CMS National Training Program Learning Management System
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services
Date signed: 12/4/2024
| PIA Questions | PIA Answers |
|---|---|
| OPDIV: | CMS |
| PIA Unique Identifier: | P-4500224-210491 |
| Name: | CMS National Training Program Learning Management System |
| The subject of this PIA is which of the following? | Major Application |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | Yes |
| Identify the operator: | Contractor |
| Is this a new or existing system? | Existing |
| Does the system have Security Authorization (SA)? | Yes |
| Date of Security Authorization | 12/6/2023 |
| Indicate the following reason(s) for updating this PIA. Choose from the following options. | PIA Validation (PIA Refresh/Annual Review) |
| Describe in further detail any changes to the system that have occurred since the last PIA. | Not Applicable. No new data fields were introduced into the system. |
| Describe the purpose of the system | The National Training Program's Learning Management System (NTP LMS) is an integrated learning management system that enables the Centers for Medicare & Medicaid Services (CMS) National Training Program to host and track their full range of training activities. The system allows the State Health Insurance Assistance Program (SHIP) counselors and the public to register for self-paced Web-based training, webinars, and live training events. It hosts the Web Based Training (WBT) course content and allows learners to print certificates of completion. It also includes a virtual conference center interface in which students can attend live, interactive, instructor-led webinars and communicate with one another via a chat interface. This system is available to the public, with State Health Insurance Assistance Program (SHIP) counselors designated as the target audience. |
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | NTP LMS collects and stores learner identification (first name, last name, email address, occupation and optionally, voluntarily uploaded user profile picture) for those who choose to register for courses. The system stores data about the user's course registrations, progress, and completions (e.g., transcript/certificates). Users register online and assign their own password. The email address and password are used to access their account. The first name and last name are required to generate transcripts/certificates on course completion for the courses taken by the user. The email address and password are required to access their user account and for correspondence. The optional entry of occupation helps the NTP determine if the user is well-suited to specific types of training, especially for Continuing Education Unit (CEU) courses with limited enrollment. Occupation is collected as part of the post-webinar evaluation and survey for accreditation purposes only for the users who have completed a CEU Webinar. The voluntarily uploaded profile picture is for networking and chat purposes. The only information users see about one another are First Name, Last Name, Profile Picture, and interests (selected from a CMS-defined list), and only if they choose to voluntarily opt into the chat component. All other Personal Identifiable Information (PII) is only accessible to administrators (which are both Centers for Medicare & Medicaid Services (CMS) employees and CMS contractors). No one, including administrators, has access to a learner's password. Learner identification records are retained for 7-years, in keeping with the requirement for programs that issue Continuing Education Unit credits. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | NTP LMS is a voluntary system that collects and stores public learner transcript/certificate data for NTP WBT courses. NTP LMS collects and stores learner identification (first name, last name, email address, occupation and optionally, voluntarily uploaded user profile picture) for those who choose to register for courses. The first name and last name are required to generate transcripts/certificates on course completion for the courses taken by the user. The email address and password are required to access their user account and for correspondence. The optional entry of occupation, which is collected as part of the post-webinar evaluation and survey for accreditation purposes only for the users who have completed a CEU Webinar, helps the NTP determine if the user is well-suited to specific types of training, especially for CEU courses with limited enrollment. The voluntarily uploaded profile picture is for networking and chat purposes. |
| Does the system collect, maintain, use or share PII? | Yes |
| Indicate the type of PII that the system will collect or maintain. |
|
| Indicate the categories of individuals about whom PII is collected, maintained or shared. |
|
| How many individuals' PII in the system? | 50,000-99,999 |
| For what primary purpose is the PII used? | Name and Occupation are collected due to CMS' requirement as a continuing education provider. Since we offer continuing education credit for our web-based trainings (WBTs), we are required to collect this information. Email addresses are collected so that we can easily find account information for learners who contact us via our email resource box for assistance and for learning analytics. Users will register online and assign their own password. The email address and password will be used to access their account. None of the PII data is shared. Occupation is collected as part of the post-webinar evaluation and survey for accreditation purposes only for the users who have completed a CEU Webinar |
| Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | Not Applicable |
| Describe the function of the SSN. | Not Applicable |
| Cite the legal authority to use the SSN. | Not Applicable |
| Identify legal authorities governing information use and disclosure specific to the system and program. | Authority for this collection is given under the provisions of Title IV of the Benefits Improvement Protection Act of 2000 (Public Law (Pub. L.) 106-554, Appendix F), Title IV of the Balanced Budget Act of 1997 (Pub. L. 105-33), and §§ 1816(a) and 1842(a)(3) of the Social Security Act |
| Are records on the system retrieved by one or more PII data elements? | Yes |
| Identify the number and title of the Privacy Act System of Records (SORN) that is being used to cover the system or identify if a SORN is being developed. | Published: 2007-03-08 Published: SORN 09-70-0542 Title: Medicare Learning Network (MLN) Registration and Product Ordering |
| Identify the sources of PII in the system: Directly from an individual about whom the information pertains |
|
| Identify the sources of PII in the system: Government Sources |
|
| Identify the sources of PII in the system: Non-Government Sources |
|
| Identify the OMB information collection approval number and expiration date | CMS will take precautionary measures to minimize the risks of unauthorized access to the records and the potential harm to individual privacy or other personal or property rights of patients whose data are maintained in the system. CMS will collect only that information necessary to perform the system's functions. In addition, CMS will make disclosure from the proposed system only with consent of the subject individual, or his/her legal representative, or in accordance with an applicable exception provision of the Privacy Act. CMS, therefore, does not anticipate an unfavorable effect on individual privacy because of the disclosure of information relating to individuals. OMB# is 0938-0948 Expiration date is August 31, 2025. |
| Is the PII shared with other organizations? | Yes |
| Identify with whom the PII is shared or disclosed and for what purpose. |
|
| Describe any agreements in place that authorizes the information sharing or disclosure (e.g. Computer Matching Agreement, Memorandum of Understanding (MOU), or Information Sharing Agreement (ISA)). | The accreditation agreement is between CMS and IACET. Any additional agreement between areas within CMS is not needed. |
| Describe the procedures for accounting for disclosures | Not applicable |
| Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | The Privacy Act statement is available to the user by clicking "Privacy Policy" under Helpful Links on all pages of the content management/learning management system. The notice is the standard CMS policy, at https://www.cms.gov/About-CMS/Agency-Information/Aboutwebsite/Privacy-Policy.html |
| Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
| Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | Individuals can choose to opt-out of the collection of their PII by choosing not to create an account in the NTP system. In this case, the system can still be of some use to them, as it will provide access to some publicly available resources. |
| Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | Notices will be sent via email to the individuals to notify them and obtain consent. |
| Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | If an individual believes their PII has been inappropriately obtained, used, or disclosed, or if their PII is inaccurate, they can contact our resource mailbox at NTPHelp@cms.hhs.gov. These inquires will be handled by CMS administrators. If an individual believes their PII has been inappropriately obtained, used, or disclosed, this will be investigated. If an individual believes their PII is inaccurate, instructions will be given on how they can correct this within the NTP system. |
| Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | The system integration contractor maintains the data integrity and availability by employing security procedures including firewalls and encryption layers. The users of the system and CMS administrators maintain data accuracy and relevancy. Users can correct their own PII data within their own account, or administrators can correct this for them if they are alerted to changes. Administrators also run monthly reports and will see a discrepancy or problems with data integrity, availability, or accuracy and take necessary action to remediate. |
| Identify who will have access to the PII in the system and the reason why they require access. |
|
| Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | The system administrator, who is a CMS employee or CMS direct contractor, determines which CMS employees have access to PII based on their need to know to perform their job functions. Only those who will be working within the system and answering our resource box are given administrative access and access to PII. |
| Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | NTP automatically assigns the general user role when a user creates an account. This allows the user to only view their own information and account after they login using their Email ID and password. If more access is needed, the NTP administrator will assign the appropriate system role to the CMS employee user to allow them access for need-to-know information to complete their job functions. NTP has several system roles that can be used to limit administrative access to specific areas of the system, such as just content administrative access for those updating course material or just learner account access for those assisting learners. If a user has any system role other than the basic user role, they will be required to use multifactor authentication. |
| Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | All administrators are CMS employees or CMS direct contractors, and therefore have completed the annual CMS Information Systems Security Awareness and Privacy computer-based trainings. |
| Describe training system users receive (above and beyond general security and privacy awareness training) | Administrators undergo training with the Administrator Lead before they are given responsibilities within the system. They review the administrator processes which discuss the proper use and disclosure of PII. They are reminded that PII should be protected and not shared. |
| Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
| Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | Per SORN 09-70-0542 (title: MLN Registration and Product Ordering System): "The records are maintained online in the system for 8-years. After an 8-year period, the records are transferred to an inactive file and destroyed 2-months later." Additionally, National Archives and Records Administration (NARA) General Records Schedule (GRS) 24 states that the records will be destroyed/deleted when records are inactive six-years after user account is terminated or password altered, or when account is no longer needed for investigative purposes. |
| Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | For administrative controls, a CMS staff member is not approved as an administrator with access to PII unless it is determined by the Lead Administrator and Technical Lead that the access is necessary for the employee to complete their job duties. Multi-factor authentication is required for administrators that will further protect access to this information. Technical controls include the firewall and encryption protections in place within the system to secure PII. Physical controls include standard AWS security and monitoring of their servers and data centers. |
| Identify the publicly-available URL: | https://cmsnationaltrainingprogram.cms.gov/ |
| Does the website have a posted privacy notice? | Yes |
| Is the privacy policy available in a machine-readable format? | Yes |
| Does the website use web measurement and customization technology? | Yes |
| Select the type of website measurement and customization technologies is in use and if is used to collect PII. (Select all that apply) |
|
| Does the website have any information or pages directed at children under the age of thirteen? | No |
| Does the website contain links to non-federal government website external to HHS? | Yes |
| Is a disclaimer notice provided to users that follow external links to websites not owned or operated by HHS? | Yes |