have access to all PII within the system because they control access to Adobe Connect. They have access to content creators that have received cred entials to create content using the system. Some Administrators are Direct Contractors. PIA - 17B: Select the type of contractor HHS/OpDiv Direct Contractor Third-Party Contractor (Contractors other than HHS Direct Contractors)
