Electronic Submission of Medical Documentation
Date signed: 4/24/2025
| PIA Questions | PIA Answers |
|---|---|
| OPDIV: | CMS |
| PIA Unique Identifier: | P-6725641-284131 |
| Name: | Electronic Submission of Medical Documentation |
| The subject of this PIA is which of the following? | Major Application |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | No |
| Identify the operator: | Contractor |
| Is this a new or existing system? | Existing |
| Does the system have Security Authorization (SA)? | Yes |
| Date of Security Authorization | 10/23/2024 |
| Indicate the following reason(s) for updating this PIA. Choose from the following options. | PIA Validation (PIA Refresh/Annual Review) |
| Describe in further detail any changes to the system that have occurred since the last PIA. | No major changes since last PIA. |
| Describe the purpose of the system | The esMD system allows Providers and CMS Review Contractors to send and receive structured and unstructured documents in Health Information Technology Standards Panel (HITSP) format and streamlines the delivery and pickup through optimized electronic document interchange (EDI) process. CMS Review Contractors use the information to support Medicare claims processing. The esMD system allows Providers through a Health Information Handlers (HIH, formerly NHIN) to send and receive requests for information and actual electronics medical records. The esMD system is the pass thru mechanism to support this exchange. |
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | The esMD system does not collect, share or access information directly from individuals. The esMD system is a gateway and only a method of transporting information electronically. Since the inception of esMD the system has not received any X12 transactions. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | esMD is a system-to-system gateway. There are no front-end users. HIHs access esMD over web services and CMS Review Contractors access the system via Electronic File Transfer. Information is not collected, shared or accessed by the esMD gateway system but by the CMS Review Contractors who maintain their own System of Records Notice. The esMD system is the pass-through mechanism to support the exchange of information. The esMD system is not a system of record. Information is not collected, shared or accessed by the esMD gateway system. Everything in an X12 transaction persists in the esMD system with no retention time for the data elements once the transported file has been retrieved. Since the inception of esMD, the system has not received any X12 transactions. System Administrators and Developers of the esMD system are direct Contractors with CMS. They log into the system with a user identification and password for authentication. The esMD system does not collect or maintain user identification or password information. The Enterprise User Administration (EUA) Lightweight Directory Access Protocol (LDAP) server authenticates login credentials. All system user notifications pertaining to disclosures of user PII (user credentials) are performed by the CMS EUA system. The EUA has its own PIA. |
| Does the system collect, maintain, use or share PII? | Yes |
| Indicate the type of PII that the system will collect or maintain. |
|
| Indicate the categories of individuals about whom PII is collected, maintained or shared. | Other - Medicare Beneficiaries |
| How many individuals' PII in the system? | <100 |
| For what primary purpose is the PII used? | The primary purpose of the information transported through the esMD system is to support Medicare claims processing. |
| Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | Not Applicable. |
| Describe the function of the SSN. | Not Applicable. |
| Cite the legal authority to use the SSN. | N/A |
| Identify legal authorities governing information use and disclosure specific to the system and program. | Consistent with Sections 1833(e) and 1862(a)(1) of the Social Security Act, the Centers for Medicare & Medicaid Services is required to protect the Medicare Trust Fund against inappropriate payments that pose the greatest risk to the Trust Fund and to take corrective actions. |
| Are records on the system retrieved by one or more PII data elements? | No |
| Identify the sources of PII in the system: Directly from an individual about whom the information pertains |
|
| Identify the sources of PII in the system: Government Sources |
|
| Identify the sources of PII in the system: Non-Government Sources |
|
| Identify the OMB information collection approval number and expiration date | Not Applicable |
| Is the PII shared with other organizations? | No |
| Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | The esMD system does not collect, share or access information directly from individuals. Providers are responsible for notifying individuals that they are collecting individual’s personal information. System Administrators and Developers’ credentialing information is not collected or maintained by the esMD system, but by the CMS EUA system. All notifications to users of the system related to disclosures of their PII (user credentials) are performed by the CMS EUA system. |
| Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
| Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | The esMD system does not collect or use PII directly from individuals. Providers are responsible for notifying individuals that they are collecting their personal information and how they can opt out. System Administrators and Developers cannot 'opt-out' of providing their PII as their user IDs and passwords are used to log into the system to perform their job duties. |
| Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | The esMD system does not obtain consent from individuals as the esMD system does not directly collect or use PII directly from individuals. User’s credentialing is not maintained by the esMD system but collected by the CMS EUA system. All notification to users of the system related to major changes that occur in the system are performed by the CMS EUA system. |
| Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | The esMD system does not collect information from individuals. The process to resolve an individual’s concerns is carried out through CMS system(s) that collect the information. Users who are CMS Contractors, that access the system and have their credentials collected can contact CMS to resolve concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate.
|
| Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | The esMD system does not collect PII from individuals. The process for periodic reviews is carried out by CMS through a Security Control Assessment. Periodic review of esMD User credentials is performed through the CMS EUA system, which includes protections and processes to ensure data integrity, availability, accuracy, and relevancy. The EUA system requires that users recertify their accounts annually, Inactive accounts are disabled and users must have approved job codes to access certain systems based on their roles and responsibilities. |
| Identify who will have access to the PII in the system and the reason why they require access. |
|
| Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | System Administrators and Developers cannot access the PII that is electronically transported through the esMD system. Account management mechanisms are established for the esMD system to identify account types (i.e., CMS Review Contractors) and assign associated authorizations. |
| Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | The principle of least privilege is utilized for all accesses to the esMD system. Access control lists are used to silo access and control access based on an individual's assigned duties. |
| Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | CMS employees and direct contractors with access to CMS systems are required to complete the mandatory annual Information Systems Security and Privacy Awareness Training. |
| Describe training system users receive (above and beyond general security and privacy awareness training) | Not Applicable. |
| Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
| Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | esMD guidelines are employed and consistent with the National Archives and Records Administration (NARA) General Records Schedules (GRS) 3.0 pertaining to Technology and 4.0 pertaining to Information Management for federal retention requirements. |
| Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | Administrative controls that are in place to secure PII include only assigning needed privileges to user accounts that access the esMD environment. Annual account reviews are performed to ensure that those user accounts have the needed access and automated actions to disable inactive user accounts. Technical controls that are in place to secure PII include firewalls that protect and control network traffic that goes in and out of the esMD system, including the data center where the esMD system resides. Vulnerabilities and exploits are scanned for within the esMD system by a Continuous Monitoring program. The esMD system also has host intrusion detection and antivirus services. Remote access into the esMD system is only allowed through a Virtual Private Network (VPN) requiring two-factor authentication. Physical controls in place for the esMD include card reader/Personal Identification Number (PIN) access controlled iron gates, Lobby entrance mantraps with anti-tailgating technology, additional mantraps with anti-tailgating and biometric technology at entrances to restricted space, and separate card reader/PIN at the CMS area. Access is granted to only those individuals who are authorized and access is monitored and recorded and the access control system is capable of generating reports that identifies the badge utilized to access a card reader controlled door. All personnel entering the raised floor must sign the “Raised Floor Guidelines” prior to admittance. |
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services