Skip Navigation Links

icon

Transmittal Notice

  1. Explanation of Material Transmitted: This chapter describes the policy for reporting data on the race, ethnicity, sex and disability status of NIH federal employees and fellows. This chapter also describes the policy on access to data on race, ethnicity, sex and disability status.
  2. Filing Instructions:

Remove:  None
Insert:  Manual Issuance 2205, dated, 04/16/2016

PLEASE NOTE:  For information on:

The purpose of this chapter is to (1) establish the guidelines for reporting data on the race, ethnicity, sex and disability status of NIH federal employees and fellows; and (2) specify who is authorized to access this data. The NIH is committed to protecting the privacy of NIH federal employees and fellows in accordance with the Privacy Act of 1974 as amended at 5 U.S.C. 552a and Title 29 Code of Federal Regulations (CFR) Part 1614.601.

In accordance with the Privacy Act and Title 29 CFR Part 1614.601, the NIH is responsible for managing personally identifiable information (PII) contained in the agency’s data reporting and retrieval systems. The Privacy Act protects records that can be retrieved by personal identifiers. Title 29 CFR Part 1614.601 requires the NIH to collect and maintain voluntary information on the race, ethnicity, sex and disability status of its employees. This information must only be disclosed in the form of aggregate data, which does not identify individuals. This data is used in studies and analyses which contribute affirmatively to achieving the objectives of the NIH equal employment opportunity program.

Unauthorized use or disclosure of sensitive information can result in the loss of the public’s trust and confidence in the NIH’s ability to properly protect PII.  A PII data breach may also require significant use of NIH resources to mitigate the negative consequences, such as staff members, time, assets and financial resources. A PII data breach would prevent the NIH from allocating these important resources elsewhere.

The Office of Equity, Diversity and Inclusion (EDI) provides each IC with biannual reports of their respective workforce stratified by race/ethnicity, sex and disability status, compared to the overall NIH workforce. Institutes and Centers (ICs) may also request ad hoc reports to inform their equity, diversity and inclusion strategies.

It is the policy of the NIH to disclose information about the race, ethnicity, sex and disability status of employees and fellows in a manner that does not identify individuals. Data will be reported in aggregate and suppressed if the population size is small enough to identify individuals. The decision to suppress data will be determined by the size of the population from which the query is drawn.

Access to NIH databases with race/ethnicity, sex and disability status is limited to authorized NIH personnel in the EDI, the Office of Human Resources (OHR), the Center for Information Technology (CIT) and selected NIH Institutes and Centers (ICs) with at least a level 5 security clearance.

Requests for Data

  1. All requests for workforce data stratified by race, ethnicity, sex, or disability status must be submitted via the EDI website, by contacting the respective data analyst, or by contacting the Branch Chief for Data Analytics in the Division of Data Analytics and Customer Outreach at (301) 496-6301.

Standards

  1. Race, ethnicity, sex and disability status data is collected via Office of Management and Budget (OMB) approved standards.
  2. Race, ethnicity, sex and disability status data is retrieved from NIH and/or the U.S. Department of Health and Human Services (HHS) database systems.
  3. All staff will safeguard race, ethnicity, sex and disability status data in their possession.
  4. The NIH will limit the collection of PII to that which is legally authorized, and necessary for the proper performance of agency functions and has practical utility.
  5. The EDI will perform the necessary analysis of workforce data in compliance with all applicable laws, regulations and policies.

Incidents

  1. All incidents of loss, misuse or unauthorized disclosure of sensitive information will be reported according to the established NIH Office of Information Technology security incident reporting procedures and requirements. Please refer to the guidance provided in the NIH Information Security and Privacy Awareness Training.

E. Definitions

For the purposes of this chapter, the following terms and definitions are useful in determining the appropriate procedures to follow:

  1. Aggregate: The cumulative total of employees and fellows by race, ethnicity, sex and disability status.
  2. Data Breach:  Unauthorized disclosure of, or unauthorized access to EEO sensitive data in a manner that identifies individuals.
  3. EEO Sensitive Data: Information about the race, ethnicity, sex and disability status of NIH federal employees and fellows that is collected by the NIH for the analysis and reporting of trends in the NIH workforce.
  4. Federal Employee: Individuals who are employed by the federal government of the United States of America.
  5. Fellow: Individuals training at the NIH under the Intramural Research Training Award or Cancer Research Training Award Fellowship Programs.
  6. Personally Identifiable Information (PII): Information which can be used to distinguish or trace an individual's identity, such as their name, Social Security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. (Defined in OMB M-07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information)

F. Responsibilities

  1. Office of Human Resources (OHR): Entering data on race, ethnicity, sex and disability status of NIH federal employees into the official human resources data base.
  2. Institutes and Centers Administrative Officers: Entering data on race, ethnicity, sex and disability status of NIH fellows into the Fellowship Payment System.
  3. Office of Equity Diversity and Inclusion (EDI) (in coordination with IT privacy and security personnel as needed):
    1. Retrieve, analyze and report data trends stratified by race, ethnicity, sex and disability status of NIH federal employees and fellows to requesters (e.g. Equal Employment Opportunity Commission (EEOC), HHS and IC Personnel).
      • The data will be disclosed in the form of aggregate data, which does not identify individuals. The decision to suppress data will be determined by the size of the population from which the query is drawn.
    2. Safeguard information on race, ethnicity, sex and disability status data of NIH federal employees and fellows at the individual level. 
    3. Comply with applicable Privacy regulations and requirements, including but not limited to Title 29 CFR Part 1614.601, the Privacy Act of 1974 (as amended), the NIH IT Privacy Program and the NIH Manual Chapter 1743.
    4. Ensure requesters are aware of the sensitivity of the data being handled.
    5. Ensure data is not processed on an NIH system without the appropriate level of privacy controls.
  4. Designated Institutes and Centers:
    1. Retrieve, analyze and report data trends stratified by race, ethnicity, sex and disability status of NIH federal employees and fellows.
    2. Ensure that any data released in a published report will be disclosed in the form of aggregate data, which does not identify individuals.
    3. Share all analyses related to race, ethnicity, sex and disability status data with the EDI.
    4. Safeguard information on race, ethnicity, sex and disability status data of NIH federal employees and fellows at the individual level. 
    5. Comply with applicable privacy regulations and requirements, including but not limited to Title 29 CFR Part 1614.14, the Privacy Act of 1974 (as amended), the NIH IT Privacy Program and the NIH Manual Chapter 1743.
    6. Ensure data is not processed on an NIH system without the appropriate level of privacy controls.
    7. Report suspected or confirmed data breaches within one (1) hour of discovery to the NIH IT Service Desk.
  5. Report Recipient/ End User:
    1. Request data on race, ethnicity, sex and disability status of NIH federal employees and fellows in line with the user or employee’s official duties.
    2. Utilize the requested data to further the NIH’s goals of equity, diversity and inclusion.
    3. Comply with the Departmental and NIH privacy policies, standards and procedures.
    4. Be aware of privacy requirements for accessing, protecting, handling and using data.
    5. Report suspected or confirmed data breaches within one (1) hour of discovery to the NIH IT Service Desk.

G. Records Retention and Disposal

All records pertaining to this chapter must be retained and disposed of under the authority of NIH Manual 1743,"Keeping and Destroying Records," Appendix 1, "NIH Records Control Schedules" (as amended). These records must be maintained in accordance with current NIH Records Management and Federal guidelines. Contact your IC Records Liaison https://oma.od.nih.gov/DMS/Pages/Records-Management-Records-Liaisons.aspx or the NIH Records Officer for additional information.

H. Internal Controls

The purpose of this manual issuance is to provide guidance to NIH personnel.

  1. Office Responsible for Reviewing Internal Controls Relative to this Chapter: EDI, Office of the Director (OD), NIH.
  2. Frequency of Review (in years): EDI will maintain an ongoing informal review on an annual basis, with a formal review process occurring every three years. Reviews will involve periodic assessments to determine if modifications to the existing policy are required. These assessments will evaluate the frequency and circumstances of data breaches as well as evaluate whether the existing policy still meets the NIH’s needs.
  3. Method of Review: EDI will collect feedback from the ICs and other stakeholders within the NIH through small group meetings, surveys and/or interviews.
  4. Review Reports are sent to: Review reports will be sent to the Director of EDI and the Deputy Director for Management.

* If you require a 508 compliant PDF version of a chapter please contact policymanual@nih.gov
Arrow UpBack to Top