CMS Operations Information Network
Date signed: 3/7/2025
| PIA Questions | PIA Answers |
|---|---|
OPDIV: | CMS |
PIA Unique Identifier: | P-4828822-544873 |
Name: | CMS Operations Information Network |
The subject of this PIA is which of the following? | Major Application |
Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
Is this a FISMA-Reportable system? | Yes |
Does the system include a Website or online application available to and for the use of the general public? | No |
Identify the operator: | Contractor |
Is this a new or existing system? | Existing |
Does the system have Security Authorization (SA)? | Yes |
Date of Security Authorization | 6/24/2022 |
Indicate the following reason(s) for updating this PIA. Choose from the following options. |
|
Describe in further detail any changes to the system that have occurred since the last PIA. | This PIA renewal includes updates to data sources for the COIN system. There were no changes to PII types or other privacy information. COIN no longer receives data from the following internal CMS sources: Comprehensive Acquisition Management System (CAMS), CMS Acquisition Lifecycle Modernization (CALM), and Healthcare Integrated General Ledger Accounting System (HIGLAS). COIN receives data from the following: Human Resource Data Hub (HRDH) - Curated database views of CMS employees and organizational components including information on which office/component employees work in, descriptive details on offices/components, and email addresses and Enterprise User Administration (EUA) IDs of employees. No Social Security numbers (SSNs) or payment information. |
Describe the purpose of the system | CMS Operations Information Network’s (COINs) goal is to leverage operational data and analytics to improve program performance across the CMS organization. Coordinated access to high-quality data will enable CMS to migrate risk, improve the timeliness of operational decisions, enhance the effectiveness of CMS programs, and manage changes. |
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | COIN's goal is to leverage operational data and analytics to improve program performance across the CMS organization. Coordinated access to high-quality data will enable CMS to migrate risk, improve the timeliness of operational decisions, enhance the effectiveness of CMS programs, and manage changes. The system will collect data relating mainly to CMS operational process and customer service performance. The type of information received from Human Resource Data Hub (HRDH) datasets includes Enterprise User Administration (EUA) information such as Name, Date of Birth (DOB), Email address, Work address, Phone Number, Contract ID, and Financial Information. The type of information received and maintained from Beneficiary Information in the Cloud (BIC) datasets will be Medicare and Medicaid enrollment and aggregated beneficiary data used to create dashboard and provide reports. COIN also collects Medicare/Medicaid enrollment data from the Public Application Programming Interfaces (APIs). The type of information received from CMS SharePoint datasets are usernames IDs to retrieve the names of SharePoint users of CMS projects. It also collects data about Inflation Reduction Act (IRA) project status, Office of Communications (OC) rollout packages, and Objectives/Key Results (OKRs) reported by the various components of CMS to Office of the Administrator Front Office (OA). Each system has its own dedicated PIA. The COIN system also collects and stores usernames and passwords for administrators and users of the system. |
Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | COIN's goal is to leverage operational data and analytics to improve program performance across the CMS organization. Coordinated access to high-quality data will enable CMS to migrate risk, improve the timeliness of operational decisions, enhance the effectiveness of CMS programs, and manage changes. The system will collect data relating mainly to CMS operational process and customer service performance. The type of information received from HRDH datasets includes EUA information such as Name, Date of Birth (DOB), Email address, Work address, Phone Number, Contract ID, and Financial Information. The type of information received and maintained form BIC datasets will be Medicare and Medicaid enrollment and aggregated beneficiary data used to create dashboard and provide reports. COIN also collects Medicare/Medicaid enrollment data from the Public APIs. The type of information received from CMS SharePoint datasets are usernames IDs to retrieve the names of SharePoint users of CMS projects. It also collects data about Inflation Reduction Act (IRA) project status, Office of Communications (OC) rollout packages, and Objectives/Key Results (OKRs) reported by the various components of CMS to Office of the Administrator Front Office (OA). Each system has its own dedicated PIA. The COIN system also collects and stores usernames and passwords for administrators and users of the system. |
Does the system collect, maintain, use or share PII? | Yes |
Indicate the type of PII that the system will collect or maintain. |
|
Indicate the categories of individuals about whom PII is collected, maintained or shared. |
|
How many individuals' PII in the system? | 5,000-9,999 |
For what primary purpose is the PII used? | The COIN system uses the PII information received from the Enterprise User Administration (EUA) system for access management and to drive better insights and decision-making for different stakeholders across CMS. |
Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | The COIN system follows the Targeted Life Cycle (TLC) as part of its change management process for enhancement and changes. These enhancements and changes are tested in the implementation environment, hardened to the same level as production, using data sources that may contain PII to ensure that they function as intended prior to moving changes into the production environment. |
Describe the function of the SSN. | SSN is not utilized by the COIN system to retrieve information on employees, contracts, and financial information relating to contracts from the EUA system. |
Cite the legal authority to use the SSN. | The system does not collect or use Social Security Numbers. |
Identify legal authorities governing information use and disclosure specific to the system and program. | 5.U.S.C. Section 301 Departmental Regulations |
Are records on the system retrieved by one or more PII data elements? | No |
Identify the sources of PII in the system: Directly from an individual about whom the information pertains | Online |
Identify the sources of PII in the system: Government Sources | Within the OPDIV |
Identify the sources of PII in the system: Non-Government Sources | |
Identify the OMB information collection approval number and expiration date | Not Applicable (N/A) |
Is the PII shared with other organizations? | No |
Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | The COIN system receives data from CMS sourced applications and some public Application Programming Interfaces (APIs). As such, the programs referenced must provide the necessary notification to individuals. These notifications steps are covered under their respective PIA. |
Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | The COIN system receives data from CMS sourced applications and some public APIs. As such, the programs referenced must provide the necessary notification to individuals. These notifications steps are covered under their respective PIA. Administrator data is collected by the CMS Amazon Web Service (AWS) General Support System (GSS) during the account request and provisioning process. These notifications steps are covered under their respective PIA. |
Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | The COIN system receives data from CMS sourced applications and some public APIs. As such, the programs referenced must provide the necessary notification to individuals. These notifications steps are covered under their respective PIA |
Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | The COIN system receives data from CMS sourced applications and some public APIs. As such, the programs referenced must provide the necessary notification to individuals. These notifications steps are covered under their respective PIA |
Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | The COIN system does not directly collect data from individuals. The data is sourced from existing applications whose business owners are responsible for conducting initial evaluation of PII/PHI holdings and review holdings annually to ensure, to the maximum extent practicable, that such holdings are accurate, relevant, timely, and complete and reduce PII holdings to the minimum necessary for the proper performance of the documented CMS function for all information systems containing PII/PHI. In addition, to ensure data utilized by the COIN system is accurate and to prevent data from being copied multiple times, anytime the system runs a query, COIN reaches back to the original data to receive the most recent data. COIN follows the CMS Security and Privacy program and complies with the CMS Acceptable Risk Safeguards, and National Institute of Standards and Technology (NIST) documents such as its Special Publications to select controls appropriate to the level of risk of the system, determined using NIST's Federal Information Processing Standard 199. |
Identify who will have access to the PII in the system and the reason why they require access. |
|
Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | Access to COIN system sources, including all sensitive information, is guided by the Enterprise User Administration (EUA) access control process. Administrators, developers, and contractors are required to apply for EUA access first. Once unique identifiers are issued, users who need access to COIN system resources and information must request job codes. Once job codes are approved using the existing CMS EUA process, users will then receive a user account on the database (analysts) or an Application Admin role through the CLDSPT ticketing process on Jira. All requests for administrative access are submitted and approved by the COIN system Business Owner (BO) before access is granted. Privileged users are reviewed routinely by the BO to ensure that only authorized users have privileged access to the system. |
Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | The COIN system utilizes role-based access to ensure that users have only the access necessary for them to perform their job functions. The information that may be accessed is defined by the user role and the EUA profile. The process for provisioning access to a given user, via the EUA and associated roles, requires a determination via the renew and approval by the Business Owner (BO), while implementation is performed via the system administrator during account provisioning. |
Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | All users who wish to access COIN system resources are required to receive CMS security awareness training, which includes information related to their responsibilities for protecting sensitive CMS information. All users must be re-certified annually and must again complete this training at this time. |
Describe training system users receive (above and beyond general security and privacy awareness training) | CMS security awareness training covers special handling of PII/PHI, as well as security best practice techniques for day-to-day handling of information and access to CMS systems. COIN system contractors receive role-based training in addition to CMS security awareness training. This training is more locally specialized and emphasizes the protection of sensitive information and incident response techniques and responsibilities. The training is conducted when access is requested and a refresher annually. |
Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | COIN is not the system of record for any PII. Records will be held indefinitely until no longer needed for agency use. The COIN system adheres to data retention and destruction policies/procedures that follow National Archives and Record Administration (NARA) guidelines related to data retention and NIST guidelines related to data destruction. More specifically COIN adheres to the following NARA general records schedule guidelines: DAA-0440-2015-0004 for financial records, DM-0440-2015-0007 for beneficiary records, and DAA-0440-2015-0002 for administrative management. Suitably, data from financial records and administrative management will be destroyed per these requirements, no sooner than 7 years after the cutoff, unless longer retention is authorized, while data from beneficiary records will be destroyed no sooner than 10 years after cutoff but longer retention is authorized. |
Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | Administrative controls include access approval by management, review of accounts. Technical controls include even logging, role-based access, and networking security controls. Physical controls in place at the Amazon Gov Cloud Data Center monitors physical access, visitor logging, and environmental access controls. |