Eligibility Worker Support System
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services
Date signed: 4/11/2024
| PIA Questions | PIA Answers |
|---|---|
OPDIV: | CMS |
PIA Unique Identifier: | P-6473160-881369 |
Name: | Eligibility Worker Support System |
The subject of this PIA is which of the following? | General Support System |
Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
Is this a FISMA-Reportable system? | Yes |
Does the system include a Website or online application available to and for the use of the general public? | No |
Identify the operator: | Contractor |
Is this a new or existing system? | Existing |
Does the system have Security Authorization (SA)? | Yes |
Date of Security Authorization | 10/25/2024 |
Indicate the following reason(s) for updating this PIA. Choose from the following options. | PIA Validation (PIA Refresh/Annual Review) |
Describe in further detail any changes to the system that have occurred since the last PIA. |
|
Describe the purpose of the system | Serco has been tasked by the Center for Consumer Information and Insurance Oversight (CCIIO) to build and operate an Eligibility Support (ES) function to intake applications for health care coverage under the Health Insurance Marketplace sent via US mail and process eligibility support. Applications will be sorted, scanned, processed, and entered the Eligibility Support Desktop (ESD) hosted in the CMS Federal Marketplace Programs System (FMPS). When consumers submit their eligibility applications for health coverage, their documentation will enter the ESD via one of two processes. Paper applications will enter the mailroom and will be scanned into the system. All electronic applications will go directly to the ESD (via a non-Serco system) bypassing the mailroom. Then, the applications will be processed by Serco Eligibility Support Workers (ESWs) through a basic and complex eligibility process until the consumer’s eligibility is determined. |
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) |
|
Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | The CMS Eligibility Workers Support System (EWSS) serves to intake and process paper applications for health care coverage under the Health Insurance Marketplace sent via US mail and provide eligibility support. Each application contains the consumer’s full name, address, birth date, Social Security number (SSN), income information, employer information, and optionally the PII of each of the applicant’s dependents. Applications will be sorted, scanned, processed, and entered the Eligibility Support Desktop (ESD). ESD is a function of the Federally Facilitated Marketplace (FFM) which has its own PIA. When consumers submit their eligibility applications for health coverage, their documentation will enter the ESD via one of two processes. Paper applications will enter the mailroom, catalogued, scanned into the system, and then securely retained until processing is completed. Then, the information on the paper applications will be processed by Eligibility Support Workers (ESWs) through an eligibility process until the consumer’s eligibility is determined. Once eligibility is determined and verified by CMS, original document attachments are returned to the consumer, and the paper application securely archived. All electronic applications will go directly to the FMPS (via a non-Contractor system) bypassing the mailroom.
|
Does the system collect, maintain, use or share PII? | Yes |
Indicate the type of PII that the system will collect or maintain. |
|
Indicate the categories of individuals about whom PII is collected, maintained or shared. |
|
How many individuals' PII in the system? | 1,000,000 or more |
For what primary purpose is the PII used? | The consumers Personally Identifiable Information (PII) is used only to determine eligibility for health coverage and will be kept private as required by law. |
Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | There are no other uses for the PII collected outside of the primary use to determine eligibility for health coverage. |
Describe the function of the SSN. | Per the Affordable Care Act, Section 1411; if a consumer has one, the Centers for Medicare and Medicaid Services (CMS) must collect the Social Security Number (SSN) for use in determining citizenship and immigration status. If volunteered by the individual, the SSN will also be used for validating or Identification (ID) proofing an individual’s identity prior to enrollment in a qualified health plan. |
Cite the legal authority to use the SSN. | Affordable Care Act (ACA), Section 1411 - The ACA, Subpart B—Eligibility Determinations, SEC. 1411, o42 U.S.C. 18081. PROCEDURES FOR DETERMINING ELIGIBILITY, FOR EXCHANGE PARTICIPATION, PREMIUM TAX, CREDITS AND REDUCED COST-SHARING, AND INDIVIDUAL, RESPONSIBILITY EXEMPTIONS outlines the different eligibility support programs and PII required to make such determinations. Affordable Care Act (ACA), Section 1414 |
Identify legal authorities governing information use and disclosure specific to the system and program. | Affordable Care Act (ACA), Section 1411 Affordable Care Act (ACA), Section 1414 Regulations specific to Eligibility Support - 45 CFR Part 155, specifically 45 CFR 155.320 (Verification process related to eligibility for insurance affordability programs) • 42 CFR Part 435 and Part 457, specifically 42 CFR 435.940, 435.945, 435.948, 435.952(Income and Eligibility Verification Requirements) and 457.380 (Eligibility verification) |
Are records on the system retrieved by one or more PII data elements? | Yes |
Identify the number and title of the Privacy Act System of Records (SORN) that is being used to cover the system or identify if a SORN is being developed. | HIX SORN 09-70-0560 |
Identify the sources of PII in the system: Directly from an individual about whom the information pertains |
|
Identify the sources of PII in the system: Government Sources | Within the OPDIV |
Identify the sources of PII in the system: Non-Government Sources |
|
Identify the OMB information collection approval number and expiration date | OMB Control Numbers: CMS Form Number: CMS-10400 Title: Establishment of Qualified Health Plans and American Health Benefit Exchanges OMB control number: 0938-1191 Expiration Date: 10/31/2025 |
Is the PII shared with other organizations? | No |
Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | The Privacy Policy section of the Individual Application contains information about the privacy and use of information. This also contains a link to the Privacy Act Statement and other information related to disclosures. The information must be provided to CMS to process the application, which is completed and signed by the consumer, indicating consent to use the information. For Employees, Login Banner Statements are displayed and must be agreed upon prior to access to the Application. The login banner states that employees' actions are monitored while accessing EWSS. |
Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | Potential applicant for healthcare coverage has the option not to provide PII, which will result in non-coverage for health care through the FFM. For employees, the banner statement must be agreed upon prior to gaining access to the application. |
Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | PII collected by EWSS are ultimately stored by FFM, please refer to the FFM PIA for the notification process. Should a major change occur, the privacy statement on healthcare.gov will be updated. Employees are notified of all major changes prior to deployment via email if Login Credential PII is affect. Employees are required to re-accept the Login Banner prior to access to the system after the change is completed. |
Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | An individual can contact the Health Insurance Marketplace call center at 1-800-318-2596 to report concerns regarding their data held in the EWSS. An individual record subject who wishes to know if EWSS contains records about him or her should write to the system manager who will require the system name, and for verification purposes, the subject individual’s name (woman’s maiden name, if applicable), and social security number (SSN) (furnishing the SSN is voluntary, but it may make searching for a record easier and prevent delay). An individual seeking access to records about him or her in this system should write to the system manager and reasonably specify the record contents being sought. (These procedures are in accordance with Department regulation 45 CFR 5b.5(a)(2).) To contest a record, the subject individual should contact the system manager, and reasonably identify the record and specify the information being contested. The individual should state the corrective action sought and the reasons for the correction with supporting justification. (These procedures are in accordance with Department regulation 45 CFR 5b.7.) System Manager: Director, Consumer Information and Insurance Systems Group, Center for Consumer Information and Insurance Oversight, Centers for Medicare & Medicaid Services 7501 Wisconsin Ave, 9th Floor Bethesda, MD 20814. |
Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | The Centers for Medicare and Medicaid Services (CMS) has a continuous monitoring program based on the National Institutes of Science and Technology (NIST) recommendations to ensure system integrity, availability. The individual enrollment application is designed with logic checks to ensure data accuracy and integrity. Centers for Medicare and Medicaid Services (CMS)/Center for Consumer Information and Insurance Oversight (CCIIO) is establishing and Enrollment Resolution and Reconciliation program to provide services necessary to resolve errors and reconcile discrepancies in enrollment data between the Health Insurance Exchange, State Based Marketplaces, issuer community, and CMS. Yearly, CCIIO is required to review and update the enrollment process to ensure data collected is relevant to the health insurance enrollment process. ESW workers also verify PII directly with the consumer. Paper documents are secured in an access-controlled environment to serve as backup and ensure availability. |
Identify who will have access to the PII in the system and the reason why they require access. |
|
Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | Role-Based Access Control (RBAC) is used to provide least privilege access to PII. Users are granted a specific level of access needed to complete assigned duties. This access is only granted after an approval process is performed. Before users are granted access, the user must also meet CMS prerequisites (complete security training and pass a background check) before access is granted. |
Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | Direct contractors use the principle of least privilege as well as role-based access control (RBAC) to ensure system administrators, and users are granted access on a "need-to-know" and "need-to-access" commensurate with their assigned duties. System Administrators review user accounts at least annually. Any anomalies are addressed and resolved by contacting the user, and modifying their user data, or by removing their access if no longer required. Activities of all users including system administrators are logged and reviewed by Contractor System Security Officer (SSO) to identify abnormal activities if any. |
Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | All direct contractor users are required to complete and acknowledge the HHS Rules of Behavior as well as the CMS Information Security and Privacy training upon initial account creation, on an annual basis, and whenever changes to the training module have been made. This training includes details on the handling of PII, insider threat, phishing, privacy awareness, and security awareness. EWSS training addresses risk-based approach to enterprise-wide information security program management and an overview of the roles and responsibilities in implementing and managing information systems. |
Describe training system users receive (above and beyond general security and privacy awareness training) | Contractor staff complete the CMS Security and Privacy Awareness Training as well as the company required Ethics, Security and Privacy training. There is also specific role-based training. |
Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | EWSS data will be maintained for a period of up to 10 years after entry in the database. Any such records that are needed longer, such as to resolve appeals and audit exceptions or to prosecute fraud, will be retained until such matters are resolved. Beneficiary claims records are currently subject to a document preservation order and will be preserved indefinitely pending further notice from the U.S. Department of Justice. EWSS also abides by National Archives and Records Administration (NARA) General Records Schedule 5.1 and 5.2. |
Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | Direct contractor uses the principle of least privilege as well as a RBAC to ensure system administrators are granted access on a "need-to-know" and "need-to-access" commensurate with their assigned duties. The information is protected using Access Control Lists (ACLs) defined for allowing only Direct contractor personnel access to the PII. This access is further protected by the system controls which enforce two-factor authentication into the EWSS system. Furthermore, the information is maintained in an encrypted manner by ensuring the databases are encrypted. Lastly, audit logs are reviewed for suspicious activity by the direct contractor SSO on regularly basis. |