OPDIV: | CMS |
PIA Unique Identifier: | P-5080182-650000 |
Name: | Medicaid and CHIP Program System |
The subject of this PIA is which of the following? | Major Application |
Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
Is this a FISMA-Reportable system? | Yes |
Does the system include a Website or online application available to and for the use of the general public? | Yes |
Identify the operator: | Contractor |
Is this a new or existing system? | Existing |
Does the system have Security Authorization (SA)? | Yes |
Date of Security Authorization | 2/9/2023 |
Indicate the following reason(s) for updating this PIA. Choose from the following options. | |
Describe in further detail any changes to the system that have occurred since the last PIA. | Medicaid and CHIP (Children’s Health Insurance Program) Program (MACPro) Appian
Work flow and form updates via MACPro Releases.
Migrated to Fifth Generation Gold Image EC32 instances.
Upgraded to Appian COTS Product Release 22.2 with latest Hotfix Patches Children's Health Insurance Program Annual Reporting Template System (CARTS)
No changes Statistical Enrollment Data System (SEDS)
No major changes. One Medicaid and CHIP Program System (OneMAC) No Changes State Portfolio Tracking Tool (SPoTT)
No changes to the system have occurred since the last PIA Managed Care Reporting (MCR)
MCR now allows saving and submission of report data. Quality Measures Reporting (QMR)
MDCT-QMR is a cloud-based application used by the Centers for Medicare & Medicaid Services (CMS) and the National Academy for State Health Policy (NASHP). The primary activity of the MDCT-QMR application is to collect data from states related to Medicaid and CHIP. electronic Advance Planning Document (eAPD)
State admin certification letter management, migrating APD data to MongoDB, Launch Darkly feature flags, validation using Joi and react-hooks-form, updating the saving of sub-forms, moving budget information to server to be saved in MongoDB, end-to-end testing with Cypress, visual testing with Chromatic and Storybook eRegulations (eRegs)
This is a new application that has not previously had a PIA. |
Describe the purpose of the system | Medicaid and CHIP (Children’s Health Insurance Program) Program (MACPro) Appian
The Medicaid and CHIP (Children’s Health Insurance Program) Program system (MACPro) is used by both State and CMS officials to improve the State application and Federal review processes, improve Federal program management of the Medicaid and CHIP programs, and standardize Medicaid program data. MACPro automates the process for States to submit and amend their Medicaid State Plans, Medicaid waiver programs, CHIP plan information, and State Medicaid Health Information Technology Plans (SMHPs).
MACPro automates the uploading of States’ planning documents (SPD), State Plan Amendments (SPA) and Advanced Planning Documents (APDs), as well as applications and amendments to their Medicaid and CHIP demonstrations, and grant programs. Children's Health Insurance Program Annual Reporting Template System (CARTS)
The Children's Health Insurance Program (CHIP) Annual Reporting Template System (CARTS) is a web-based application used by the Centers for Medicare and Medicaid Services (CMS). Section 2108(a) and Section 2108(e) of the Social Security Act (SSA) provides that the states must assess the operation of their state child health plan each fiscal year, and report to the Secretary by January 1 following the end of the fiscal year, on the results of the assessment. In addition, the state must assess the progress made in reducing the number of uncovered, low-income children. National Academy for State Health Policy (NASHP) assists the states and CMS in coordinating efforts to continually analyze Title XXI annual reports for the defined purposes. Statistical Enrollment Data System (SEDS)
The primary activity of the MACPro Data Collection Tool (MDCT) Statistical Enrollment Data System (SEDS) application is to create an information system to track and report on the Children’s Health Insurance Program (CHIP) quarterly and annual enrollment numbers. One Medicaid and CHIP Program System (OneMAC)
OneMAC connects data from States to help CMCS make informed decisions about program oversite, including: - Ensuring that states are implementing their programs in alignment with CMS policies - Understanding how funding is being used in the States -Making transparent how States are addressing health outcomes for beneficiaries. State Portfolio Tracking Tool (SPoTT)
The State Portfolio Tracking Tool (SPoTT) is an internal CMS business intelligence tool for use by the Data Systems Group (DSG). The system collects information from different systems across CMS as well data entered into the system as part of the Medicaid Management Information System (MMIS) certification process for states. The information is used to provide the stakeholders a holistic view of a state’s Medicaid Enterprise System (MES) and allow for CMS to provide intervention when needed. Managed Care Reporting (MCR)
MCR is the CMS MDCT reporting application for collecting state-reported data related to Medicaid Managed Care program reports, including MCPAR, MLR, and NAAAR. It stores the templates for the three reports, as well as a help page to reach the MDCT help desk. Users access the application via Identity Management System (IDM) and are assigned roles that correspond to their permissions. State users can enter report data and submit data to CMS. Quality Measures Reporting (QMR)
MDCT-QMR contains web forms for states input information about their collected data regarding Medicaid and CHIP: Edit: Edit the annual measures based on State and Year selected. Submit: Submit the annual measures based on State and Year selected. View: View the annual measures based on State and Year selected. Export measures to a PDF: Export the answers for the state and year selected to a PDF. electronic Advance Planning Document (eAPD)
The eAPD system will serve as a singular, streamlined portal for state, federal, and associated partners to develop, review, track, analyze, and share Advance Planning Document (APD), contract submissions, and data to improve accountability and outcomes associated with the State’s Medicaid business needs. eRegulations (eRegs)
eRegulations is a web application that helps CMCS staff find and interpret legislation, regulations, subregulatory guidance, and other policy-related materials. The website displays relevant subregulatory guidance alongside Medicaid regulations, which is not available in other regulations reading tools such as eCFR (Electronic Code of Federal Regulations). |
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | MACPro (Appian)
The MACPro system collects and stores Medicaid and CHIP program information such as reports on the quality of care; amendments to the Medicaid and CHIP programs within each state; amendments to the administration and benefits, waiver program, types of medical care delivery systems, payment methods and other related operational information. It does not include any details or identifying information about Beneficiaries or Providers.
MACPro stores the user’s contact information, which includes First/Last name, Email, Phone number, CMS users Group/Division, MACPro role and attributes that drives user access to MACPro functionalities. CARTS
The new AWS accounts will collect, store, and share the same data previously collected, stored, and shared within the existing AWS account. Other than the AWS account, there will be no changes to how the data is stored nor any new data types. SEDS
States record their enrollment numbers by age range on a quarterly basis at the end of each fiscal quarter as well as annually at the end of the fiscal year. This system is complementary to the MDCT CHIP Annual Report Template System (CARTS). SEDS converts an existing paper data collection process into web-based application. It also is designed to provide the reporting and exporting of survey answers into a PDF template. OneMAC
First name, Last Name, Company Email, Generic information related to Medicare and Medicaid requests, rewards and statuses. SPoTT
SPoTT will consolidate data from current systems at CMS. Data will include state financial, schedule, programmatic data from current CMS systems. Newly generated data from CMS’s certification toolkit will be ingested into the system for reporting purposes. MCR
The system stores all saved and submitted report data and respective timestamps, along with the name associated with the IDM profile which undertook the action. This data is stored indefinitely. QMR
NO PII is collected. type of information collected is strictly statistical and program information type data and no PII eAPD
The system holds APD information as described by regulations, which includes staff resources, contractor costs, major milestones, outcomes and metrics, and budgets. The database also stores user metadata; username, work email, work phone; user access rights, and user audit logs (e.g. logging in, changing access). The s3 bucket stores images uploaded by users for APDs and state certification letters. eRegs
This application indefinitely stores: Text and metadata of public regulations and Federal Register documents, retrieved from public Application Program Interface (API)s offered by eCFR.gov and the FederalRegister.gov. Metadata about policy-related documents published by CMS, HHS, and other public sources relevant to Medicaid & CHIP, entered by contractors on this team. Credentials for contractors who edit document metadata in this application: username created by a system administrator, and a password created by a system administrator and then immediately changed by the individual. When a contractor leaves the project, a system administrator deactivates the account; the username remains in the system, but the individual cannot log into the account. There are fewer than 15 accounts in this application. |
Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | MACPro (Appian)
The MACPRO automates the process for States to submit and amend their Medicaid State Plans,
Medicaid waiver programs, CHIP plan information, and State Medicaid Health Information Technology Plans (SMHPs). This provides the mechanism for CMS to review and approve any changes to the functions of the programs such as the quality of care; amendments to the Medicaid and CHIP programs within each state; amendments to the administration and benefits, waiver program, types of medical care delivery systems, payment methods and other related operational information.
MACPro currently collects, maintains, or shares the following information:
Medicaid State Plan Health Homes program data
Medicaid State Plan Eligibility & Administration program data
Adult, Child and Health Homes Quality Measure for each Federal Fiscal Year
User roles and profile CARTS
The new AWS accounts will collect, store, and share the same data previously collected, stored, and shared within the existing AWS account. Other than the AWS account, there will be no changes to how the data is stored nor any new data types. SEDS
This system is complementary to the MDCT CHIP Annual Report Template System (CARTS). SEDS converts an existing paper data collection process into web-based application. It also is designed to provide the reporting and exporting of survey answers into a PDF template. OneMAC
The OneMAC system collects First name, Last Name, Company Email while connecting data from States to help CMCS make informed decisions about program oversight. SPoTT
SPoTT will consolidate data from current systems at CMS. Data will include state financial, state schedule, state programmatic data from current systems and newly generated data from CMS’s certification toolkit. MCR
The application provides state users the ability to save and submit report data for each of the three MCR reports (MCPAR, MLR, NAAAR). When reported, the gathered information will enable CMCS to better monitor and support state efforts in improving managed care program performance. Data is not requested or stored that pertains to individuals, rather the data requested and stored pertains to state managed care programs and entities. All information is collected in aggregate. QMR
MDCT-QMR contains web forms for states input information about their collected data regarding Medicaid and CHIP. eAPD
The system is broken down into a web application, an API server, and two databases. The web application is split into three sections: the APD builder/viewer, the State Administration Dashboard, and the Federal Administration Dashboard. The APD builder/viewer is the main part of the application and is responsible for walking the state user through building an APD. The APD data is permanently stored in the MongoDB. The State and Federal Administration Dashboards are responsible for approving and managing State Staff and State Admins respectively. The user access information collected here is stored permanently in the PostgreSQL database. The web application calls endpoints on the API to interact with the database. Passwords are collected by the client and sent to Okta, they are never stored. The server queries Okta for user profile information and permanently stores it in the PostgreSQL database. eRegs
The application stores and displays policy-related text and metadata to help users do policy research. Each contractor uses a unique username and password to log into the application's metadata editing tool, to help keep the policy-related information up to date for users. A system administrator creates a username for each contractor with an abbreviation derived from the contractor's name. The application keeps an audit log of content changes by all users, so that a change can be correlated with an individual user. When offboarding a contractor, the system administrator deactivates the individual's account, instead of completely deleting it, to preserve the integrity of the audit log. |
Does the system collect, maintain, use or share PII? | Yes |
Indicate the type of PII that the system will collect or maintain. | Name - E-Mail Address
- Phone Numbers
- Date of Birth
- Mailing Address
- Other - MACPro (Appian)Following information for the MACPro users is maintained: Firs/Last nameEmail addressPhone numberCMS users Group/DivisioneAPDwork email, work phone number, mobile phone number, date of birth, zip code, and city.OneMACFirst name, Last Name, Company Email
|
Indicate the categories of individuals about whom PII is collected, maintained or shared. | Employees - Business Partners/Contacts (Federal, state, local agencies)
- Other - MACPro (Appian)MACPro Users (Federal/state/local agencies): State UsersCMS Regional Office UsersCMS Central Office UsersOneMACOneMAC Users (Federal/state/local agencies):State UsersCMS Regional Office UsersCMS Central Office UserseAPD Any user that requests access to the system, including federal employees, state employees, and contractors.
|
How many individuals' PII in the system? | 500-4,999 |
For what primary purpose is the PII used? | MACPro (Appian)
The PII data in MACPro is used for following:
User name to show Point-Of-Contact, User action information on User Interface and System reports
Email address to send notifications
Phone number for Helpdesk to reach out to User OneMAC
The PII data in OneMAN is used for following:
User name to show Point-Of-Contact, User action information on User Interface and System reports
Email address to send notifications
Also used for user access to the application eAPD
Contacting users |
Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | Not Applicable. |
Describe the function of the SSN. | Not Applicable. |
Cite the legal authority to use the SSN. | Not applicable. |
Identify legal authorities governing information use and disclosure specific to the system and program. | Title 5 (TITLE 5—GOVERNMENT ORGANIZATION AND EMPLOYEES) USC 301, Departmental regulations. |
Are records on the system retrieved by one or more PII data elements? | No |
Identify the sources of PII in the system: Directly from an individual about whom the information pertains | Online |
Identify the sources of PII in the system: Government Sources | Within the OPDIV - State/Local/Tribal
- Other - MACPro (Appian)PII is sources from CMS Identity Management System (IDM) when a user successfully authenticates and is granted access to the MACPro system.eAPDUser provided through the EUA process. Okta supplies all of the PII that is stored in the system.
|
Identify the sources of PII in the system: Non-Government Sources | |
Identify the OMB information collection approval number and expiration date | OMB 0938-1188; 07/31/2023 |
Is the PII shared with other organizations? | No |
Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | MACPro (Appian)
During the first attempt to register and every time that user accesses the CMS Identity Management System (IDM) and MACPro the user has to agree to the Terms & Conditions of the usage. As part of the User Terms & Conditions, it is mentioned that the user should not have any reasonable expectation of privacy regarding any communication or data transiting or stored on these systems. The user data will be monitored, intercepted, searched and seize any communication or data transiting or stored on this system at any time and for any lawful Government purpose. The notification process occurs at the IDM new user registration screen and then subsequently at the user access screen of IDM. CARTS
N/A - PII is not collected. OneMAC
During the first attempt to register and every time that user accesses the CMS Identity Management System (IDM) and OneMAC the user has to agree to the Terms & Conditions of the usage. As part of the User Terms & Conditions, it is mentioned that the user should not have any reasonable expectation of privacy regarding any communication or data transiting or stored on these systems. The user data will be monitored, intercepted, searched and seize any communication or data transiting or stored on this system at any time and for any lawful Government purpose. The notification process occurs at the IDM new user registration screen and then subsequently at the user access screen of IDM. SPoTT
N/A MCR
N/A QMR
PII is not collected. eAPD
Controlled by IDM/Okta eRegs
N/A |
Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | MACPro (Appian)
There is no method to opt-out of providing PII. The users have to accept the Terms & Conditions before accessing the MACPro application. The Terms & Conditions advises the user that they are accessing a U.S. Government system and there should be no reasonable expectation of privacy. CARTS
NO PII collected. SEDS
Voluntary OneMAC
There is no method to opt-out of providing PII. The users have to accept the Terms & Conditions before accessing the OneMAC application. The Terms & Conditions advises the user that they are accessing a U.S. Government system and there should be no reasonable expectation of privacy. SPoTT
N/A MCR
N/A QMR
NO PII collected. eAPD
None. There is no way to opt-out because the information is needed to identify the user in the system.
As stated above, the eAPD team is reassessing how much user information is stored and reducing it to the bare minimum needed for identification and communication. eRegs
N/A |
Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | MACPro (Appian)
MACPro users are required to agree to the Terms & Conditions which addresses privacy, prior to gaining access to OR logging into the system. The Terms & Conditions are always available to read for the users during the login process. CARTS
NO PII collected. SEDS
NO PII collected. OneMAC
OneMAC users are required to agree to the Terms & Conditions which addresses privacy, prior to gaining access to OR logging into the system. The Terms & Conditions are always available to read for the users during the login process. SPoTT
N/A MCR
N/A QMR
NO PII collected. eAPD
Controlled by IDM/Okta
During the first attempt to register and every time that user accesses the CMS Identity Management System (IDM) and eAPD the user has to agree to the Terms & Conditions of the usage. As part of the User Terms & Conditions, it is mentioned that the user should not have any reasonable expectation of privacy regarding any communication or data transiting or stored on these systems. The user data will be monitored, intercepted, searched and seize any communication or data transiting or stored on this system at any time and for any lawful Government purpose. The notification process occurs at the IDM new user registration screen and then subsequently at the user access screen of IDM. eRegs N/A |
Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | MACPro (Appian)
Since an individual creates an account and accesses MACPro through CMS IDM, the MACPro system does not have a process to resolve an individual’s concerns. An individual would contact the IDM Help Desk by email to report their concerns. The IDM Help Desk would investigate and assist the user and also contact the MACPro Help Desk to advise on the issues. CARTS
NO PII collected. MDCT SEDS
NO PII collected. OneMAC
Since an individual creates an account and accesses OneMAC through CMS IDM, the OneMAC system does not have a process to resolve an individual’s concerns. An individual would contact the IDM Help Desk by email to report their concerns. The IDM Help Desk would investigate and assist the user and also contact the OneMAC Help Desk to advise on the issues. SPoTT
N/A MCR
N/A QMR
NO PII collected. eAPD
Controlled by IDM/Okta
If an individual has concerns about whether their PII has been inappropriately obtained, they would need to contact the IDM Help Desk. This is due to the fact that their initial individual accounts are created through IDM and thus, initiating that process through IDM must be followed. eRegs N/A |
Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | MACPro (Appian)
Every time a user successfully logs into MACPro via IDM using his/her IDM user id & password, MACPro connects to the API Profile service and confirms PII information (Name, MACPro role, work email address, and work phone number. In order to maintain the accuracy, and relevancy of the PII stored within MACPro database, the PII information of the user is updated in the MACPro database with the new PII information that is provided to MACPro by IDM every time the user successfully logs into MACPro via IDM.
Under this process, all outdated, unnecessary, irrelevant, and inaccurate PII is identified and deleted from MACPro database. The PII is available as needed, and is sufficient (minimum required) for the purposes needed. The PII fields are locked and cannot be changed; the process to ensure that individuals who provide or modify PII cannot repudiate that action is done within the source (IDM) system. The process to ensure PII is available when needed is by updating the information in MACPro with IDM information, every time the user successfully logs into MACPro; the process to ensure that PII is sufficiently accurate for the purposes needed is ensured when the updates are sync.
Users, can at any time, request that their PII (access) be deleted, by contacting MACPro Helpdesk, who in turn, would take the corresponding action with IDM and development teams. CARTS
NO PII collected. SEDS
NO PII collected. OneMAC
Every time a user successfully logs into OneMAC via IDM using his/her IDM user id & password, OneMAC connects to the API Profile service and confirms PII information (Name, OneMAC role, work email address, and work phone number. In order to maintain the accuracy, and relevancy of the PII stored within OneMAC database, the PII information of the user is updated in the OneMAC database with the new PII information that is provided to OneMAC by IDM every time the user successfully logs into OneMAC via IDM.
Under this process, all outdated, unnecessary, irrelevant, and inaccurate PII is identified and deleted from OneMAC database. The PII is available as needed, and is sufficient (minimum required) for the purposes needed. The PII fields are locked and cannot be changed; the process to ensure that individuals who provide or modify PII cannot repudiate that action is done within the source (IDM) system. The process to ensure PII is available when needed is by updating the information in OneMAC with IDM information, every time the user successfully logs into OneMAC; the process to ensure that PII is sufficiently accurate for the purposes needed is ensured when the updates are sync.
Users, can at any time, request that their PII (access) be deleted, by contacting OneMAC Helpdesk, who in turn, would take the corresponding action with IDM and development teams. SPoTT
N/A QMR
NO PII collected. eAPD
Controlled by IDM/Okta eRegs N/A |
Identify who will have access to the PII in the system and the reason why they require access. | Users: MACPro (Appian)
Users: MACPro users can lookup other MACPro users for the purpose of assigning users' tasks in the MACPro business workflow. MACPro user also have the ability to send other users messages within the application. CARTS
NO PII collected or accessible SEDS
NO PII collected or accessible QMR
NO PII collected or accessible eAPD
Users only have access to their own PII. eRegs N/A Administrators: MACPro (Appian)
Administrators:
Administrators, have access to PII for user communications, system maintenance, and user account management and as necessary for other system administration functions. CARTS
NO PII collected or accessible SEDS
NO PII collected or accessible QMR
NO PII collected or accessible eAPD
State Administrators have access to a user's email who have or are requesting access to their state. This information is needed to identify and communicate with the user. Federal Administrators have access to a user's email address of all of the users in the system, for purposes of identifying and communicating with the users. Generally, the user's email address is their government address, but we have seen some personal email addresses entered into the system Contractors: MACPro (Appian)
Contractors/Helpdesk:
CMS direct contractors, in their role as a system administrator, will have access to PII information for user communications, system maintenance, and user account management. CARTS
NO PII collected or accessible SEDS
NO PII collected or accessible QMR
NO PII collected or accessible eAPD
The developers are contractors so they also need access to the PII of all of the users in the system for purposes of resolving issues with the database.
|
Developers Explanation: | MACPro (Appian)
Database Developers have access to MACPro user PII, as needed to troubleshoot and resolve role database related issues. CARTS
NO PII collected or accessible SEDS
NO PII collected or accessible QMR
NO PII collected or accessible eAPD
Developers have access to the PII of all of the users in the system for purposes of resolving any issues with the database. |
Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | MACPro (Appian)
MACPro uses role-based access to determine access to PII. MACPro users request access and then the CMS MACPro administrators approve the request to permit different levels of access, dependent on the assigned role. CARTS
Identity and access management (IDAM) can control access to PII. System does not handle or store PII. SEDS
NO PII collected or accessible OneMAC
OneMAC uses role-based access to determine access to PII. OneMAC users request access and then the CMS OneMAC administrators approve the request to permit different levels of access, dependent on the assigned role. SPoTT
N/A MCR
N/A QMR
IDAM can control access to PII. System does not handle or store PII. eAPD
The determination is made using the principle of least access. The system user only has access to the minimum information that they need to do their jobs. eRegs
N/A |
Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | MACPro (Appian) It is mandatory for all CMS employees and contractors to complete annual Security and Privacy Awareness training. At the end of the course, there is an examination and a certificate of completion is provided as evidence. CARTS
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. SEDS
N/A - No PII collected or stored. OneMAC
It is mandatory for all CMS employees and contractors to complete annual Security and Privacy Awareness training. At the end of the course, there is an examination and a certificate of completion is provided as evidence. SPoTT
N/A MCR
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. QMR
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. eAPD
None CARTS
N/A - No PII collected or stored. SEDS
IDAM can control access to PII. System does not handle or store PII. OneMAC
OneMAC has a ‘Role Approver’ roles that limits access to user PII. Users requests additional role(s) and the OneMAC administrators approves the request based on the principle of least privilege. SPoTT
N/A MCR
N/A QMR
N/A - No PII collected or stored. eAPD
Access is restricted by roles, the roles (e.g. State Staff, State Contractor, State Admin, Federal Admin, and System Admin) are used to determine who has access to what. State Staff and State Contractors can only access their own PII and the APD data for their state. State Admins have to approve their state users, so they can see the PII of all of the users that have or have requested access to their state. The Federal Admins approve State Admins, but can also revoke access for any user in the system, so they need to be able to see all of the user's PII. The developers/contractors have to access the database for maintenance and issue resolution, so they have access to the PII stored in the database. |
Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | MACPro (Appian)
Certain MACPro users are provided comprehensive role-based training that addresses management, operational, and technical roles and responsibilities covering physical, personnel, and technical safeguards and counter measures. CARTS
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. SEDS
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. OneMAC
Certain OneMAC users are provided comprehensive role-based training that addresses management, operational, and technical roles and responsibilities covering physical, personnel, and technical safeguards and counter measures. SPoTT
N/A MCR
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. QMR
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. eAPD
None |
Describe training system users receive (above and beyond general security and privacy awareness training) | MACPro (Appian)
Certain MACPro users are provided comprehensive role-based training that addresses management, operational, and technical roles and responsibilities covering physical, personnel, and technical safeguards and counter measures. CARTS
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. SEDS
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. OneMAC
Certain OneMAC users are provided comprehensive role-based training that addresses management, operational, and technical roles and responsibilities covering physical, personnel, and technical safeguards and counter measures. SPoTT
N/A MCR
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. QMR
IDM solution creates, enables, modifies, disables, and removes accounts in accordance with the requirement for each user to complete privacy training every 365 days, otherwise the account will be disabled. eAPD
None |
Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | MACPro follows the National Archives and Records Administration (NARA) General Records Schedule (GRS) 3.1, which states that records will be destroyed after five years. The Medicaid and
CHIP program information follows the CMS Records Schedule Section V. Medicaid, G. Medicaid State Plans & Amendments. It outlines several schedules that range from destroy "when no longer needed" to up to retaining for seven years and then destroying the records. |
Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | MACPro (Appian)
The administrative controls in place to secure the PII include role-based access and permissions, periodic review of users and deletion of non-active accounts.
The technical controls in place include firewalls that prevent unauthorized access, encrypted access at log on, security scans, penetration testing, intrusion detection and prevention systems (IDS/IPS) and computer system controls that prevent unauthorized access.
The MACPro system inherits physical controls from Amazon Web Services (AWS), such as security of doors with the use of security cards and pass codes; the efficacy of heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, fencing and security guards. CARTS
MACPro follows NARA records retention guidelines regarding appropriate retention and/or disposal of information. Although MACPro contains no PII or PHI, it is still considered a System of Record.
After data is processed and is in the state of being stored, the control structure acts to protect the data from destruction or unauthorized modification. SEDS
MACPro follows NARA records retention guidelines regarding appropriate retention and/or disposal of information. Although MACPro contains no PII or PHI, it is still considered a System of Record.
After data is processed and is in the state of being stored, the control structure acts to protect the data from destruction or unauthorized modification. OneMAC
The administrative controls in place to secure the PII include role-based access and permissions, periodic review of users and deletion of non-active accounts.
The technical controls in place include firewalls that prevent unauthorized access, encrypted access at log on, security scans, penetration testing, intrusion detection and prevention systems (IDS/IPS) and computer system controls that prevent unauthorized access.
The OneMAC system inherits physical controls from Amazon Web Services (AWS), such as security of doors with the use of security cards and pass codes; the efficacy of heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, fencing and security guards. SPoTT
N/A MCR
MACPro follows NARA records retention guidelines regarding appropriate retention and/or disposal of information. Although MACPro contains no PII or PHI, it is still considered a System of Record.
After data is processed and is in the state of being stored, the control structure acts to protect the data from destruction or unauthorized modification. QMR
MACPro follows NARA records retention guidelines regarding appropriate retention and/or disposal of information. Although MACPro contains no PII or PHI, it is still considered a System of Record.
After data is processed and is in the state of being stored, the control structure acts to protect the data from destruction or unauthorized modification. eAPD
The system is secured behind a VPN. The database is protected by a username and password. The application is protected by a username, password, and multi-factor authentication provided by Okta. The application is restricted to Federal Administrators that are connected directly to the project, System Administrators that are working directly on the project, State Administrators that must have a letter signed by the State Medicaid Director and approval from the Federal Administrator, and State Staff and State Contractors that must receive access from the State Administrator who is working with them. To access the database directly requires logging into the VPN using multi-factor authentication, having a proxy box created by the eAPD team with the proper security keys installed, the matching security key, and the database username and password. |
Identify the publicly-available URL: | MACPro (Appian)
N/A CARTS https://mdctcarts.cms.gov SEDS
https://mdctseds.cms.gov OneMAC
N/A SPoTT
N/A MCR
https://mdctmcr.cms.gov/ QMR
https://mdctqmr.cms.gov eAPD
N/A eRegs
N/A |
Does the website have a posted privacy notice? | Yes |
Is the privacy policy available in a machine-readable format? | Yes |
Does the website use web measurement and customization technology? | No |
Does the website have any information or pages directed at children under the age of thirteen? | No |
Does the website contain links to non-federal government website external to HHS? | No |
