Enterprise Data Mesh
Date signed: 4/10/2025
| PIA Question | PIA Answer |
|---|---|
| OPDIV: | CMS |
| PIA Unique Identifier: | P-5676618-925654 |
| Name: | Enterprise Data Mesh |
| The subject of this PIA is which of the following? | Major Application |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | No |
| Identify the operator: | Contractor |
| Is this a new or existing system? | Existing |
| Does the system have Security Authorization (SA)? | Yes |
| Date of Security Authorization | 7/11/2024 |
| Indicate the following reason(s) for updating this PIA. Choose from the following options. | PIA Validation (PIA Refresh/Annual Review) |
| Describe in further detail any changes to the system that have occurred since the last PIA. | The Enterprise Data Lake name has changed to the Enterprise Data Mesh. |
| Describe the purpose of the system | At an enterprise level, the Centers for Medicare and Medicaid Services has numerous applications across several departments that consume and generate various types of data. The data is both structured and unstructured and originates from a variety of data sources. Several applications have this data stored in a traditional relational database, a data warehouse, or in flat files across disparate data centers. The Enterprise Data Mesh application provides value by preventing replication of multiple data sources which perpetuate data inefficiency, duplication, inconsistency, inferior quality, and increased costs for associated infrastructures. Several applications have this data stored in traditional databases or even in flat files at various data centers. As the need for utilizing these data sets is ever increasing, several applications within the agency will revert to replicating multiple data sources which perpetuate data inefficiency, duplication, inconsistency, inferior quality, and increased costs for associated infrastructure. In addition, Enterprise Data Mesh enables this agency to set up an enterprise-wide data lake which acts as a data marketplace, providing a catalog of data types for consuming this agency applications, and as a gateway to the source data to help consumers meet their program needs. |
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | The Enterprise Data Mesh enables this agency to set up an enterprise-wide data lake which acts as a data marketplace, providing a catalog of data types for consuming this agency application, and as a gateway to the source data to help consumers meet their program needs. Several applications have this data stored in traditional databases or even in flat files at various data centers. The Enterprise Data Mesh will register the schema information from the following agency's data sources; Common Medicare Environment, Transformed Medicaid Statistical Information System, Master Data Management, Beneficiary Information in the Cloud, Quality Payment Program, and Drug Data Processing System. The type of information received and maintained for Common Medicare Environment is the data schema pertaining to the Common Medicare Environment data source. The Common Medicare Environment data includes Medicare beneficiary demographic data used to support managed care enrollments, Payments to Medicare Advantage plans, Medicare Advantage Prescription Drug Enrollment Information, Medicare Part A, B, C, D enrollment Information, and Dual Medicare Eligibility Information. These data points describe the data schema for Common Medicare Environment. Only the headings will be stored in the Enterprise Data Mesh, not the actual data pertaining to beneficiaries that fall into these categories. The type of information received and maintained for Transformed Medicaid Statistical Information System is the data schema pertaining to the Transformed Medicaid Statistical Information System data source. The Transformed Medicaid Statistical Information System data includes information about beneficiary eligibility, beneficiary enrollment, and claims and managed care data. Data points to convey this information include beneficiary demographics, diagnosis codes, procedure codes, as well as claims and eligibility factors. The type of information received and maintained for Master Data Management is the data schema pertaining to the Master Data Management data source. The Master Data Management utilizes multiple disparate sources of both demographic and profile data attributes pertaining to Medicare Providers, Beneficiaries, and Organizations as well as Medicaid Recipients and Providers. The result is the creation of a trusted 360-degree profile of each entity engaged in various roles related to the Medicare or Medicaid programs. The type of information received and maintained for Beneficiary Information in the Cloud is the data schema pertaining to the Beneficiary Information in the Cloud data source. The Beneficiary Information in the Cloud data includes information about beneficiary demographics and beneficiary enrollment. Data points to convey this information include general beneficiary demographics, as well as eligibility factors. The type of information received and maintained for the Quality Payment Program is the data schema pertaining to the Quality Payment Program data source. The Quality Payment Program includes information about physician and clinician demographics and quality of care provided. Data points to convey this information include general demographic information on physicians, clinicians, such as specialties, practice locations, and phone numbers. The type of information received and maintained for the Drug Data Processing System is the data schema pertaining to the Drug Data Processing System data source. The Drug Data Processing System includes information pertaining to prescription drug transactions for a beneficiary. Data points to convey this information include general beneficiary demographics, beneficiary eligibility factors, as well as prescription drug factors, including prescription code, date of service, and quantity dispensed. The Enterprise Data Mesh will also carve out a staging area for data sources to provide extracts of their data for consumption by interconnecting with this agency's applications. This storage area is the only location for the potential storage of Personally Identifiable Information within the system. This data may contain Personally Identifiable Information elements of beneficiaries, providers, and provider organizations to include Social Security Number, Name, Mailing Address, Phone Number, Taxpayer Identification, Date of Birth and Health Insurance Claim Number. This information will be held indefinitely until no longer needed for agency use and is refreshed on a monthly cadence. Lastly, user credentials are required for federal employees and direct contractors to gain access to the Enterprise Data Mesh. These credentials, and other information collected from these individuals, such as email address, telephone number, and name, are governed by the Centers for Medicare and Medicaid Services' Amazon Web Services General Support System and covered under their respective Privacy Impact Assessment. Please note that all systems named here are covered under its own Authority to Operate and Privacy Impact Assessment. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | The Enterprise Data Mesh application focuses on eliminating redundancy, inconsistency, and fragmentation by having a single marketplace for the Centers for Medicare and Medicaid Services applications to view the catalog of this agency enterprise data, and a gateway to data needed to meet business functions. The data schema captures the types of data from each data source but not the data itself. These data points will remain with the source systems. These data schema will be routinely refreshed to represent the current data points held within the subscribed data sets. Lastly, the system collects usernames and passwords for administrators and users of the system. |
| Does the system collect, maintain, use or share PII? | Yes |
| Indicate the type of PII that the system will collect or maintain. |
|
| Indicate the categories of individuals about whom PII is collected, maintained or shared. |
|
| How many individuals' PII in the system? | 1,000,000 or more |
| For what primary purpose is the PII used? | The Enterprise Data Mesh system stores Personally Identifiable Information for the downstream consumption of interconnected Centers for Medicare and Medicaid Services applications. |
| Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | The Enterprise Data Mesh system follows the Targeted Life Cycle as part of its change management process for enhancements and changes. These enhancements and changes are tested in the implementation environment, hardened to the same level of production, using data sources which may contain Personally Identifiable Information to ensure that they function as intended prior to moving changes into the production environment. |
| Describe the function of the SSN. | The Social Security Number is not utilized by the Enterprise Data Mesh application to retrieve information on a beneficiary or provider. The Social Security Number may be stored in the staging area of the Enterprise Data Mesh if a data source includes it. The responsibility to report the function of the Social Security Number lies with the originating data source and is covered under the respective Privacy Impact Assessment. |
| Cite the legal authority to use the SSN. | Executive Order 9397 |
| Identify legal authorities governing information use and disclosure specific to the system and program. | 5 United States Code Section 301 Departmental Regulations |
| Are records on the system retrieved by one or more PII data elements? | No |
| Identify the sources of PII in the system: Directly from an individual about whom the information pertains | Online |
| Identify the sources of PII in the system: Government Sources | Within the OPDIV |
| Identify the sources of PII in the system: Non-Government Sources | |
| Identify the OMB information collection approval number and expiration date | Not Applicable |
| Is the PII shared with other organizations? | No |
| Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | The Enterprise Data Mesh receives data from the Centers for Medicare and Medicaid Services sourced applications; Common Medicare Environment, Transformed Medicaid Statistical Information System, Master Data Management, Beneficiary Information in the Cloud, Quality Payment Program, and Drug Data Processing System. As such, the programs referenced must provide the necessary notifications to individuals. Please note that all systems named here are covered under its own Authority to Operate and Privacy Impact Assessment. |
| Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
| Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | The Enterprise Data Mesh receives data from Centers for Medicare and Medicaid Services sourced applications; Common Medicare Environment, Transformed Medicaid Statistical Information System, Master Data Management, Beneficiary Information in the Cloud, Quality Payment Program, and Drug Data Processing System. As such, the programs referenced must provide the necessary notifications for individuals to opt-out of the stated terms of collection and use. Please note that all systems named here are covered under its own Authority to Operate and Privacy Impact Assessment. Administrator data is collected by the Centers for Medicare and Medicaid Services Amazon Web Services General Support Services during the account request and provisioning process. These notification steps are covered under their respective Privacy Impact Assessment. |
| Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | The Enterprise Data Mesh receives data from Centers for Medicare and Medicaid Services sourced applications; Common Medicare Environment, Transformed Medicaid Statistical Information System, Master Data Management, Beneficiary Information in the Cloud, Quality Payment Program, and Drug Data Processing System. As such, the programs referenced must provide the necessary notifications for individuals in terms of collection and use. These notification steps are covered under their respective Privacy Impact Assessment. Please note that all systems named here are covered under its own Authority to Operate and Privacy Impact Assessment. |
| Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | The Enterprise Data Mesh has not had any concerns about individuals who believe their Personally Identifiable Information has been inappropriately obtained. However, the Enterprise Data Mesh will follow the Centers for Medicare and Medicaid Services Information Technology helpdesk to process a service request as well as follow an incident response process. |
| Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | The Enterprise Data Mesh team conduct periodic reviews to adhere to major and minor changes of security and privacy processes and regulations. This may include updates to security controls, security, and privacy documentation for annual audits, testing and assessments. |
| Identify who will have access to the PII in the system and the reason why they require access. |
|
| Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | Access to the Enterprise Data Mesh sources, including all sensitive information, is guided by the Enterprise User Administration access control process. Administrators, developers, and contractors are required to apply for the Enterprise User Administration access first. Once unique identifiers are issued, users who require access to the Enterprise Data Mesh resources including sensitive information must request Enterprise User Administration job codes. Once job codes are approved using the existing this agency's Enterprise User Administration process, users receive access to the Enterprise Data Mesh sources which may include Personally Identifiable Information, if appropriate. Any and all requests for administrative access is submitted to and approved by the Enterprise Data Mesh Business Owner before access is given. Privileged users are reviewed routinely by the Business Owner to ensure that only authorized users have privileged access to systems which may contain Personally Identifiable Information. Please note that all systems named here are covered under its own Authority to Operate and Privacy Impact Assessment. |
| Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | The Enterprise Data Mesh utilizes role-based access to ensure that users have only the access necessary for them to perform their job functions. The information that may be accessed is defined by the user’s role. Please note that all systems named here are covered under its own Authority to Operate and Privacy Impact Assessment.
|
| Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | All users who wish to access the Enterprise Data Mesh resources are required to receive the Centers for Medicare and Medicaid Services security awareness training, which includes information related to their responsibilities for protecting sensitive information. This training is required before initial access. All users must be re-certified annually and must again complete this training at this time. |
| Describe training system users receive (above and beyond general security and privacy awareness training) | The Centers for Medicare and Medicaid Services security awareness training covers special handling of Personally Identifiable Information/Protected Health Information, as well as best practice security techniques for day-to-day handling of information and access to the Centers for Medicare and Medicaid Services systems. Enterprise Data Mesh contractors receive role-based training in addition to the Centers for Medicare and Medicaid Services security awareness training. This training is more locally specialized and emphasizes protection of sensitive information and incident response techniques and responsibilities. Each of these referenced trainings are conducted initially when access is requested, and again annually thereafter. |
| Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
| Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | The Enterprise Data Mesh is not the system of record for any Personally Identifiable Information. Records will be held indefinitely, until no longer needed for agency use. Personally Identifiable Information is retained and destroyed in accordance with National Archives and Records Administration Records Schedule Number DAA-0440-2015-0007 and DAA-0440-2015-0008 for Beneficiary and Provider information respectively. Suitably, data will be destroyed in accordance with these requirements, no sooner than 10 years after cutoff for beneficiary information and no sooner than 7 years after cutoff for provider data, unless longer retention is authorized. |
| Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | Administrative controls include access approval by management, and review of accounts. Please note that all systems named here are covered under its own Authority to Operate and Privacy Impact Assessment. |
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services