Skip to main content

Research Accessible Products Innovation and Deployable Solutions

Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services

Date signed: 12/27/2023

PIA information for Research Accessible Products Innovation and Deployable Solutions
PIA QuestionsPIA Answers
OPDIV:CMS
PIA Unique Identifier:P-6205162-683713
Name:Research Accessible Products Innovation and Deployable Solutions
The subject of this PIA is which of the following?Major Application
Identify the Enterprise Performance Lifecycle Phase of the system.Operate
Is this a FISMA-Reportable system?Yes
Does the system include a Website or online application available to and for the use of the general public?No
Identify the operator:Contractor
Is this a new or existing system?Existing
Does the system have Security Authorization (SA)?Yes
Date of Security Authorization8/1/2023
Indicate the following reason(s) for updating this PIA. Choose from the following options.
  • Significant System Management Change
  • PIA Validation (PIA Refresh/Annual Review)
  • Alteration in Character of Data
Describe in further detail any changes to the system that have occurred since the last PIA.The system name Risk Adjustment Payment Integrity Determination System (RAPIDS) to Research Accessible Products Innovation and Deployable Solutions (RAPIDS). The web application that was supporting Risk Adjustment was decommission. OIT, who owns the environment, has shifted priority to focus on 508 and Accessibility Research.
Describe the purpose of the systemThe purpose of the Research Accessible Products Innovation and Deployable Solutions (RAPIDS) environment will be to explore and conduct pilots focused on improving and expanding Section 508 accessibility innovations. The environment will be used to explore assistive technologies, such as screen readers and text-to-speech software, as well as inclusive design practices that make products and services more usable for people with disabilities.  The results will be used to inform CMS leadership, technical leads, and ADOs across the agency. 
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements)The system will use export data from CMS to conduct accessibility-focused NLP pilots, ingest and perform comprehensive analysis on AI pilot data, and perform root cause analysis to identify repeated and systemic issues which lead to component/vendor errors. Some examples of export data would include complaints and bug trackers.
Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily.

The purpose of the Research Accessible Products Innovation and Deployable Solutions (RAPIDS) environment will be to explore and conduct pilots focused on improving and expanding Section 508 accessibility innovations. The environment will be used to explore assistive technologies, such as screen readers and text-to-speech software, as well as inclusive design practices that make products and services more usable for people with disabilities.  The results will be used to inform CMS leadership, technical leads, and ADOs across the agency. 

The environment is hosted in CMS Cloud AWS enclave and consists of a EC2 instance in a private subnet with the RHEL gold image for python analytics and an encrypted s3 bucket for any potential outputs. A VPC endpoint has also been created to ensure that any traffic between the instance and the bucket is private. Connection to the EC2 instance is facilitated through SSH and can only be accessed through the CMS VPN. There are no public facing components with URLs/IPs. Through collaboration with Accessibility team, access to complaints and bug trackers will be provided and stored within S3 bucket.

Does the system collect, maintain, use or share PII?No
 Users Explanation: Users of the system are data scientist that create AI pilots with accessibility data 
 Administrators Explanation: Administrators would need access to configure the infrastructure needed for users and developers to create models and AI pilots.  
 Developers Explanation: Developers (Contractors) are given developer privileges in order to develop AI models. 
 Contractors Explanation: Direct contractors, in their roles as user, administrator or developer, may have access to data as described in those role explanations.