Skip to main content

Salesforce Enterprise Integration

Date signed: 5/7/2025

PIA for Salesforce Enterprise Integration
PIA QuestionsPIA Answer
OPDIV:CMS
PIA Unique Identifier:P-7018499-298403
Name:Salesforce Enterprise Integration
The subject of this PIA is which of the following?Major Application
Identify the Enterprise Performance Lifecycle Phase of the system.Operate
Is this a FISMA-Reportable system?Yes
Does the system include a Website or online application available to and for the use of the general public?Yes
Identify the operator:Contractor
Is this a new or existing system?Existing
Does the system have Security Authorization (SA)?Yes
Date of Security Authorization12/6/2023
Indicate the following reason(s) for updating this PIA. Choose from the following options.PIA Validation (PIA Refresh/Annual Review)
Describe in further detail any changes to the system that have occurred since the last PIA.The Salesforce Enterprise Services is onboarding CCSQ-OMS onto the enterprise platform as a silo org. A Security Impact Analysis (SIA) has been completed for this onboard.  Additionally, orgs have migrated to Hyperforce (which has no impacts on this PIA and collection of data). 
Describe the purpose of the systemThe primary purpose of the Salesforce Enterprise Integration (SEI) system is to provide CMS Business Units (Component Organizations) with access to Salesforce. The integration of these shared services provides a Single Sign-On (SSO) capability by utilizing CMS Identity Management (IDM) solution, an Anti-Virus solution, and event monitoring and auditing by utilizing Salesforce Shield and ingestion of auditing data to CMS Splunk. The functional capabilities of shared services include Single Sign-On, Identity Proofing (remote and manual), Multi-Factor Authentication (MFA), malware detection, Anti-Virus (AV) scanning, and event monitoring/auditing. It should be noted that IDM is covered by their own Privacy Impact Assessment (PIA). AV scanning is utilized by all the Component Orgs that allows their users to upload or download documents.
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements)

The SEI system will collect and store identity provisioning data for user/IDM registration. This data is received from IDM during the authentication process. Once a user is created and provisioned in the Enterprise Org and Component Org, their credentials (User ID, Password, and MFA token) will allow them to access their downstream specific Component Org application. 

The type of user information/data collected and stored includes: first name, last name, email address, phone number, mailing address, postal code, state, EUA or IDM ID, user role, user type, email, company name, profile permissions, and last modified date.


SEI collects the taxpayer ID (TIN), which is associated with a business, not an individual person only when it is necessary and the business provides it for verification purposes.

The Component Orgs collects and stores the following PHI data:

Health Care Entity: This is collected to identify providers and verify their legal name against other important identifier data.

Provider Transition Access Number (PTAN): This is collected for reference when processing settlements/cases.

CMS Certification Number (CCN): This is used to verify Medicare/Medicaid certification for survey and certification, assessment-related activities and communications.

National Provider Identifier (NPI): This is collected and used to facilitate payments or reimbursements.

Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily.

The SEI system provides a set of CMS Shared Services to allow internal and external user access to CMS business unit/organization Salesforce systems also referred to as Component Orgs. In addition to SSO access services, it also provides Anti-Virus (AV) scanning and event monitoring/auditing. The primary intent of the Salesforce Enterprise Integration (SEI) system is to provide SSO access by utilizing CMS Identity Management (IDM), AV solutions, and to provide event monitoring and auditing via Splunk. 

SEI facilitates the Single Sign-On authentication for Users accessing the COs utilizing the IDM platform. SEI stores PII attributes which are passed from the IDM system via SAML assertion.

These attributes include name, phone number, email, and address and are stored in Salesforce objects as required data fields.


SEI collects the taxpayer ID (TIN), which is associated with a business, not an individual person only when it is necessary and the business provides it for verification purposes.

The Component Orgs collects and stores the following PHI data:

Health Care Entity: This is collected to identify providers and verify their legal name against other important identifier data.

Provider Transition Access Number (PTAN): This is collected for reference when processing settlements/cases.

CMS Certification Number (CCN): This is used to verify Medicare/Medicaid certification for survey and certification, assessment-related activities and communications.

National Provider Identifier (NPI): This is collected and used to facilitate payments or reimbursements.

Physical Security System personnel who access or use the system do not use any personal identifiers to retrieve records held in the system.

Does the system collect, maintain, use or share PII?Yes
Indicate the type of PII that the system will collect or maintain.
  • Name
  • Mother's Maiden Name
  • E-Mail Address
  • Phone Numbers
  • Taxpayer ID
  • Mailing Address
  • Other - First name, last name, phone number, postal code, state, company name, Health Care Entity, PTAN, CCN, NPI, User Role,  EUA/IDM ID, profile permissions and last modified date (from EUA/IDM).
Indicate the categories of individuals about whom PII is collected, maintained or shared.
  • Employees
  • Public Citizens
  • Business Partners/Contacts (Federal, state, local agencies)
  • Vendors/Suppliers/Contractors
How many individuals' PII in the system?50,000-99,999
For what primary purpose is the PII used?PII is used to create CMS user IDs and system accounts in IDM.
Describe the secondary uses for which the PII will be used (e.g. testing, training or research)PII is used to create CMS user IDs and system accounts in IDM.
Describe the function of the SSN.SSNs are not collected from individuals. 
Cite the legal authority to use the SSN.SSNs are not collected from individuals. 
Identify legal authoritiesā€‹ governing information use and disclosure specific to the system and program.The legal authority for this system is: 5 USC 301
Are records on the system retrieved by one or more PII data elements?No
Identify the sources of PII in the system: Directly from an individual about whom the information pertains

Online

Email

Identify the sources of PII in the system: Government Sources
  • Within the OPDIV
  • Other Federal Entities
  • Other - For the SEI SSO shared service, IDM is the source of PII in the system.
Identify the sources of PII in the system: Non-Government Sources
  • Members of the Public
  • Private Sector: No PII is shared with the private sector - PII will only be used by the applicable CMS business unit or Help Desk for assistance with system access (password resets, locked accounts, etc.).
Identify the OMB information collection approval number and expiration dateN/A
Is the PII shared with other organizations?No
Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason.PII is collected as part of the standard User onboarding and provisioning process via CMS IDM.  Acceptance of using IDM is considered an individual's acceptance to the collection of their personal information and users must acknowledge the privacy banner upon login to proceed with access to the system. 
Is the submission of the PII by individuals voluntary or mandatory?Voluntary
Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason.Individuals may not opt out of providing their personally identifiable information (PII). The submission of PII is a one-time process when a user registers and requests a user ID and CMS credentials to access the SEI system. 
Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained.A user will not be notified of changes to the system. A user's PII is submitted one time when they initially request a CMS user ID and access to the system. 
Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not.A user voluntarily submits and discloses their PII as part of a one-time process of obtaining a CMS user ID and requesting access to the system. If the user has questions or concerns during the system registration process, they can contact the applicable business unit Help Desk or representative, or they can contact the CMS Help Desk at (410)-786-2580.   
Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not.There are no processes in place to review PII contained in the system.  The PII is entered one time during the user registration process. The IDM system then stores the data. It may be referenced by the Help Desk for user validation when a user requests a password reset or their user ID is locked out. If the user has questions or concerns about the PII collected, they can contact the applicable business unit Help Desk or representative, or they can contact the CMS Help Desk at (410)-786-2580.  
Identify who will have access to the PII in the system and the reason why they require access.
  • Users: Application End Users require access and permission rights to enter and edit data to support CMS business needs, processes, and requirements.
  • Administrators: Salesforce Administrators require access and permission rights to create Salesforce Objects/Fields, Workflows, Screen, Validation rules and other configuration changes to support business needs, processes, and requirements.
  • Developers: Salesforce Developers require access and permission rights to build and maintain custom applications and workflows which support business needs, processes, and requirements.
  • Contractors: Direct CMS support contractors require access and permission rights to build and maintain custom applications and workflows to support business requirements and processes. Direct CMS support contractors sign CMS Non-Disclosure Agreements (NDA's).
Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII.Roles of users are clearly delineated in the Salesforce Operations and Maintenance Manual. The manual provides procedures for ascribing roles to users which is based on the individual's need to know for specific information in order to fulfill their job duties. This process includes administrators, developers, contractors, etc.
Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job.Role Based Access is granted to individuals who access the system in an effort to minimize the amount of data available to only that which is necessary to accomplish their specific job responsibilities.
Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained.All Centers for Medicare and Medicaid Services (CMS) employees and CMS contractors are required to complete mandatory security and privacy awareness training prior to gaining access to the CMS network, and to repeat the training at least annually in order to ensure that they are aware of their responsibilities for protecting the information being collected and maintained.
Describe training system users receive (above and beyond general security and privacy awareness training)CMS and contractor personnel with responsibilities regarding security, incident handling, and/or contingency activities are provided additional training and perform tabletop exercises that test their roles' responsibilities. Refresher training/exercises are repeated at least annually. Additional training includes Insider Threat Training and Role-based System Security Training, as needed.
Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices?Yes
Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules.SEI follows the CMS guidelines outlined here on records retention and destruction: CMS Records Schedule / Records and Information Management Policy
Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls.

Administrative: Users are provided with privacy training to understand how to properly handle and disclose privacy data.

Technical: role-based access has been employed by the application to ensure that users only have access to the data that is needed in the performance of the specific jobs.

Physical: Physical controls are administered by the Salesforce Data Center facility where the application will physically reside. The Salesforce facility has security guards and controlled access rooms with cipher locks to guard against unauthorized access.

Identify the publicly-available URL:CMS Identity Management Login Page
Does the website have a posted privacy notice?Yes
Is the privacy policy available in a machine-readable format?Yes
Does the website use web measurement and customization technology?Yes
Select the type of website measurement and customization technologies is in use and if is used to collect PII. (Select all that apply)
  • Session Cookies: Yes
Does the website have any information or pages directed at children under the age of thirteen?No
Does the website contain links to non-federal government website external to HHS?No

Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services

View all CMS PIAs