82 FR 6556 - National Center for Health Statistics (NCHS) Confidentiality Pledge Revision Notice

DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Disease Control and Prevention

Federal Register Volume 82, Issue 12 (January 19, 2017)

Under 44 U.S.C. 3506(e) and 44 U.S.C. 3501, CDC's National Center for Health Statistics (NCHS) is announcing revisions to the confidentiality pledge(s) it provides to its respondents under the Confidential Information Protection and Statistical Efficiency Act (44 U.S.C. 3501) (CIPSEA). These revisions are required by the passage and implementation of provisions of the Federal Cybersecurity Enhancement Act of 2015 (H.R. 2029, Division N, Title II, Subtitle B, Sec. 223), which permit and require the Secretary of the Department of Homeland Security (DHS) to provide Federal civilian agencies' information technology systems with cybersecurity protection for their Internet traffic. More details on this announcement are presented in the SUPPLEMENTARY INFORMATION section below.

[Federal Register Volume 82, Number 12 (Thursday, January 19, 2017)]
[Notices]
[Pages 6556-6558]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2017-01186]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Disease Control and Prevention


National Center for Health Statistics (NCHS) Confidentiality 
Pledge Revision Notice

AGENCY: Centers for Disease Control and Prevention (CDC), Department of 
Health and Human Services (HHS).

ACTION: General notice--notice of revision of confidentiality pledges 
under the Confidential Information Protection and Statistical 
Efficiency Act.

-----------------------------------------------------------------------

SUMMARY: Under 44 U.S.C. 3506(e) and 44 U.S.C. 3501, CDC's National 
Center for Health Statistics (NCHS) is announcing revisions to the 
confidentiality pledge(s) it provides to its respondents under the 
Confidential Information Protection and Statistical Efficiency Act (44 
U.S.C. 3501) (CIPSEA). These revisions are required by the passage and 
implementation of provisions of the Federal Cybersecurity Enhancement 
Act of 2015 (H.R. 2029, Division N, Title II, Subtitle B, Sec. 223), 
which permit and require the Secretary of the Department of Homeland 
Security (DHS) to provide Federal civilian agencies' information 
technology systems with cybersecurity protection for their Internet 
traffic. More details on this announcement are presented in the 
SUPPLEMENTARY INFORMATION section below.

DATES: These revisions become effective January 19, 2017.

ADDRESSES: Questions about this notice should be addressed to the 
Information Collection Review Office, Centers for Disease Control and 
Prevention, 1600 Clifton Road NE., MS-D74, Atlanta, Georgia 30329.

FOR FURTHER INFORMATION CONTACT: Leroy A. Richardson by telephone at 
404-639-7570 (this is not a toll-free number); by email [email protected], or 
by mail Information Collection Review Office, Centers for Disease 
Control and Prevention, 1600 Clifton Road NE., MS-D74, Atlanta, Georgia 
30329. Because of delays in the receipt of regular mail related to 
security screening, respondents are encouraged to use electronic 
communications.

SUPPLEMENTARY INFORMATION: Federal statistics provide key information 
that the Nation uses to measure its performance and make informed 
choices about budgets, employment, health, investments, taxes, and a 
host of other significant topics. The overwhelming majority of Federal 
surveys are conducted on a voluntary basis. Respondents, ranging from 
businesses to households to institutions, may choose whether or not to 
provide the requested information. Many of the most valuable Federal 
statistics come from surveys that ask for highly sensitive information 
such as proprietary business data from companies or particularly 
personal information or practices from individuals. The CDC's National 
Center for Health Statistics (NCHS) protects all data collected under 
its authority under the confidentiality provisions of section 308(d) of 
the Public Health service Act (42 U.S.C. 242m). Strong and trusted 
confidentiality and exclusively statistical use pledges under the 
Confidential Information Protection and Statistical Efficiency Act 
(CIPSEA) and similar statistical confidentiality pledges are effective 
and necessary in honoring the trust that businesses, individuals, and 
institutions, by their responses, place in statistical agencies.
    Under CIPSEA and similar statistical confidentiality protection 
statutes, many Federal statistical agencies make statutory pledges that 
the information respondents provide will be seen only by statistical 
agency personnel or their sworn agents, and will be used only for 
statistical purposes. CIPSEA and similar statutes protect the 
confidentiality of information that agencies collect solely for 
statistical purposes and under a pledge of confidentiality. These acts 
protect such statistical information from administrative, law 
enforcement, taxation, regulatory, or any other non-statistical use and 
immunize the information submitted to statistical agencies from legal 
process. Moreover, many of these statutes carry criminal penalties of a 
Class E felony (fines up to $250,000, or up to five years in prison, or 
both) for conviction of a knowing and willful unauthorized disclosure 
of covered information.
    As part of the Consolidated Appropriations Act for Fiscal Year 2016 
signed on December 17, 2015, the Congress included the Federal 
Cybersecurity Enhancement Act of 2015 (H.R. 2029, Division N, Title II, 
Subtitle B, Sec. 223). This Act, among other provisions, permits and 
requires the Secretary of the Department of Homeland Security (DHS) to 
provide Federal civilian agencies' information

[[Page 6557]]

technology systems with cybersecurity protection for their Internet 
traffic. The technology currently used to provide this protection 
against cyber malware is known as Einstein 3A; it electronically 
searches Internet traffic in and out of Federal civilian agencies in 
real time for malware signatures.
    When such a signature is found, the Internet packets that contain 
the malware signature are shunted aside for further inspection by DHS 
personnel. Because it is possible that such packets entering or leaving 
a statistical agency's information technology system may contain a 
small portion of confidential statistical data, statistical agencies 
can no longer promise their respondents that their responses will be 
seen only by statistical agency personnel or their sworn agents. 
However, they can promise, in accordance with provisions of the Federal 
Cybersecurity Enhancement Act of 2015, that such monitoring can be used 
only to protect information and information systems from cybersecurity 
risks, thereby, in effect, providing stronger protection to the 
integrity of the respondents' submissions.
    Consequently, with the passage of the Federal Cybersecurity 
Enhancement Act of 2015, the Federal statistical community has an 
opportunity to welcome the further protection of its confidential data 
offered by DHS' Einstein 3A cybersecurity protection program. The DHS 
cybersecurity program's objective is to protect Federal civilian 
information systems from malicious malware attacks. The Federal 
statistical system's objective is to ensure that the DHS Secretary 
performs those essential duties in a manner that honors the 
Government's statutory promises to the public to protect their 
confidential data. Given that the Department of Homeland Security is 
not a Federal statistical agency, both DHS and the Federal statistical 
system have been successfully engaged in finding a way to balance both 
objectives and achieve these mutually reinforcing objectives.
    However, many current CIPSEA and similar statistical 
confidentiality pledges promise that respondents' data will be seen 
only by statistical agency personnel or their sworn agents. Since it is 
possible that DHS personnel could see some portion of those 
confidential data in the course of examining the suspicious Internet 
packets identified by Einstein 3A sensors, statistical agencies need to 
revise their confidentiality pledges to reflect this process change.
    Therefore, NCHS is providing this notice to alert the public to 
these confidentiality pledge revisions in an efficient and coordinated 
fashion. Below is a table listing NCHS's current Paperwork Reduction 
Act (PRA) OMB Control numbers and information collection titles and 
their associated revised confidentiality pledge(s) for the Information 
Collections whose confidentiality pledges will change to reflect the 
statutory implementation of DHS' Einstein 3A monitoring for 
cybersecurity protection purposes.
    The following NCHS statistical confidentiality pledge will now 
apply to the Information Collections whose Paperwork Reduction Act 
Office of Management and Budget numbers and titles are listed below.
    We take your privacy very seriously. All information that relates 
to or describes identifiable characteristics of individuals, a 
practice, or an establishment will be used only for statistical 
purposes. NCHS staff, contractors, and agents will not disclose or 
release responses in identifiable form without the consent of the 
individual or establishment in accordance with section 308(d) of the 
Public Health Service Act (42 U.S.C. 242m) and the Confidential 
Information Protection and Statistical Efficiency Act of 2002 (CIPSEA, 
Title 5 of Public Law 107-347). In accordance with CIPSEA, every NCHS 
employee, contractor, and agent has taken an oath and is subject to a 
jail term of up to five years, a fine of up to $250,000, or both if he 
or she willfully discloses ANY identifiable information about you. In 
addition, NCHS complies with the Federal Cybersecurity Enhancement Act 
of 2015. This law requires the federal government to protect federal 
computer networks by using computer security programs to identify 
cybersecurity risks like hacking, internet attacks, and other security 
weaknesses. If information sent through government networks triggers a 
cyber threat indicator, the information may be intercepted and reviewed 
for cyber threats by computer network experts working for, or on behalf 
of the government.

                   NCHS's Current OMB Control Numbers
------------------------------------------------------------------------
            OMB control No.              Title of information collection
------------------------------------------------------------------------
0920-0119.............................  National Ambulatory Medical Care
                                         Survey Supplement on Culturally
                                         and Linguistically Appropriate
                                         Services (NAMCS CLAS).
0920-0212.............................  National Hospital Care Survey.
0920-0213.............................  NCHS: National Vital Statistics
                                         Report Forms.
0920-0214.............................  National Health Interview
                                         Survey.
0920-0215.............................  Application Form and Related
                                         Forms for the Operation of the
                                         National Death Index.
0920-0217.............................  NCHS Application for Vital
                                         Statistics Training Form.
0920-0222.............................  NCHS Questionnaire Design
                                         Research Laboratory.
0920-0234.............................  National Ambulatory Medical Care
                                         Survey (NAMCS).
0920-0278.............................  National Hospital Ambulatory
                                         Medical Care Survey.
0920-0314.............................  National Survey of Family
                                         Growth.
0920-0729.............................  Customer Surveys Generic
                                         Clearance for the National
                                         Center for Health Statistics.
0920-0943.............................  Data Collection for the
                                         Residential Care Community and
                                         Adult Day Services Center
                                         Components of the National
                                         Study of Long-term Care
                                         Providers.
0920-0950.............................  National Health and Nutrition
                                         Examination Survey.
0920-1015.............................  The National Ambulatory Medical
                                         Care Survey (NAMCS) National
                                         Electronic Health Record Survey
                                         (NEHRS).
0920-1030.............................  Developmental Studies to Improve
                                         the National Health Care
                                         Surveys.
0920-1063.............................  NAMCS Supplement of Primary Care
                                         Policies (NSPCP) for Managing
                                         Patients with High Blood
                                         Pressure, High Cholesterol, or
                                         Diabetes.
------------------------------------------------------------------------



[[Page 6558]]

Leroy A. Richardson,
Chief, Information, Collection Review Office, Office of Scientific 
Integrity, Office of the Associate Director for Science, Office of the 
Director, Centers for Disease Control and Prevention.
[FR Doc. 2017-01186 Filed 1-18-17; 8:45 am]
 BILLING CODE 4163-18-P