Former Worker Medical Screening Program - PowerPoint PPT Presentation

1 / 13
About This Presentation
Title:

Former Worker Medical Screening Program

Description:

Approximately 300,000 former DOE Federal, contractor, and subcontractor ... suspected PII/PHI loss by CAH sub-recipients are reportable incidents to DOECIRC. ... – PowerPoint PPT presentation

Number of Views:41
Avg rating:3.0/5.0
Slides: 14
Provided by: HSWG
Category:

less

Transcript and Presenter's Notes

Title: Former Worker Medical Screening Program


1
Former Worker Medical Screening Program
  • Isaf Al-Nabulsi, Ph.D.
  • Program Analyst
  • Office of Former Worker Screening Programs
  • Human Subjects Working Group Meeting
  • November 13, 2009

2
Program Status
  • Approximately 300,000 former DOE Federal,
    contractor, and subcontractor employees have been
    invited to participate
  • Over 60,000 have received an initial screening
    exam and
  • Over 8,700 have received a rescreening exam.

3
Current Initiatives
  • Task Group formed to explore program issues
    requiring focused attention
  • Revised medical screening protocol
  • Developed surveillance case definitions
  • Recommended language for results letters
  • Medical exams have been expanded to include
    general health assessments.
  • Launched a multi-approach outreach and awareness
    campaign
  • Interfacing with EFCOG Occupational Medicine
    Subgroup
  • Linking with DOL, the Ombudsmans Office to DOL,
    NIOSH, and the Ombudsmans Office to NIOSH
  • Conducting DOE site visits
  • Developed program brochure

4
FWP
5
FWP Loss of PIIBackground
  • January 2009 A password-protected CD
    containing a roster of current and former
    employees at DOEs Idaho facilities workers was
    lost in shipment between 2 FWP Service Providers.
    Roster contained
  • 59,617 names
  • Social Security Numbers
  • Dates of birth
  • Employers
  • Hire data

6
Actions Taken
  • FWP Projects
  • Each project reported the loss of PII to their
    respective IRBs.
  • Notified FWP Program Manager.
  • INL IRB
  • Dena Tomahawk notified HSPP Program Manager.
  • INL
  • Notified current workers and former workers
    receiving pensions.

7
Actions Taken by HSS
  • Notified DOE-Cyber Incident Response Capability
    (DOE-CIRC)
  • Established a toll-free hotline to answer
    questions regarding the incident
  • Offered to provide free credit monitoring
    services for one year for those whose names were
    on the CD
  • Ordered the suspension of PII transmittals
    pending the results of an investigation
  • Provided instructions for the safe transmittal of
    PII and restarted the program
  • Worked with the IRS to mail notifications to
    additional former workers whose addresses were
    unknown
  • In conjunction with DOE SC, developed IRB
    checklist

8
Checklist for IRBs to Use in Verifying that HS
Research Protocols are In Compliance with DOE
Requirements
  • The following items must be addressed in all
    protocols
  • Keeping PII confidential
  • Releasing PII only under a procedure approved by
    the responsible IRB(s) and DOE, where required
  • Using PII only for purposes of this program,
    assisting participants filing claims under the
    Energy Employees Occupational Illness
    Compensation Program (EEOICP), or with the
    consent of the participant
  • Handling and marking documents containing PII as
    containing PII or PHI.
  • Establishing reasonable administrative,
    technical, and physical safeguards to prevent
    unauthorized use or disclosure of PII

9
Checklist for IRBs to Use in Verifying that HS
Research Protocols are In Compliance with DOE
Requirements (cont.)
  • Making no further use or disclosure of the PII
    except when approved by the responsible IRB(s)
    and DOE, where applicable, and then only under
    the following circumstances (a) in an emergency
    affecting the health or safety of any individual
    (b) for use in another research project under
    these same conditions and with DOE written
    authorization (c) for disclosure to a person
    authorized by the DOE program office for the
    purpose of an audit related to the project (d)
    when required by law or (e) with the consent of
    the participant.
  • Protecting PII data stored on removable media
    (CD, DVD, USB Flash Drives, etc.) using
    encryption products that are Federal Information
    Processing Standards (FIPS) 140-2 certified
  • Using passwords to protect PII used in
    conjunction with FIPS 140-2 certified encryption
    that meet the current DOE password requirements
    cited in DOE Guide 205.3-1
  • Sending removable media containing PII, as
    required, by express overnight service with
    signature and tracking capability, and shipping
    hard copy documents double wrapped

10
Checklist for IRBs to Use in Verifying that HS
Research Protocols are In Compliance with DOE
Requirements (cont.)
  • Encrypting data files containing PII that are
    being sent by e-mail with FIPS 140-2 certified
    encryption products
  • Sending passwords that are used to encrypt data
    files containing PII separately from the
    encrypted data file, i.e. separate e-mail,
    telephone call, separate letter
  • Using FIPS 140-2 certified encryption methods for
    websites established for the submission of
    information that includes PII
  • Using two-factor authentication for logon access
    control for remote access to systems and
    databases that contain PII. (Two-factor
    authentication is contained in the National
    Institute of Standards and Technology (NIST)
    Special Publication 800-63 Version 1.0.2 found
    at http//csrc.nist.gov/publications/nistpubs/80
    0-63/SP800-63V1_0_2.pdf)
  • Reporting the loss or suspected loss of PII
    immediately upon discovery to 1) the DOE
    funding office Program Manager and 2) the
    applicable IRBs (as designated by the DOE Program
    Manager). If the DOE Program Manager is
    unreachable, immediately notify the DOE-CIRC
    (1-866-941-2472, http//www.doecirc.energy.gov/).

11
Update
  • Had 4 additional incidents of suspected PII loss.
  • Continued working with the FWP cooperative
    agreement holders (CAHs) to identify lessons
    learned and determine if additional procedures or
    corrective actions are necessary.
  • Met with HQ GC and discussed DOEs liability for
    the loss of PII/PHI by sub-recipients of CAH.
  • Have requested ruling from HQ GC as to whether
    suspected PII/PHI loss by CAH sub-recipients are
    reportable incidents to DOECIRC.
  • CAHs will still be required to report incidents
    to HQ, appropriate IRBs, and participant.
  • Will finalize privacy awareness training that
    will be made available to the FWP CAHs and their
    staff.

12
National Day of Remembrance
  • Honoring the Past and Looking to the Future
  • On May 22, the U.S. Senate designated October 30
    as National Day of Remembrance for nuclear
    weapons program workers and uranium miners,
    millers, and haulers.
  • Congress has encouraged the people of the United
    States to support and participate in appropriate
    ceremonies, programs, and other activities to
    commemorate October 30 as a National Day of
    Remembrance for past and present workers in
    America's nuclear weapons program.
  • The Secretary of Energy encouraged each of the
    DOE sites and laboratories within the DOE complex
    that support our countrys nuclear weapons
    program to mark this special day with their own
    events.

13
Questions?
Write a Comment
User Comments (0)
About PowerShow.com