Skip to main content

Medicare Transaction Facilitator: Data Exchange Module

Date signed: 2/28/2025

PIA for Medicare Transaction Facilitator: Data Exchange Module
PIA QuestionsPIA Answers
OPDIV:CMS
PIA Unique Identifier:P-8514014-261601
Name:Medicare Transaction Facilitator: Data Exchange Module
The subject of this PIA is which of the following?Major Application
Identify the Enterprise Performance Lifecycle Phase of the system.Operate
Is this a FISMA-Reportable system?Yes
Does the system include a Website or online application available to and for the use of the general public?No
Identify the operator:Contractor
Is this a new or existing system?New
Does the system have Security Authorization (SA)?No
Planned Date of Authorization6/25/2025
Describe the purpose of the systemThe goal of Medicare Transaction Facilitator: Data Exchange Module (MTF DM) is to facilitate the exchange of data between pharmaceutical supply chain entities and support the verification of Maximum Fair Price (MFP) eligibility for CMS Medicare clients.
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements)

The Medicare Transaction Facilitator: Data Exchange Module (MTF DM) collects data from the following operations.

CMS Medicare part D drug manufacturer enrollment.
CMS Medicare part D dispensing entity enrollment.
CMS Medicare part D claims.
Data exchange with IDR/pricing and National Council for Prescription Drug Program (NCPDP).


PII Data Elements:
Name 
Email Address
Date of Birth
Phone Numbers
Medical Notes
Medical Record Numbers
Financial Account Information
Mailing Address
Taxpayer ID
Driver License Numbers

 
PHI Data Elements:
SERVICE PROVIDER IDENTIFICATION (ID) QUALIFIER
SERVICE PROVIDER ID
PRESCRIBER ID QUALIFIER
CATASTROPHIC COVERAGE CODE
TOTAL AMOUNT ATTRIBUTED TO SALES TAX
OTHER TROOP AMOUNT Claim Control Number
Prescription/Service Reference Number
Product/Service Identifier
340B Claim Indicator (as voluntarily reported by dispensing entity)
Contract Number
Compound Code
Edit Code(s) Selected Drug Name
Active Ingredient Name or Active Moiety Name
National Drug Code(NDC)-9
National Drug Code (NDC) -11
External reference (XREF) NDC-11
Single MFP per 30 Day Equivalent Supply (DES)
As of Date
Type of Update
Remarks MTF Internal Claim Number (ICN)
Wholesale Acquisition Cost (WAC)
WAC Effective Date
MFP Record ID
MTF Internal Claim Number (ICN)
MTF Xref ICN
Process Date
Claim Type
Medicare Source of Coverage
Fill Number
Service Provider MTF Enrollment Status
Final Action Switch/Indicator
Previous Amount Paid
Previous Quantity of Selected Drug
Previous Product/Service Identifier Record ID
NPI of the Entity Receiving the MFP Discount/Refund
Quantity of Selected Drug
Adjustment Type
Trace Number Payment Entity ID
Payment Entity Name
Dispensing Entity Name
Dispensing Entity NPI
Primary Manufacturer ID
Selected Drug Payment Entity ID
Type of Entity 
Dispensing Entity Operating Structure
Explanation of Other Operating Structure

National Council for Prescription Drug Program (NCPDP) Parent Organization ID
National Council for Prescription Drug Program (NCPDP) Chain Relationship ID
National Council for Prescription Drug Program (NCPDP) Provider ID
Pharmacy National Provider Identifier (NPI)
Material Cashflow Concern Indicator (DE-level)
Material Cashflow Concern Indicator (NPI-level)
Third-Party Support Entity Indicator
Third-Party Support Entity Service
NCPDP Payment Center ID
NCPDP Remit and Reconciliation ID
Other Third Party Support Entity (TPSE) Service Explanation
Transaction Code Type of User
NCPDP Payment Center ID
NCPDP Remit and Reconciliation ID
NCPDP Relationship ID
Services Contracted
 
Non-PII Data Elements: 
SEQUENCE NO
DATE OF SERVICE (DOS)
PAID DATE
DISPENSING STATUS
COMPOUND CODE
DISPENSE AS WRITTEN (DAW) PRODUCT SELECTION CODE
ORIGINALLY PRESCRIBED QUANTITY
QUANTITY DISPENSED
FILLER
DAYS SUPPLY
DRUG COVERAGE STATUS CODE
ADJUSTMENT DELETION CODE
NON- STANDARD FORMAT CODE
PRICING EXCEPTION CODE Fill Number
Days' Supply IPAY
NDC-9 MFP per Unit Price
NDC-11 MFP per Package Price Quantity Dispensed
WAC Price Type
MFP Effective Date
MTF End Date
Standard Default Refund Amount Quantity Dispensed
Days' Supply
Wholesale Acquisition Cost (WAC) at time of dispensing
Maximum Fair Price (MFP) at time of dispensing
Standard Default Refund Amount (WAC-MFP)
Previous Refund Paid Date Quantity Dispensed
Wholesale Acquisition Cost (WAC) at time of dispensing
Maximum Fair Price (MFP) at time of dispensing
Standard Default Refund Amount (WAC-MFP)
Previous Amount Paid
Previous Refund Paid Date
MFP Refund Transaction Date
Confirmation of MFP Refund to Dispensing Entity
Method for Determining MFP Discount/Refund Amount
Amount of Payment Sent as the MFP Refund Total Credit Amount
Total Debit Amount Type of User
Third-Party Support Entity Service Effective Dates
Name of  Third Party Support Entity (TPSE) for Payment
Name of Third Party Support Entity (TPSE) for Remittance Advice
MFP Refund Payment Preference
Electronic Remittance Advice (ERA) Delivery File Transfer Protocol (FTP) Address
Date of Submission Effective From Date and Effective Through Date
MFP Refund Payment Preference
Electronic Remittance Advice (ERA) Delivery File Transfer Protocol (FTP) Address
Date of Submission

Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily.MTF utilizes the personally identifiable information (PII) for enrollment of both drug manufacturers and dispensing entities, claims and pay data from drug manufacturers and dispensing entities.
Does the system collect, maintain, use or share PII?Yes
Indicate the type of PII that the system will collect or maintain.
  • Name
  • Driver's License Number
  • E-Mail Address
  • Phone Numbers
  • Medical Notes
  • Taxpayer ID
  • Date of Birth
  • Mailing Address
  • Medical Records Number
  • Financial Account Info
  • Other - Other- Pharmacy National Provider Identifier (NPI), Service Provider ID, Prescriber ID, Medicare Source of Coverage,
Indicate the categories of individuals about whom PII is collected, maintained or shared.
  • Employees
  • Business Partners/Contacts (Federal, state, local agencies)
  • Vendors/Suppliers/Contractors
  • Patients
How many individuals' PII in the system?1,000,000 or more
For what primary purpose is the PII used?The primary purpose of collecting PII is to support the exchange of data between pharmaceutical supply chain entities and support the verification of Maximum Fair Price (MFP) eligibility for CMS Medicare clients.
Describe the secondary uses for which the PII will be used (e.g. testing, training or research)Not applicable.
Describe the function of the SSN.Not applicable. SSN is not used.
Cite the legal authority to use the SSN.Not applicable. SSN is not used.
Identify legal authoritiesā€‹ governing information use and disclosure specific to the system and program.Section 1834(A) of the Social Security Act (the Act), Section 1847A of the Act.
Are records on the system retrieved by one or more PII data elements?Yes
Identify the number and title of the Privacy Act System of Records (SORN) that is being used to cover the system or identify if a SORN is being developed.Not applicable. MTF DM system does not require a System of Records Notice (SORN) because its collection and intended use of data are covered under the existing Drug Data Processing System (DDPS) SORN. MTF DM will collect banking information on behalf of pharmacies and not for specific people.  
Identify the sources of PII in the system: Directly from an individual about whom the information pertains
  • Online
  • Hard Copy Mail/Fax
  • Email
Identify the sources of PII in the system: Government Sources
  • Within the OPDIV
  • Other HHS OPDIV
Identify the sources of PII in the system: Non-Government Sources
  • Other - Drug manufacturers and dispensing entities
Identify the OMB information collection approval number and expiration date

0938-1452, 

Expiration date: 2026-01-31

Is the PII shared with other organizations?No
Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason.A Privacy Act Statement is required and provided to individuals when their information is solicited for collection into a system of records. The information collected will be used to identify and authenticate authorized users to the application. The PII collected will not be disclosed outside the agency. The Privacy Act of 1974 provides CMS with the authority to request the information. 
Is the submission of the PII by individuals voluntary or mandatory?Voluntary
Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason.The MTF System does not require end users to enter Personally Identifiable Information (PII). To gain system access, the user must first enter their Personally Identifiable Information (PII) into the
Identity Management (IDM) system to obtain an IDM user ID.
MTF does not collect PII information directly from end users; however, MTF queries the IDM system to grant role-based access and to provide CMS with more information about end users. The CMS IDM Authentication System allows you to manage end user accounts and access to the MTF System.
Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained.The MTF uses CMS shared services for registration of the users. CMS Identity Management (IDM) portal service should have a notification process/disclosure/data use agreements in place.
Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not.The MTF system uses CMS shared services for registration of the users. Any individual's having concerns regarding Personally Identifiable Information (PII) would be handled by CMS shared services.
Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not.The MTF uses CMS shared services for registration of the users. It is the responsibility of the CMS shared services to maintain the Personally Identifiable Information (PII) data's integrity, availability, accuracy, and relevancy.
Identify who will have access to the PII in the system and the reason why they require access.
  • Administrators: Administrators are given access to support day-to-day operations of the MTF system.
  • Developers: The development team of Data Computer Corporation of America (DCCA) contractors are direct CMS contractors using CMS Personal Identity Verification (PIV) cards to access CMS network. Data Computer Corporation of America (DCCA) Contractors who are responsible for fulfilling certain roles and tasks for the development of the system will have access to user's Personally identifiable information (PII).
  • Contractors: Data Computer Corporation of America (DCCA) contractors are direct CMS contractors using CMS Personal Identity Verification (PIV) cards to access CMS network. DCCA Contractors who are responsible for fulfilling certain roles and tasks for the development of the system will have access to user's Personally identifiable information (PII).
  • Others: - MTF-DM Business Operations Support Center (BOSC) Help Desk. The MTF Helpdesk is given access to support day-to-day operations of the MTF users.
Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII.The MTF Administrators/HelpDesk users undergo annual PII handling training to support MTF application users. DCCA staff has procedures outlined in Rules of Behavior for handling Personally identifiable information (PII).
Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job.

The MTF-DM system uses AC-3 Access Enforcement security control to limit users' access to the type, amount, and categories of PII necessary to perform their job functions. AC-3 security control implements role-based access control, so each MTF-DM user can only access pieces of data necessary for their role. MTF-DM systems use additional controls like AC-5 Separation of duties, AC-6 Least privilege AU-2 auditable events, and AU-6 Audit Record Review, Analysis, and Reporting to protect the security of PII data.  


The MTF-DM System Security Privacy Plan (SSPP) located in CFACTS implements CMS ARS version 5.1 security controls which provide comprehensive policies and procedures, specific training, and awareness security controls for protecting PII. It uses security controls from Access Control (AC), Personally Identifiable Information (PT), Audit and Accountability (AU). Incident Response (IR) Project Management (PM) security control families to protect PII in MTF-DM system.

Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained.MTF provides User Manuals and Operator Manuals. CMS requires annual Security and Privacy Awareness Training, Rules of Behavior, and CMS Role-based training.
Describe training system users receive (above and beyond general security and privacy awareness training)Not Applicable.
Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices?Yes
Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules.Disposition is temporary and will be cutoff annually. Records with Personally identifiable information (PII) in MTF are destroyed 10 years after cutoff per DAA-0440-2013-0003.
Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls.Administrative: Policies and Procedures, Incident Response Plan, Security Awareness Training
Technical: Transport encryption, Encryption at Rest
Physical: Multi-factor authentication (MFA), (IDM), Building Access controls, Shredding of Personally identifiable information (PII), Federal Information Processing Standard FIPS 140-2 encryption.

Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services

View all CMS PIAs