Medicare Fee-for-Service Data Collection System
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services
Date signed: 1/27/2023
| PIA Questions | PIA Answers |
|---|---|
| OPDIV: | CMS |
| PIA Unique Identifier: | P-8343912-510092 |
| Name: | Medicare Fee-for-Service Data Collection System |
| The subject of this PIA is which of the following? | Major Application |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | No |
| Is this a new or existing system? | Existing |
| Does the system have Security Authorization (SA)? | Yes |
| Date of Security Authorization | 12/8/2022 |
| Indicate the following reason(s) for updating this PIA. Choose from the following options. |
|
| Describe in further detail any changes to the system that have occurred since the last PIA. | Since the last PIA submission, the Fee-for-Service Data Collection System (FFSDCS) system has migrated from HP VDC to Amazon (AWS) Cloud environment. Previously FFSDCS system was hosted in the HP VDC by Perspecta, nowadays FFSDCS system is hosted in AWS cloud by General Dynamics Information Technology (GDIT), using a lift and shift model. Additionally, a third module has been added to the Medicare Fee-for-Service Data Collection System (FFSDCS) system. The Medicare Ground Ambulance Data Collection (GADCS) module adds the ability to collect private payor data from applicable laboratories. |
| Describe the purpose of the system | The goal of the new enhanced Fee For Service Data Collection System (FFSDCS) is to provide CMS with a system that can be accessed by applicable Ambulatory Services providers, Drug Manufacturers and laboratories to submit respective data to be used by CMS for calculating and disseminating payment rate limits. An additional goal of this system is to utilize the shared services offered by CMS. These include but are not limited to, the CMS portal and the Identity Management System (IDM). The following are specific system goals and objectives: Receive Private Payer data from applicable laboratories. Calculate the fees for covered tests based on market rates. Satisfy new legislative requirements Reduce the number of tests whose prices are derived at by either gap-filling or cross walking. Allow new covered tests to be converted to market rates after 3 quarters of data received. Relieve CMS from the task of changing some tests on the Fee Schedule (FS). The FFSDCS system consists of various modules. Average Sales Price (ASP) is a module under the FFSDCS which allows drug manufacturers to upload data into the ASP module and the mandate for Clinical Laboratory Fee Schedule (CLFS) is developed as a module under FFSDCS. A new module Medicare Ground Ambulance Data Collection (GADCS) has been added as a scope addition under new contract. Collectively, all these modules fall under the umbrella of FFSDCS. |
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | FFSDCS integrates with CMS Enterprise Portal and CMS Identity Management (IDM) Shared services for presentation and authentication services. All external users (laboratories, drug manufacturer representatives and ground ambulatory organizations) and users internal to CMS must acquire an CMS Identity Management Portal (IDM) user ID which is entered into the system to access the FFSDCS. The FFSDCS itself collects and stores information about laboratory organizations, ground ambulance organizations, drug manufacturers, Part B drugs, laboratory tests, ground ambulance organization information like cost, utilization and revenue. PII Data Elements: Tax Identification Number (TIN) of the Laboratory, Taxpayer ID (of the laboratory or manufacturer), Phone Number of the Laboratory, Email, Name (First Name, Last Name) and Mailing Address. Non-PII Data Elements: Laboratory Name, National Provider Identifier (NPI) of the Laboratory, CMS Certification Number (CCN) of the laboratory, Provider Transaction Access Number (PTAN) of the laboratory, Healthcare Common Procedure Coding System (HCPCS) Code of test sold by the laboratory, Volume of each test sold by the laboratory, Price of each test sold by the laboratory, Drug Manufacturer Name, Labeler Code of the drug, National Drug Code, Drug Name (Brand/Generic), Strength of Product, Volume, Number of items per NDC, FDA Application Number, FDA Supplemental Number, FDA Approval Date, FDA Approval Type, Date of First Sale, Expiration date of Final Lot Sold, Manufacturer ASP, Number of ASP Units, Wholesale acquisition cost, Number of CAP Units, Cost (Labor Cost, Total annual compensation for paid EMT/ response staff utilization), Revenue(Total Revenue), Total Expenses, Total Administrative and General Expenses, Total cost for the service, Utilization, Total purchase cost of ground ambulances, Total annual compensation for staff, and Total Facilities Cost. The data collected by Clinical Laboratory Fee Schedule (CLFS) module are as follows Tax Identification Number (TIN) of the Laboratory. Laboratory Name. National Provider Identifier (NPI) of the Laboratory. CMS Certification Number (CCN) of the laboratory. Provider Transaction Access Number (PTAN) of the laboratory. Healthcare Common Procedure Coding System (HCPCS) Code of test sold by the laboratory. Volume of each test sold by the laboratory. Price of each test sold by the laboratory. The FFSDCS Average Sales Price (ASP) Module collects Medicare Part B Average Sales Price information for drugs from manufacturers on a quarterly basis. Drug ASP is collected by National Drug Code or Alternate ID. CM crosswalks NDC/Alternate ID data to Healthcare Common Procedure Coding System (HCPCS) Codes. Volume weighted calculations are performed on the manufacturer submitted data and published as payment limits by Healthcare Common Procedure Coding System (HCPCS) code each quarter for Medicare Part B Drugs. The data collected are as follows:
Labeler Code of the drug National Drug Code Drug Name (Brand/Generic Strength of Product Volume Number of items per NDC FDA Application Number FDA Supplemental Number FDA Approval Date FDA Approval Type Date of First Sale Expiration date of Final Lot Sold Manufacturer ASP Number of ASP Units Wholesale acquisition cost Number of CAP Units The FFSDCS ground ambulance providers and suppliers selected to participate in the Medicare Ground Ambulance Data Collection System (GADCS) report cost, utilization, revenue, and other information over a continuous 12-month period (either a calendar or fiscal year). Cost (Labor Cost, Total annual compensation for paid EMT/ response staff utilization) Revenue (Total Revenue) Total Expenses Total Administrative and General Expenses Total cost for the service Utilization Total purchase cost of ground ambulances Total annual compensation for staff Total Facilities Cost The data that are stored and collected from users are not available for other end users to view and not published. The data are aggregated and calculated to determine overall payment rate limits for Average Sales Price (ASP), fee schedules for Clinical Laboratory Fee Schedule (CLFS) and to assess the adequacy of Medicare payments for ground ambulance services. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | FFSDCS utilizes the personally identifiable information (PII) (First Name, Last Name, Email) for the submission tracking reports that are within FFSDCS for CMS staff. The FFSDCS Clinical Laboratory Fee Schedule (CLFS) Module collects clinical laboratory test private payor rates and volumes by applicable laboratories. The collected data are aggregated and a weighted median is produced to be published on the annual clinical lab fee schedule. The data collected are as follows:
Laboratory Name. National Provider Identifier (NPI) of the Laboratory. CMS Certification Number (CCN) of the laboratory. Provider Transaction Access Number (PTAN) of the laboratory. Healthcare Common Procedure Coding System (HCPCS) Code of test sold by the laboratory. Volume of each test sold by the laboratory. Price of each test sold by the laboratory.
Labeler Code of the drug. National Drug Code. Drug Name (Brand/Generic). Strength of Product. Volume. Number of items per NDC. FDA Application Number. FDA Supplemental Number. FDA Approval Date. FDA Approval Type. Date of First Sale. Expiration date of Final Lot Sold. Manufacturer ASP. Number of ASP Units. Wholesale acquisition cost. Number of CAP Units. The Personally Identifiable Information (PII) collected from IDM is stored in FFSDCS database and it is retrieved programmatically within the system to grant role-based access and generate submission tracking reports for CMS staff role only. Both modules use (but do not collect itself) PII collected by IDM to identify the laboratory or manufacturer for which the data are collected, and to validate the data submission. These data include: Tax Identification Number (TIN) of the Laboratory Taxpayer ID (of the laboratory or manufacturer). Phone Number of the Laboratory Name (First Name, Last Name). Email address. Mailing address. |
| Does the system collect, maintain, use or share PII? | Yes |
| Indicate the type of PII that the system will collect or maintain. |
|
| Indicate the categories of individuals about whom PII is collected, maintained or shared. |
|
| How many individuals' PII in the system? | 10,000-49,999 |
| For what primary purpose is the PII used? | The Personally Identifiable Information (PII) is collected by the CMS Identity Management (IDM) portal and consumed as a service by the FFSDCS system to grant role-based access, determine compliance and appropriate submission of the dates. |
| Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | There are no additional or secondary uses of Personally Identifiable Information (PII) in this system |
| Describe the function of the SSN. | N/A |
| Cite the legal authority to use the SSN. | N/A |
| Identify legal authoritiesā governing information use and disclosure specific to the system and program. | Section 1834(A) of the Social Security Act (the Act) Section 1847A of the Act Average Sales Price (ASP) data is confidential per section 1927(b)(4)(D) of the Act 5 USC 301, Departmental Regulations |
| Are records on the system retrieved by one or more PII data elements? | Yes |
| Identify the number and title of the Privacy Act System of Records (SORN) that is being used to cover the system or identify if a SORN is being developed. | 09-70-0538: Individuals Authorized Access to CMS Computer Services; this SORN covers data collected through CMS Identity Management (IDM).
|
| Identify the sources of PII in the system: Directly from an individual about whom the information pertains | Online |
| Identify the sources of PII in the system: Government Sources |
|
| Identify the sources of PII in the system: Non-Government Sources | Private Sector |
| Identify the OMB information collection approval number and expiration date | For the Clinical Laboratory Fee Schedule (CLFS) portion of the system, as stated in section 1834A(h)(2) of the Social Security Act, Chapter 35 of title 44, United States Code, shall not apply to the information collection requirements contained in section 1834A of the Act. Consequently, the information collection requirements contained in this final rule need not be reviewed by the Office of Management and Budget. For the Average Sales Price (ASP) portion of the FFSDCS, the OMB control number is CMS 10110 currently approved through 08/31/2024 |
| Is the PII shared with other organizations? | No |
| Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | N/A
|
| Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
| Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | The FFSDCS System does not require end users to enter Personally Identifiable Information (PII). To gain system access, the user must first enter their Personally Identifiable Information (PII) into the Identity Management (IDM) system in order to obtain an IDM user ID. FFSDCS does not collect PII information directly from end users; however, FFSDCS queries the IDM system to grant role-based access and to provide CMS with more information about end users. The CMS IDM Authentication System allows you to manage end user accounts and access to the FFSDCS System. |
| Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | The FFSDCS use CMS shared services for registration of the users. CMS Identity Management (IDM) portal service should have a notification process/disclosure/data use agreements in place. |
| Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | The FFSDCS use CMS shared services for registration of the users. Any individual's having concerns regarding Personally Identifiable Information (PII) would be handled by CMS shared services. |
| Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | The FFSDCS use CMS shared services for registration of the users. It is the responsibility of the CMS shared services to maintain, the Personally Identifiable Information (PII) data's integrity, availability, accuracy and relevancy. |
| Identify who will have access to the PII in the system and the reason why they require access. |
|
| Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | Administrators/HelpDesk users undergo annual PII handling training to support FFSDCS application users. DCCA staff has procedures outlined in Rules of Behavior for handling Personally identifiable information (PII). |
| Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | Each user with access to Personally identifiable information (PII) is assigned roles which are enforced by the CMS Identity Management (IDM) and the FFSDCS application. No role can have more access than allowed by the system administrators. |
| Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | FFSDCS provides User Manuals and Operator Manuals. CMS requires annual Security and Privacy Awareness Training, Rules of Behavior, and CMS Role-based training. |
| Describe training system users receive (above and beyond general security and privacy awareness training) | N/A |
| Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
| Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | Disposition is temporary and will be cutoff annually. Records with Personally identifiable information (PII) in FFSDCS are destroyed 10 years after cutoff per DAA-0440-2013-0003. |
| Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | Administrative: Policies and Procedures, Incident Response Plan, Security Awareness Training Technical: Transport encryption, Encryption at Rest, Page level encryption Physical: Multi-factor authentication (MFA), (IDM), Building Access controls, Shredding of Personally identifiable information (PII), Federal Information Processing Standard FIPS 140-2 encryption. |