The Division of Microbiology and Infectious Diseases (DMID) complies with requirements for privacy and security established by the Office of Management and Budget (OMB), Department of Health and Human Services (DHHS), and the National Institutes of Health (NIH).  This page outlines the Privacy Policy of the Division of Microbiology and Infectious Diseases Clinical Research Operations & Management Support (DMID-CROMS) IT Systems.  Please note that this Privacy Policy may be updated or changed at any time.

Personally identifiable information is not collected by DMID-CROMS IT Systems unless it is voluntarily provided by you.  Select data about visits to DMID-CROMS Systems are collected to better understand how the site is used, and to make it more helpful.  DMID-CROMS does not collect information for commercial marketing or for any purpose unrelated to DMID-CROMS functions.

By signing in to DMID-CROMS IT Systems or submitting a Systems Access Request Form, you are voluntarily providing personally identifiable information (PII) and granting consent for its use in administration of DMID-CROMS IT Systems.  PII that may be collected includes:

• Name
• Address
• Phone Number
• Email Address

Collection of this information is authorized under 42 U.S.C. 241, 242, 248, 281, 282, 284, 285a, 285b, 285c, 285d, 285e, 285f, 285g, 285h, 285i, 285j, 285l, 285m, 285n, 285o, 285p, 285q, 287, 287b, 287c, 289a, 289c, and 44 U.S.C. 3101.  The primary use of this information is to support system authentication and user notification features; however, for some specific users, the information will also be used to facilitate/support the conduct and management of the clinical research of the Division of Microbiology and Infectious Diseases (DMID), National Institute of Allergy and Infectious Diseases (NIAID), National Institutes of Health (NIH), and such information may be disclosed to NIH researchers and/or other Federal government agencies, as necessary, for research purposes, and to NIH staff and contractors responsible for maintaining DMID-CROMS IT Systems.  Submission of this information is voluntary; however, to be registered as a user of a DMID-CROMS IT System and/or facilitate/support the conduct of DMID-sponsored research, you should complete all fields.

DMID-CROMS IT Systems also automatically track site usage data using Microsoft SharePoint Web Analytics. This data helps DMID-CROMS better understand how DMID-CROMS IT Systems are used and provides insight on how the user experience can be improved in the future.  Data automatically collected by DMID-CROMS IT Systems include:

• User Account (if signed in)
• IP Address
• Web Browser type and version
• User Navigation (clicks of hyperlinks and navigation from page to page)
• Date and Time of visit

The Office of Management and Budget (OMB) Memo M-10-22, Guidance for Online Use of Web Measurement and Customization Technologies, allows Federal agencies to use web measurement and customization technologies to improve user experience.  When you visit a website, it may generate a piece of text known as a “cookie” to place on your computer.  The cookie allows the website to “remember” specific information about your visit while you are connected and allows you to use some features of web pages more easily.  Session cookies last only as long as your web browser is open.  Once your browser is closed, the cookie disappears.  Persistent cookies are stored on your computer until they reach their expiration date or you log off.  After the expiration date, the persistent cookie is removed from your computer.

DMID-CROMS IT Systems automatically use persistent cookies stored on your computer until they reach their expiration date of 30 minutes since your last visit, or you log off.  Requests from any DMID-CROMS IT System to send cookies are designed to collect information about your browser session only; they do not collect PII about you.  On subsequent visits to the site within the expiration period, your browser will send the cookie back to the site.  Because a cookie’s value can uniquely identify you, the cookie can indicate how you initially visited the site.  For this reason, these persistent cookies are also referred to as tracking cookies.  The OMB Memo M-10-22 Guidance defined this use of persistent cookies as “Usage Tier 3 – Multi-session with PII.”  The policy states “This tier encompasses any use of multi-session web measurement and customization technologies when PII is collected (including when the agency is able to identify an individual as a result of its use of such technologies).”

Personally identifiable information voluntarily provided is not disclosed, given, sold, or transferred outside of DMID-CROMS, unless required for law enforcement or by statute.  Personally identifiable information is retained in secured DMID-CROMS IT System databases.  Security measures include user identification and password authentication, firewall, Intrusion Detection System (IDS), and encryption.

DMID-CROMS IT Systems link to other websites, Federal agency sites and other organizations.  By following these links, you are subject to the privacy policies of those sites.