[Federal Register Volume 82, Number 12 (Thursday, January 19, 2017)]
[Notices]
[Pages 6556-6558]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-01186]
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Disease Control and Prevention
National Center for Health Statistics (NCHS) Confidentiality
Pledge Revision Notice
AGENCY: Centers for Disease Control and Prevention (CDC), Department of
Health and Human Services (HHS).
ACTION: General notice--notice of revision of confidentiality pledges
under the Confidential Information Protection and Statistical
Efficiency Act.
-----------------------------------------------------------------------
SUMMARY: Under 44 U.S.C. 3506(e) and 44 U.S.C. 3501, CDC's National
Center for Health Statistics (NCHS) is announcing revisions to the
confidentiality pledge(s) it provides to its respondents under the
Confidential Information Protection and Statistical Efficiency Act (44
U.S.C. 3501) (CIPSEA). These revisions are required by the passage and
implementation of provisions of the Federal Cybersecurity Enhancement
Act of 2015 (H.R. 2029, Division N, Title II, Subtitle B, Sec. 223),
which permit and require the Secretary of the Department of Homeland
Security (DHS) to provide Federal civilian agencies' information
technology systems with cybersecurity protection for their Internet
traffic. More details on this announcement are presented in the
SUPPLEMENTARY INFORMATION section below.
DATES: These revisions become effective January 19, 2017.
ADDRESSES: Questions about this notice should be addressed to the
Information Collection Review Office, Centers for Disease Control and
Prevention, 1600 Clifton Road NE., MS-D74, Atlanta, Georgia 30329.
FOR FURTHER INFORMATION CONTACT: Leroy A. Richardson by telephone at
404-639-7570 (this is not a toll-free number); by email [email protected], or
by mail Information Collection Review Office, Centers for Disease
Control and Prevention, 1600 Clifton Road NE., MS-D74, Atlanta, Georgia
30329. Because of delays in the receipt of regular mail related to
security screening, respondents are encouraged to use electronic
communications.
SUPPLEMENTARY INFORMATION: Federal statistics provide key information
that the Nation uses to measure its performance and make informed
choices about budgets, employment, health, investments, taxes, and a
host of other significant topics. The overwhelming majority of Federal
surveys are conducted on a voluntary basis. Respondents, ranging from
businesses to households to institutions, may choose whether or not to
provide the requested information. Many of the most valuable Federal
statistics come from surveys that ask for highly sensitive information
such as proprietary business data from companies or particularly
personal information or practices from individuals. The CDC's National
Center for Health Statistics (NCHS) protects all data collected under
its authority under the confidentiality provisions of section 308(d) of
the Public Health service Act (42 U.S.C. 242m). Strong and trusted
confidentiality and exclusively statistical use pledges under the
Confidential Information Protection and Statistical Efficiency Act
(CIPSEA) and similar statistical confidentiality pledges are effective
and necessary in honoring the trust that businesses, individuals, and
institutions, by their responses, place in statistical agencies.
Under CIPSEA and similar statistical confidentiality protection
statutes, many Federal statistical agencies make statutory pledges that
the information respondents provide will be seen only by statistical
agency personnel or their sworn agents, and will be used only for
statistical purposes. CIPSEA and similar statutes protect the
confidentiality of information that agencies collect solely for
statistical purposes and under a pledge of confidentiality. These acts
protect such statistical information from administrative, law
enforcement, taxation, regulatory, or any other non-statistical use and
immunize the information submitted to statistical agencies from legal
process. Moreover, many of these statutes carry criminal penalties of a
Class E felony (fines up to $250,000, or up to five years in prison, or
both) for conviction of a knowing and willful unauthorized disclosure
of covered information.
As part of the Consolidated Appropriations Act for Fiscal Year 2016
signed on December 17, 2015, the Congress included the Federal
Cybersecurity Enhancement Act of 2015 (H.R. 2029, Division N, Title II,
Subtitle B, Sec. 223). This Act, among other provisions, permits and
requires the Secretary of the Department of Homeland Security (DHS) to
provide Federal civilian agencies' information
[[Page 6557]]
technology systems with cybersecurity protection for their Internet
traffic. The technology currently used to provide this protection
against cyber malware is known as Einstein 3A; it electronically
searches Internet traffic in and out of Federal civilian agencies in
real time for malware signatures.
When such a signature is found, the Internet packets that contain
the malware signature are shunted aside for further inspection by DHS
personnel. Because it is possible that such packets entering or leaving
a statistical agency's information technology system may contain a
small portion of confidential statistical data, statistical agencies
can no longer promise their respondents that their responses will be
seen only by statistical agency personnel or their sworn agents.
However, they can promise, in accordance with provisions of the Federal
Cybersecurity Enhancement Act of 2015, that such monitoring can be used
only to protect information and information systems from cybersecurity
risks, thereby, in effect, providing stronger protection to the
integrity of the respondents' submissions.
Consequently, with the passage of the Federal Cybersecurity
Enhancement Act of 2015, the Federal statistical community has an
opportunity to welcome the further protection of its confidential data
offered by DHS' Einstein 3A cybersecurity protection program. The DHS
cybersecurity program's objective is to protect Federal civilian
information systems from malicious malware attacks. The Federal
statistical system's objective is to ensure that the DHS Secretary
performs those essential duties in a manner that honors the
Government's statutory promises to the public to protect their
confidential data. Given that the Department of Homeland Security is
not a Federal statistical agency, both DHS and the Federal statistical
system have been successfully engaged in finding a way to balance both
objectives and achieve these mutually reinforcing objectives.
However, many current CIPSEA and similar statistical
confidentiality pledges promise that respondents' data will be seen
only by statistical agency personnel or their sworn agents. Since it is
possible that DHS personnel could see some portion of those
confidential data in the course of examining the suspicious Internet
packets identified by Einstein 3A sensors, statistical agencies need to
revise their confidentiality pledges to reflect this process change.
Therefore, NCHS is providing this notice to alert the public to
these confidentiality pledge revisions in an efficient and coordinated
fashion. Below is a table listing NCHS's current Paperwork Reduction
Act (PRA) OMB Control numbers and information collection titles and
their associated revised confidentiality pledge(s) for the Information
Collections whose confidentiality pledges will change to reflect the
statutory implementation of DHS' Einstein 3A monitoring for
cybersecurity protection purposes.
The following NCHS statistical confidentiality pledge will now
apply to the Information Collections whose Paperwork Reduction Act
Office of Management and Budget numbers and titles are listed below.
We take your privacy very seriously. All information that relates
to or describes identifiable characteristics of individuals, a
practice, or an establishment will be used only for statistical
purposes. NCHS staff, contractors, and agents will not disclose or
release responses in identifiable form without the consent of the
individual or establishment in accordance with section 308(d) of the
Public Health Service Act (42 U.S.C. 242m) and the Confidential
Information Protection and Statistical Efficiency Act of 2002 (CIPSEA,
Title 5 of Public Law 107-347). In accordance with CIPSEA, every NCHS
employee, contractor, and agent has taken an oath and is subject to a
jail term of up to five years, a fine of up to $250,000, or both if he
or she willfully discloses ANY identifiable information about you. In
addition, NCHS complies with the Federal Cybersecurity Enhancement Act
of 2015. This law requires the federal government to protect federal
computer networks by using computer security programs to identify
cybersecurity risks like hacking, internet attacks, and other security
weaknesses. If information sent through government networks triggers a
cyber threat indicator, the information may be intercepted and reviewed
for cyber threats by computer network experts working for, or on behalf
of the government.
NCHS's Current OMB Control Numbers
------------------------------------------------------------------------
OMB control No. Title of information collection
------------------------------------------------------------------------
0920-0119............................. National Ambulatory Medical Care
Survey Supplement on Culturally
and Linguistically Appropriate
Services (NAMCS CLAS).
0920-0212............................. National Hospital Care Survey.
0920-0213............................. NCHS: National Vital Statistics
Report Forms.
0920-0214............................. National Health Interview
Survey.
0920-0215............................. Application Form and Related
Forms for the Operation of the
National Death Index.
0920-0217............................. NCHS Application for Vital
Statistics Training Form.
0920-0222............................. NCHS Questionnaire Design
Research Laboratory.
0920-0234............................. National Ambulatory Medical Care
Survey (NAMCS).
0920-0278............................. National Hospital Ambulatory
Medical Care Survey.
0920-0314............................. National Survey of Family
Growth.
0920-0729............................. Customer Surveys Generic
Clearance for the National
Center for Health Statistics.
0920-0943............................. Data Collection for the
Residential Care Community and
Adult Day Services Center
Components of the National
Study of Long-term Care
Providers.
0920-0950............................. National Health and Nutrition
Examination Survey.
0920-1015............................. The National Ambulatory Medical
Care Survey (NAMCS) National
Electronic Health Record Survey
(NEHRS).
0920-1030............................. Developmental Studies to Improve
the National Health Care
Surveys.
0920-1063............................. NAMCS Supplement of Primary Care
Policies (NSPCP) for Managing
Patients with High Blood
Pressure, High Cholesterol, or
Diabetes.
------------------------------------------------------------------------
[[Page 6558]]
Leroy A. Richardson,
Chief, Information, Collection Review Office, Office of Scientific
Integrity, Office of the Associate Director for Science, Office of the
Director, Centers for Disease Control and Prevention.
[FR Doc. 2017-01186 Filed 1-18-17; 8:45 am]
BILLING CODE 4163-18-P