Skip to main content

CMS Enterprise Data Analytics Repository

Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services

Date signed: 4/4/2024

PIA Information for the CMS Enterprise Data Analytics Repository
PIA QuestionsPIA Answers

OPDIV:

CMS

PIA Unique Identifier:

P-8622944-917353

Name:

CMS Enterprise Data Analytics Repository

The subject of this PIA is which of the following?

Major Application

Identify the Enterprise Performance Lifecycle Phase of the system.

Operate

Is this a FISMA-Reportable system?

Yes

Does the system include a Website or online application available to and for the use of the general public?

No

Identify the operator:

Agency

Is this a new or existing system?

Existing

Does the system have Security Authorization (SA)?

Yes

Date of Security Authorization

10/28/2022

Indicate the following reason(s) for updating this PIA. Choose from the following options.

  • Significant System Management Change

  • Other - The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository is a downstream system that processes data from other systems.

Describe in further detail any changes to the system that have occurred since the last PIA.

The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository is a downstream system that processes data from other systems, which are responsible for their own data collection, management, and Privacy Impact Assessments. It does not serve as the original source of sensitive data.

Describe the purpose of the system

The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository allows the Office of Information Technology/Enterprise Architecture and Data Group team to perform Enterprise Architecture analysis.  

The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository supports agency activities such as business architecture modeling, investment analysis and strategic alignment support. Additionally, it is the main component in the Division of Technical Engineering and Architecture portfolio in evaluating the business activities and data elements required to execute and manage the Centers for Medicare and Medicaid Services strategy.

This application will produce the Chief Information Officer  dashboard, as well as serve as a collaborative resource platform providing system data, financial/contractual data, operational details, and line of sight capability linking the former.

Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements)

The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository stores data depicting the business, application and data architectures. It includes Information Technology investment data related to the budget and funding processes. In addition, the Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository processes data from upstream Federal Information Security Modernization Act-bound systems, including sensitive information like personal identifiable information and/or protected health information.

Access to this system is maintained and granted by the Enterprise User Administration and the Lightweight Data Access Protocol via user credentials (username/passwords) and job codes. The Lightweight Data Access Protocol is used to authenticate each user and the Enterprise User Administration is used to define types of user accesses by relating job codes to their user identification.  This system pulls user identification from the Lightweight Data Access Protocol and job codes from the Enterprise User Administration, but only user identifications are stored. The Enterprise User Administration and the Lightweight Data Access Protocol are applications covered by their own Privacy Impact Assessment. 

The systems mentioned here have their own Authority to Operate as well as their own Privacy Impact Assessment.

Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily.

The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository tool provides business capability mapping, various architecture decompositions, architecture and business performance, executive views, dashboard reporting, and easy access to architecture information. The system serves as an additional business architecture repository for the agency.  The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository users are the Division of Engineering and Architecture staff and direct support contractors. Access to the Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository is granted via Lightweight Directory Access Protocol user credentials (user identification and passwords), this application is covered by its own Privacy Impact Assessment. The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository contains user identifications but doesn’t store user passwords and is synchronized with the Lightweight Directory Access Protocol stored user credentials.

The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository is a downstream system that processes data from other systems, which are responsible for their own data collection, management, and Privacy Impact Assessments. It does not serve as the original source of sensitive data.

Does the system collect, maintain, use or share PII?

Yes

Indicate the type of PII that the system will collect or maintain.

  • Name

  • E-Mail Address
  • Medical Notes
  • Financial Account Info
  • Other - username (Enterprise User Administration) and other sensitive data as needed.

Indicate the categories of individuals about whom PII is collected, maintained or shared.

  • Employees

  • Other - Contractors

How many individuals' PII in the system?

<100

For what primary purpose is the PII used?

User credentials are collected by the Enterprise User Administration; the Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository only uses the Enterprise User Administration user identification.

The Enterprise User Administration application is covered by its own Privacy Impact Assessment. 

The systems mentioned here have their own Authority to Operate as well as their own Privacy Impact Assessments.

Describe the secondary uses for which the PII will be used (e.g. testing, training or research)

N/A

Describe the function of the SSN.

N/A

Cite the legal authority to use the SSN.

N/A

Identify legal authorities​ governing information use and disclosure specific to the system and program.

5 United States Code 301, Departmental Regulations (Health and Human Services/Centers for Medicare and Medicaid Services)

 

Are records on the system retrieved by one or more PII data elements?

No

Identify the sources of PII in the system: Directly from an individual about whom the information pertains

In-Person

Identify the sources of PII in the system: Government Sources

Within the OPDIV

Identify the sources of PII in the system: Non-Government Sources

N/A

Identify the OMB information collection approval number and expiration date

N/A

Is the PII shared with other organizations?

No

Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason.

Users are asked to provide the Enterprise User Administration user identification for access, they are provided instructions to use their Centers for Medicare and Medicaid Services credentials to access the this system.  Notice provided as per Centers for Medicare and Medicaid Services policy; there is no Personal Identifiable Information collected or stored as this is an application which is stored within the Amazon Web Service enclave and all Centers for Medicare and Medicaid Services networks require the use of the Enterprise User Administration credentials for access.

The Enterprise User Administration application and the Amazon Web Services are covered by their own Privacy Impact Assessment. 

Notifications are handled by upstream systems. The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository does not directly collect personal identifiable information.

The systems mentioned here has their own Authority to Operate as well as their own Privacy Impact Assessment.

Is the submission of the PII by individuals voluntary or mandatory?

Voluntary

Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason.

The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository upstream systems manage opt-out processes; the Centers for Medicare and Medicaid Services Enterprise Data Analytics Repositoryprocesses data as received.

If person does not submit Enterprise User Administration credentials, access will not be granted.

The systems mentioned here has their own Authority to Operate as well as their own Privacy Impact Assessment.

Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained.

Managed by upstream systems; the Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository does not directly notify individuals.

No process, the system changes are software updates and does not impact the Personal Identifiable Information usage. Personal Identifiable Information is only utilized for system access.

 

Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not.

Concerns are addressed by upstream systems managing the data.  The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository operates under strict controls.

Any discrepancy of Personal Identifiable Information would be resolved with the Centers for Medicare and Medicaid Services Helpdesk and falls under the purview of the Centers for Medicare and Medicaid Services. The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository access is obtained through use of Personal Identifiable Information which is granted through the Centers for Medicare and Medicaid Services established Enterprise User Administration and Active Directory.

The Enterprise User Administration and the Lightweight Data Access Protocol are applications covered by their own Privacy Impact Assessment. 

The systems mentioned here has their own Authority to Operate as well as their own Privacy Impact Assessment.

 

Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not.

Regular reviews are conducted to ensure data integrity, availability, and accuracy in compliance with The Centers for Medicare and Medicaid Services standards. Detailed logging is also configured in the Amazon Web Service enclave.

Reports received list users with access to system. When user is no longer authorized or leave the agency, the Enterprise User Administration Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository job codes will be revoked. 

The Enterprise User Administration and the Lightweight Data Access Protocol are applications covered by their own Privacy Impact Assessment. 

The systems mentioned here has their own Authority to Operate as well as their own Privacy Impact Assessment.

Identify who will have access to the PII in the system and the reason why they require access.

  • Administrators: The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository Administrator has access to the user Identification (Personal Identifiable Information) only.  No changes can be made to any Personal Identifiable Information by the Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository Administrator. Access to passwords is not available.  The Administrator assigns system privileges to users based on roles and must have knowledge of user identifications.

  • Others - Direct Contractors: Same as the "Administrator's Explanation" above for Direct Contractors.

Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII.

Roles, privileges, and user groups are assigned to users required to perform their assigned jobs only.  These controls restrict access to Personal Identifiable Information.

Role-based access controls are implemented based on job functions.

Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job.

The Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository system has levels of privileges assigned based on roles.  The Administrator role has restricted privileges and is limited to less than ten individuals.  Security within the Centers for Medicare and Medicaid Services Enterprise Data Analytics Repository limits the extent of privileges and authority in working with Personal Identifiable Information.  

Access is limited by roles, and strict auditing is enforced to ensure compliance.

Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained.

Annual Health and Human Services/Centers for Medicare and Medicaid Services Information Systems Security Awareness and Privacy Training 

Describe training system users receive (above and beyond general security and privacy awareness training)

N/A

Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices?

No

Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules.

Schedule Subject Bucket 7-Research and Program Analysis, Disposition Authority Number DM-0440-2015-0009-0003. Cutoff at the end of the calendar year. Destroy 10 year(s) after cutoff or when no longer needed for agency business occurs, whichever is later.

Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls.

Administrative controls include implementation of need to know and minimum necessary principles when granting access. 

Technical controls include firewalls, network monitoring, and intrusion detection. 

Physical controls are inherited from hosting in the Amazon Web Service. 

The Amazon Web Services is covered by its own Privacy Impact Assessment.