Research Accessible Products Innovation and Deployable Solutions
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services
Date signed: 12/27/2023
PIA Questions | PIA Answers | |
---|---|---|
OPDIV: | CMS | |
PIA Unique Identifier: | P-6205162-683713 | |
Name: | Research Accessible Products Innovation and Deployable Solutions | |
The subject of this PIA is which of the following? | Major Application | |
Identify the Enterprise Performance Lifecycle Phase of the system. | Operate | |
Is this a FISMA-Reportable system? | Yes | |
Does the system include a Website or online application available to and for the use of the general public? | No | |
Identify the operator: | Contractor | |
Is this a new or existing system? | Existing | |
Does the system have Security Authorization (SA)? | Yes | |
Date of Security Authorization | 8/1/2023 | |
Indicate the following reason(s) for updating this PIA. Choose from the following options. |
| |
Describe in further detail any changes to the system that have occurred since the last PIA. | The system name Risk Adjustment Payment Integrity Determination System (RAPIDS) to Research Accessible Products Innovation and Deployable Solutions (RAPIDS). The web application that was supporting Risk Adjustment was decommission. OIT, who owns the environment, has shifted priority to focus on 508 and Accessibility Research. | |
Describe the purpose of the system | The purpose of the Research Accessible Products Innovation and Deployable Solutions (RAPIDS) environment will be to explore and conduct pilots focused on improving and expanding Section 508 accessibility innovations. The environment will be used to explore assistive technologies, such as screen readers and text-to-speech software, as well as inclusive design practices that make products and services more usable for people with disabilities. The results will be used to inform CMS leadership, technical leads, and ADOs across the agency. | |
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | The system will use export data from CMS to conduct accessibility-focused NLP pilots, ingest and perform comprehensive analysis on AI pilot data, and perform root cause analysis to identify repeated and systemic issues which lead to component/vendor errors. Some examples of export data would include complaints and bug trackers. | |
Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | The purpose of the Research Accessible Products Innovation and Deployable Solutions (RAPIDS) environment will be to explore and conduct pilots focused on improving and expanding Section 508 accessibility innovations. The environment will be used to explore assistive technologies, such as screen readers and text-to-speech software, as well as inclusive design practices that make products and services more usable for people with disabilities. The results will be used to inform CMS leadership, technical leads, and ADOs across the agency. The environment is hosted in CMS Cloud AWS enclave and consists of a EC2 instance in a private subnet with the RHEL gold image for python analytics and an encrypted s3 bucket for any potential outputs. A VPC endpoint has also been created to ensure that any traffic between the instance and the bucket is private. Connection to the EC2 instance is facilitated through SSH and can only be accessed through the CMS VPN. There are no public facing components with URLs/IPs. Through collaboration with Accessibility team, access to complaints and bug trackers will be provided and stored within S3 bucket. | |
Does the system collect, maintain, use or share PII? | No | |
Users Explanation: Users of the system are data scientist that create AI pilots with accessibility data | ||
Administrators Explanation: Administrators would need access to configure the infrastructure needed for users and developers to create models and AI pilots. | ||
Developers Explanation: Developers (Contractors) are given developer privileges in order to develop AI models. | ||
Contractors Explanation: Direct contractors, in their roles as user, administrator or developer, may have access to data as described in those role explanations. |