Marketplace Lite
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services
Date signed: 12/5/2023
| PIA Questions | PIA Answers |
|---|---|
| OPDIV: | CMS |
| PIA Unique Identifier: | P-9175612-272177 |
| Name: | Marketplace Lite |
| The subject of this PIA is which of the following? | Major Application |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | Yes |
| Is this a new or existing system? | Existing |
| Does the system have Security Authorization (SA)? | Yes |
| Date of Security Authorization | 4/22/2024 |
| Indicate the following reason(s) for updating this PIA. Choose from the following options. |
|
| Describe in further detail any changes to the system that have occurred since the last PIA. | The major change since last PIA comprises of new data elements being added to the Federally-Facilitated Marketplace application to collect information about sex, and sexual orientation to ensure the application aligns with Executive Orders and CMS strategic priorities and to help identify, monitor, and eliminate health disparities experienced by lesbian, gay, bisexual, transgender, queer, questioning, intersex, asexual, + (LGBTQI+) populations. These will be optional demographics. The Sexual Orientation Data Collection project consists of:
|
| Describe the purpose of the system | The Center for Medicare & Medicaid Services (CMS) Office of Communications (OC) designed Marketplace Lite (MPL) to provide an easy-to-use application process for individuals to enroll in health insurance coverage on the Federally Facilitated Marketplaces (FFM) website, healthcare.gov. FFM is covered by its own Privacy Impact Assessment (PIA). |
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | The MPL application process collects the following information from users as they create an account and apply for health insurance: full name, date of birth, email address, address, phone number, sex, Social Security Number (SSN), whether they are part of a federally-recognized Tribe, pregnancy information, relationships, veteran status, foster care information, and citizenship information. If there are additional household (dependent) members included on the application, some of the above information is collected about them. Additional information obtained is citizenship, employment information, dependent information, annual income (financial account information) and current healthcare coverage. Optional information that a consumer may also provide is ethnicity, race, sex assigned at birth, sexual orientation, and preferred language. For the MPL system support personnel (administrations, developers) to access the system, they must present a username and password. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | MPL is the overall application process through the healthcare.gov website. It provides an easy-to-use application process for all potential consumers of healthcare.gov. With the application flow, users can progress through easily to selecting an insurance plan or receive a determination of eligibility for financial assistance programs.
The information collected during the MPL application process is retained for as long as the consumer elects to purchase coverage through the FFM. The individual inputs the information to create an account and apply for healthcare insurance. After the application process, the individual is redirected to the FFM to select insurance plans and complete the process. The SSN is used by the MPL system to check for registrant uniqueness within the system.
The "challenge questions" are used by MPL for user account creation. Individuals voluntarily provide answers to these questions as well as user credential, a username and password, which are used to identify and authenticate each user.
To access MPL for system support purposes, user ID and password are collected. These user credentials are maintained for the length of time access to the system is necessary.
The MPL application process collects the following information from users as they create an account and apply for health insurance: full name, date of birth, email address, address, phone number, Sexual Orientation and Sex, Social Security Number (SSN), whether they are part of a federally- recognized Tribe, pregnancy information, relationships, veteran status, foster care information, and citizenship information. If there are additional household (dependent) members included on the application, some of the above information is collected about them. Additional information obtained is citizenship, employment information, dependent information, annual income (financial account information) and current healthcare coverage. Optional information that a consumer may also provide is ethnicity, race, and preferred language. Further, for retrieval purposes, the MPL team who access or use the system do not use any personal identifiers to retrieve records held in the system. |
| Does the system collect, maintain, use or share PII? | Yes |
| Indicate the type of PII that the system will collect or maintain. |
|
| Indicate the categories of individuals about whom PII is collected, maintained or shared. |
|
| How many individuals' PII in the system? | 1,000,000 or more |
| For what primary purpose is the PII used? | PII is collected and used to validate an individual's identity and eligibility determination for enrollment in a Qualified Health Plan. For system support personnel, it is used to access the system. |
| Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | This is not applicable to MPL. |
| Describe the function of the SSN. | SSN is used to check for registrant uniqueness within the system and verify citizenship. |
| Cite the legal authority to use the SSN. | 42 U.S.C. 18081 and Affordable Care Act (ACA) sections 1411 and 1414 |
| Identify legal authorities governing information use and disclosure specific to the system and program. | ACA 42 U.S.C. sections 1411(c),1411(d) and 1414; 18031, 18041, 18081—18083 45 CFR 155.200 5 U.S.C. 301, Departmental Regulations |
| Are records on the system retrieved by one or more PII data elements? | No |
| Identify the sources of PII in the system: Directly from an individual about whom the information pertains |
|
| Identify the sources of PII in the system: Government Sources | Within the OPDIV |
| Identify the sources of PII in the system: Non-Government Sources |
|
| Identify the OMB information collection approval number and expiration date | OMB Control Number: 0938-1156 OMB Control Number: 0938-1191 Title: Data Collection to Support Eligibility Determinations for Insurance Affordability Programs and Enrollment through Health Benefits Exchanges, Medicaid, and Children's Health Insurance Program Agencies Expiration Date: 10/31/2025 |
| Is the PII shared with other organizations? | No |
| Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | As part of the application process and creating an online account, an individual is presented with the Healthcare.gov Privacy Policy and must click a checkbox to acknowledge that they understand it. There is a link to the Privacy Policy at each stage of the application process, which also includes a Privacy Act Statement. If an individual elects to apply by mail or online, the Marketplace Application form has a privacy notice on it that has been updated as of 2018. Users who register by phone or in person are also notified that their personal information will be collected for registration purposes. MPL system support staff are notified via email when they receive their account login details about the collection of their personal information. |
| Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
| Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | There is no option for consumers to opt-out of providing PII, since it is necessary to register for health insurance. It is also necessary that the system collect PII of system support staff for identification and authentication as well as tracking/auditing purposes. |
| Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | Since MPL is part of the FFM website, healthcare.gov, any changes or updates to the system would be posted on the FFM website. |
| Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | Individuals who have concerns about their PII can contact the Health Insurance Marketplace call center at 1-800-318-2596. |
| Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | CMS has a National Institute of Standards and Technology (NIST)-compliant continuous monitoring program with regularly scheduled system audits, at least annually, and monthly/quarterly scanning to ensure system integrity and availability. As part of CMS, MPL is included within that monitoring system. To ensure the integrity, availability, accuracy, and relevancy of the PII in MPL, the following methodologies are used. MPL users can manage their own PII by editing their profile after they have registered with the system for data integrity, accuracy and relevancy. MPL does a cross-check with FFM for data integrity and account management purposes. MPL is designed with encryption and role-based access controls to ensure data accuracy, and integrity. Encryption is applied to data in transit and data at rest. |
| Identify who will have access to the PII in the system and the reason why they require access. |
|
| Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | The MPL user interfaces limit the display of PII to only those elements needed to perform specific tasks. Role-based access controls to ensure system support staff are granted access on a "need-to-know" and "need-to-access" basis which correspond to their assigned duties. The CMS System Owner determines who has an administrative account on this system and reviews all accounts periodically and as needed. |
| Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | There are three methods for restricting access. First, is to program user interfaces to limit the display of sensitive information, such as Personally Identifiable Information (PII) to only those elements needed to perform specific tasks. Second, PII is only transmitted to validate information rather than copy or pull information from another source. Third, role-based access controls and auditing ensure those with access have a "need-to-know" and "need to access". |
| Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | Both CMS employees and contractor staff who access or operate MPL are required to complete the annual CMS Security Awareness training provided annually as computer-based training (CBT) course. Contractors also complete their annual corporate security training. Individuals with privileged access must also complete role-based security training commensurate with the position they are working in. |
| Describe training system users receive (above and beyond general security and privacy awareness training) | Not applicable. |
| Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
| Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | MPL follows the CMS Records Schedule that was published in April 2015 and the National Archives and Records Administration General Records Schedule (GRS) 5.1 and 5.2 (July 2017). Specifically, for PII that is securely stored in the MPL database, the National Archives Records Association (NARA), General Records Schedule (GRS) 5.1 states that MPL will destroy such record immediately after copying to a recordkeeping system or otherwise preserving, but longer retention is authorized if required for business use. GRS 5.2 states that MPL will destroy records upon verification of successful creation of the final document or file, or when no longer needed for business use, whichever is later. |
| Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | Administrative controls include user training, system documentation that advises on proper use, implementation of need to know and minimum necessary principles when awarding access, and others. Technical controls include firewalls, network monitoring and intrusion detection, and multi-factor authentication. Physical controls include that all system servers are protected by guards, locked facility doors, and climate controls. Other appropriate controls have been selected from the National Institute of Standards and Technology (NIST) Guidance. |
| Identify the publicly-available URL: | http://www.healthcare.gov/app http://www.cuidadodesalud.gov/app
|
| Does the website have a posted privacy notice? | Yes |
| Is the privacy policy available in a machine-readable format? | Yes |
| Does the website use web measurement and customization technology? | Yes |
| Select the type of website measurement and customization technologies is in use and if is used to collect PII. (Select all that apply) |
|
| Does the website have any information or pages directed at children under the age of thirteen? | No |
| Does the website contain links to non-federal government website external to HHS? | Yes |
| Is a disclaimer notice provided to users that follow external links to websites not owned or operated by HHS? | Yes |