Skip to main content

MedTrak

Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services

Date signed: 1/27/2023

PIA Information for MedTrak
PIA QuestionsPIA Answers
OPDIV:CMS
PIA Unique Identifier:P-3267375-367468
Name:MedTrak
The subject of this PIA is which of the following?Major Application
Identify the Enterprise Performance Lifecycle Phase of the system.Operate
Is this a FISMA-Reportable system?Yes
Does the system include a Website or online application available to and for the use of the general public?No
Is this a new or existing system?New
Does the system have Security Authorization (SA)?Yes
Date of Security Authorization11/3/2022
Describe the purpose of the systemMedTrak is an Enterprise Tracking System Application developed to support all aspects of the Clinical Data Abstraction Center (CDAC) contract:  Medical Abstraction, Validations, and Reporting.
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements)Personally Identifiable Information/Protected Health Information (PII/PHI). MedTrak collects medical records which contain patient Name, E-Mail Address, Phone Numbers, Medical Notes, Date of Birth, Mailing Address, Medical Records Number, Date of Death, Biometric Identifiers and Photographic Identifiers (The providers may include X-Rays with the medical records. X-Rays may be considered biometrics and photographic, but these are not required nor used by MedTrak).  
Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily.

MedTrak is an expansive workflow system which allows Clinical Data Abstraction Center (CDAC) to receive, abstract, validate, process, report, and destroy records for our contractual obligations. 

PII is retrieved from the database and shown to the abstractor at the start of abstracting a record to verify they have the correct patient and dates of service.

The MedTrak is the Clinical Data Abstraction Center Enterprise Tracking System being implemented to collect medical records or information from Quality Improvement Organizations (QIOs) or hospitals as part of the Clinical Data Abstraction Center (CDAC). MedTrak is responsible for processing over 80,000 medical records per year. MedTrak is designed to request, store, and retrieve medical records for use in medicals studies. The studies are created and managed through various agencies within the government. MedTrak is the workflow, which includes tracking and operational system used by CDAC to perform abstraction and validation of the medical records. The work conducted by the CDAC is finalized in the Inpatient Perspective Payment System (IPPS) final rule which is a requirement of the statute finalized by congress.

With MedTrak, we are validating provider reported quality measure outcome data by reviewing the medical record, and performing medical record reviews for healthcare related adverse events. It is not only important to make sure that the data received by Centers for Medicare & Medicaid Services (CMS) is a quality data but it is a mandatory requirement based on the statute finalized by congress. Based on the information gained by collecting/abstracting/validating medical records CMS is able to keep the providers accountable for not only providing quality data but also improve the overall care provided to the CMS beneficiaries in the participating hospitals across the nation. This perhaps helps save lives with good quality of care.

Does the system collect, maintain, use or share PII?Yes
Indicate the type of PII that the system will collect or maintain.
  • Social Security Number
  • Name
  • E-Mail Address
  • Phone Numbers
  • Medical Notes
  • Date of Birth
  • Photographic Identifiers
  • Biometric Identifiers
  • Mailing Address
  • Medical Records Number
  • Date of Death
Indicate the categories of individuals about whom PII is collected, maintained or shared.Patients
How many individuals' PII in the system?100,000-999,999
For what primary purpose is the PII used?Medical Abstraction, Validations, and Reporting
Describe the secondary uses for which the PII will be used (e.g. testing, training or research)The Personally Identifiable Information (PII) is used for Testing, Training, and Research
Describe the function of the SSN.The Social Security Number (SSN) is included in the medical records from the providers to uniquely identify healthcare patients. However, MedTrak does not use, nor directly collects SSNs.
Cite the legal authority to use the SSN.

Medicare Improvements for Patients and Providers Act (MIPPA), 2008.

2008, E.O. 9397 

Identify legal authorities​ governing information use and disclosure specific to the system and program.

Medicare Improvements for Patients and Providers Act (MIPPA), 2008.

2008, E.O. 9397 

Are records on the system retrieved by one or more PII data elements?Yes
Identify the number and title of the Privacy Act System of Records (SORN) that is being used to cover the system or identify if a SORN is being developed.Published: Medicare Beneficiary Database (MBD), HHS/CMS/CBC 09-70-0536 
Identify the sources of PII in the system: Directly from an individual about whom the information pertainsOther - Personally Identifiable Information (PII) comes from healthcare providers, primarily from Hospitals.
Identify the sources of PII in the system: Non-Government SourcesOther - Hospitals and Healthcare Providers
Is the PII shared with other organizations?No
Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason.Individuals are notified by their healthcare provider that their information can be shared for providing healthcare services, payment, and validation/auditing/fraud prevention.
Is the submission of the PII by individuals voluntary or mandatory?Voluntary
Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason.PII collected by MedTrak is not acquired directly from individuals. As the information is provided by providers and healthcare facilities, the opportunity to opt out should be provided at the care level. As such, there is no option to opt out from MedTrak.
Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained.There is no process to notify individuals.  There is a process to notify CMS/Healthcare Quality Information System (HCQIS) if disclosure is necessary.
Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not.CDAC has no role directly with patients and this would need to take place with CMS or the provider.
Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not.The MedTrak system employs a partnership of trust with its data sources.   
Identify who will have access to the PII in the system and the reason why they require access.
  • Users:  They are authorized Clinical Data Abstractors and Validators
  • Administrators: Maintain the environment security and integrity
  • Developers: They define and improve the workflow of the application.
Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII.CMS has a standard process to vet MedTrak users and its development team. All MedTrak users have received authorization from CMS to access the system and its Personally Identifiable Information/ Protected Health Information (PII/PHI).
Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job.MedTrak operates under least privilege principles and does not allow users to search by name. 
Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained.All MedTrak users sign a Memo of Understanding; Rules of Behavior; and Privacy Agreement.  Rules of Behavior and Security Awareness training are required to be completed annually. 
Describe training system users receive (above and beyond general security and privacy awareness training)All abstractors go through multiple training for each of the different modules in which they work.
Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices?Yes
Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules.

The Destruction application is utilized by the Shipping and Receiving Department. This function is used to destruct medical record(s) once they have been cycled through abstraction, validation, adjudication, and the shipping storage work steps. Records are stored for a certain time period and then they must be destroyed in congruence with their specific destruction guidelines. Disposition Authority: N1-440-09-3 

On occasion, records need to be retained by the CDAC for longer than their normal destruct age allows. These records are put into separate “Hold” projects that do not have a determined destruct age until they are no longer needed for retention or are used for additional purposes. MedTrak uses CMS Bucket 6 – Provider and Health Plan Records for the General Record Schedule and is located at the following URL: https://www.cms.gov/Regulations-and-Guidance/Guidance/CMSRecordsSchedule/Downloads/Bucket-6-Provider-and-Health-Plan-Records.pdf 

Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls.Personally Identifiable Information (PII) is always secured while in use via encryption.  Users only use PII data on need-to-know basis and data is tracked.