Code of Conduct

Purpose

Due to the highly collaborative nature of CDC’s Informatics Research and Development Lab, it is necessary to have a code of conduct to govern all collaborative materials posted and made available through the internet by the general public.

Background

CDC Scientific Clearance is the process of obtaining approvals by appropriate CDC officials before a CDC information product is released to the public or CDC’s external public health partners. Information products that require formal clearance include print, electronic, or oral materials, that CDC employees author or co-author, whether published by CDC or outside CDC. CDC contractors developing content on behalf of CDC for the public or CDC’s external public health partners are also required to put their content through the formal clearance process. The collaborative functions related to the projects in the R&D lab include blogs, wikis, forums, bug tracking sites, source control and others as deemed necessary.
For those individuals within the CDC, adherence to the following policies are required:

All collaborative materials will be controlled by the rules contained within this document. This will allow for the real-time collaboration opportunities among CDC employees, CDC contractors and CDC public health partners.

Code of Conduct

All contributions made to the R&D Lab’s internet-accessible collaboration sites must meet the set of rules detailed below. Informatics lab-related collaboration sites are monitored and mediated by CDC employees and CDC contractors. Any infraction to the rules will be addressed in a timely manner and can result in the prompt removal of content from project related sites. Infractions should be reported to project leads as soon as identified.

Ground Rules

    • Members will act with integrity and adhere to the highest standards of personal and professional ethics. As collaborations tend to be self-correcting, active participation means both offering suggestions and accepting them with a focus on product improvement. Personal attacks, hidden destructive code or other forms of harassment or intimidation will not be tolerated. Collaboration is highly encouraged, and although this may not always be positive, it should always be respectful and constructive.
    • Only authorized committers are allowed to make changes to project related sites. Project leads determine authorized committers and assign permissions.
    • Any sites not hosted by CDC or CDC resources should use separate authorization so as not to compromise existing CDC authentication and authorization procedures. This means that committers should not use an ID/ user name or password currently in use as their CDC ID / user name or password.
    • No specific security related information should be shared. No information that would allow an unauthorized party to compromise CDC systems security shall be posted. This includes, but is not limited to: user names, user ids, passwords, IP addresses, private certificate information, specific system configuration.
    • No restricted or privileged information should be posted that is limited in distribution rights. For example, there are US export controls for encryption routines and algorithms that cannot be shared with specific countries.
    • No content in violation of US or international copyright shall be posted without explicit, written consent of the copyright holder.
    • All content in draft form must be clearly marked with the words “DRAFT” both within the content itself and in any specific sites referencing the content.
    • No personally identifiable information (PII) or personally identifiable health data shall be posted or stored on IIU hosted resources. Examples of personally identifiable data include age, race, sex, geolocation, email address, etc. Only simulated, synthetic, or publicly available data shall be used on IIU resources. The use of de-identified aggregate data will be considered on a case by case basis.
    • No posting of source code or unpublished materials relating to CDC developed production systems and applications.
    • At no time are projects in the R&D Laboratory to use data that contains information about health status, provision of health care, or payment for health care that can be linked to a specific individual.
    • IIU hosted resources shall not connect to or exchange data with live and/or production systems (this includes all COTS or custom systems – located inside or outside the CDC firewall). Exceptions will be considered on a case by case basis.