Statistical Analytical Software Enterprise Business Intelligence Cloud Platform
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services
Date signed: 4/27/2022
| PIA Questions | PIA Answers |
|---|---|
| OPDIV: | CMS |
| PIA Unique Identifier: | P-6593193-863421 |
| Name: | Statistical Analytical Software Enterprise Business Intelligence Cloud Platform |
| The subject of this PIA is which of the following? | Major Application |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | No |
| Is this a new or existing system? | New |
| Does the system have Security Authorization (SA)? | No |
| Planned Date of Authorization | 8/29/2022 |
| Describe the purpose of the system | The purpose of the Statistical Analytical Software Enterprise Business Intelligence Cloud Platform (this system) is to provide the Centers for Medicare & Medicaid Services (this agency) with an enterprise solution which will address these three key business areas: Business Intelligence Analytical Solutions/Policy Management, Program Management, and Operational Management for all divisions within this agency. This system will provide the Business Intelligence reports to aid this agency in detecting fraud and abuse, analyze trends in enrollment, claims and eligibility, and analyze the effectiveness of the Medicare Modernization Act program by allowing this agencies' employees and managers access to the Business Intelligence reports, data and Medicare Modernization Act program indicators. |
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | This system has access to multiple data sources that includes inpatient hospital, insurance, Medicare advantage and prescription drug coverage claims. In addition, this system has access to Biometric Identifiers, Medicare Beneficiary Entitlement, Provider reference information, Contracts for Plans, Employees, Public citizens, Business Partners Contacts, Vendors, Suppliers, Contractors, and Patient Drug data. The primary usage of this system is to provide the business user with the ability to report and/or analyze these data sources and any data which is collected. It may or may not contain Personally Identifiable Information and/or Protected Health Information data depending on the data being analyzed and/or reported on for Medicare and Medicaid. This information can include, but is not limited to beneficiary data, providers data, geographical data, drug data, claims history data, Medical Notes, Mailing Address, Name, Phone Numbers, Medical Record Number, Health Insurance Claim Number, User Identification, Password, Unique Physician Identification Number, Race, Sex, Diagnostic Codes, and Procedure Codes. This system utilizes this agency's Enterprise User Access system, which is covered by a separate Privacy Impact Assessment, for system user identification and authentication. The Enterprise User Access system is responsible for storing and maintaining user's credentials. This system stores user's credentials and validates users against the required job codes in order to grant the user access during their active session. All systems mentioned here has its own Privacy Impact Assessment and Authority to Operate. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | The purpose of this system is to provide this agency with an Enterprise Solution Business Intelligence reports to aid this agency in detecting fraud and abuse, analyze trends in enrollment, claims and eligibility, and analyze the effectiveness of the Medicare Modernization Act program by allowing this agency employees and managers to access the Business Intelligence reports, data and the Medicare Modernization Act program indicators. This system resides within the Amazon Web Services cloud. Access to this system interface is governed by this agency's Enterprise User Access system which processes and uses Lightweight Directory Application Protocol for the authentication procedures which is covered by a separate Privacy Impact Assessment. The primary usage of this system is to provide the business user with the ability to report and/or analyze these data sources and any data which is collected as a byproduct of this analysis. The type of data collected is dependent on the system being analyzed or reported on via this system. It may or may not contain Personally Identifiable Information and/or Protected Health Information data depending on the data being analysis and/or reported on for Medicare and Medicaid. The information types support the mission of the system utilizing this system functions. This information can include, but is not limited to beneficiary data, providers data, geographical data, drug data, claims history data, Medical Notes, Mailing Address, Name, Phone Numbers, Medical Record Number, Health Insurance Claim Number, User Identification, Password, Unique Physician Identification Number, Race, Sex, Diagnostic Codes, Biometric Identifiers and Procedure Codes. All systems mentioned here has its own Privacy Impact Assessment and Authority to Operate. |
| Does the system collect, maintain, use or share PII? | Yes |
| Indicate the type of PII that the system will collect or maintain. |
|
| Indicate the categories of individuals about whom PII is collected, maintained or shared. |
|
| How many individuals' PII in the system? | 100,000-999,999 |
| For what primary purpose is the PII used? | The primary usage of the system is to provide the business user with the ability to report and/or analyze these data sources and any data which is collected as a byproduct of this analysis. The type of data collected is dependent on the system being analyzed or reported on via this system. It may or may not contain Personally Identifiable Information and/or Protected Health Information data depending on the data being analysis and/or reported on for Medicare and Medicaid. The information types support the mission of the system utilizing the system functions. This system utilizes this agency's Enterprise User Access system, for system user identification and authentication. The Enterprise User Access system is responsible for storing and maintaining user's credentials. This system stores user's credentials and validates users against the required job codes in order to grant the user access during their active session. |
| Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | Not applicable |
| Describe the function of the SSN. | This system does not use Social Security Numbers. |
| Cite the legal authority to use the SSN. | Sections 226, 226A, 1811, 1818, 1818A, 1831, 1833(a)(1)(A), 1836, 1837, 1838, 1843, 1866, 1874a, 1875, 1876, 1881, and 1902(a)(6) of the Social Security Act (the Act). Title 42 of the United States Code (U.S.C.): 426, 426–1, 1395c, 1395i–2, 1395i–2a, 1395j, 1395l(a)(1)(A), 1395o, 1395p, 1395q, 1395v, 1395cc, 1395kk–l, 1395ll, 1395mm, 1395rr, 1396a(a)(6), and § 101 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108–173). Section 10332 of the Patient Protection and Affordable Care Act (ACA). |
| Identify legal authorities governing information use and disclosure specific to the system and program. | Sections 226, 226A, 1811, 1818, 1818A, 1831, 1833(a)(1)(A), 1836, 1837, 1838, 1843, 1866, 1874a, 1875, 1876, 1881, and 1902(a)(6) of the Social Security Act (the Act). Title 42 of the United States Code (U.S.C.): 426, 426–1, 1395c, 1395i–2, 1395i–2a, 1395j, 1395l(a)(1)(A), 1395o, 1395p, 1395q, 1395v, 1395cc, 1395kk–l, 1395ll, 1395mm, 1395rr, 1396a(a)(6), and § 101 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Pub. L. 108–173). Section 10332 of the ACA. 5 U.S.C. Section 301, Departmental Regulations. |
| Are records on the system retrieved by one or more PII data elements? | No |
| Identify the sources of PII in the system: Directly from an individual about whom the information pertains | Other - Integrated Data Repository and other Centers for Medicare & Medicaid Services systems. Government Sources - Within the Operations Division. |
| Identify the sources of PII in the system: Government Sources |
|
| Identify the sources of PII in the system: Non-Government Sources | Members of the Public |
| Identify the OMB information collection approval number and expiration date | Not applicable. This system does not handle the collection of any information, it only acts as a pass-through for data from one system to another. |
| Is the PII shared with other organizations? | No |
| Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | Not applicable. This system does not handle the collection of any information, it only acts as a pass-through for data from one system to another. Notice is responsibility of the Integrated Data Repository, government sources within the Operations Division, and other Centers for Medicare & Medicaid Services systems that utilizes this system which is covered by a separate Privacy Impact Assessment. |
| Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
| Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | Not applicable. Providing the method for opt-out is the responsibility of the Integrated Data Repository, government sources within the Operations Division, and other Centers for Medicare & Medicaid Services systems that utilizes this system which is covered by a separate Privacy Impact Assessment. |
| Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | Since this system is only a pass-through of the data and does not store the data within its security boundary, there is no notification mechanism. This process for notifying and obtaining consent lies with the Integrated Data Repository and these systems are covered by separate Privacy Impact Assessments. |
| Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | The data that this system passes from one system to another is not owned or housed by this system. Any concerns an individual may have with the data would be handled by the data's system owner. |
| Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | This system does not store any Personal Identifiable Information data. It acts as a pass-through of the data. |
| Identify who will have access to the PII in the system and the reason why they require access. |
|
| Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | Access to Personal Identifiable Information is managed by the Enterprise User Access system's job code assigned to each user. The job codes dictate the permissions to access Personal Identifiable Information based on the principal of 'least privilege'. This system Business Owner approvers are responsible for providing access through the Enterprise User Access system's job codes. All systems mentioned here has its own Privacy Impact Assessment and Authority to Operate.
|
| Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | This agency's applications that uses this system has separate job codes assigned to the system users. Only users with approved Enterprise User Access job codes are granted access to the specified for this systems segment and each segment has different access levels, based on role based access control. This system Business Owner approvers are responsible for approving the Enterprise User Access job codes. |
| Identifying training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | This agency's employees and direct contractors, who access this agency's applications are required to take the annual Security and Privacy Awareness Training and recertify the training each year. At the end of the training course, a test is taken to verify the completion of the training. |
| Describe training system users receive (above and beyond general security and privacy awareness training) | Not Applicable |
| Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
| Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | This system follows this agencies Records Schedule published in the National Archives and Records Administration General Records Schedule. DAA-GRS-2013-0006-0003 is used stating to "Destroy 1 year(s) after user account is terminated or password is altered or when no longer needed for investigative or security purposes, whichever is appropriate." |
| Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | The administrative controls are: the Enterprise User Access system is leveraged for user authentication and authorization services and conducts annual recertification of user access and privileges, access is disabled when no longer needed; and users are deactivated after 60 days of inactivity. There is also training required for use of the system. Technical protection is achieved through firewalls and intrusion detection systems; continuous monitoring for system usage and unexpected or malicious activity; the configuration of specialty hardware and the use of encryption, including full disk encryption of laptops and workstations. The system's physical security controls consist of restricted access and environmental protections. Which consists of protected cooling and power sources. Access to this area is recorded, and restricted only to authorized personnel and appropriate security clearance. Facility access is controlled using badge access card reader. All systems mentioned here has its own Privacy Impact Assessment and Authority to Operate. |