Warehouse Librarian
Date signed: 4/10/2025
| PIA Questions | PIA Answers |
|---|---|
| OPDIV: | CMS |
| PIA Unique Identifier: | P-3497175-446922 |
| Name: | Warehouse Librarian |
| The subject of this PIA is which of the following? | Major Application |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | No |
| Identify the operator: | Agency |
| Is this a new or existing system? | Existing |
| Does the system have Security Authorization (SA)? | Yes |
| Date of Security Authorization | 9/10/2024 |
| Indicate the following reason(s) for updating this PIA. Choose from the following options. |
|
| Describe in further detail any changes to the system that have occurred since the last PIA. | Warehouse Librarian (WL) was upgraded to enable encryption for Data at Rest (DAR) and Data in Transit (DIT). WL was also moved from the Baltimore Data Center (BDC) to the Ashburn Data Center (ADC). |
| Describe the purpose of the system | The Centers for Medicare & Medicaid Services (CMS) warehouse maintains an inventory of publications, forms, manuals, and commodity items. Providers, intermediaries, advocacy groups, CMS employees, and other government agencies order these items on a daily basis, at no cost to them. Warehouse Librarian (WL) is a Commercial Off-The-Shelf (COTS) system that provides hardware and software support for the storage and retrieval of these items. The WL system receives requests for stock from three sources via CMS EFT (Electronic File Transfer) from CMS Product Ordering Website (POW), and via "Hot Picks". “Hot Picks” is the same process as the automated orders entering WL but entered manually into WL. "Hot Picks" are high priority orders that are entered into WL by warehouse staff. These requests are received internally and are input into WL.
|
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | Warehouse Librarian (WL) temporarily stores names, mail location/addresses, and telephone numbers (optional) of internal and external CMS customers for their account information and details, such as product type request and quantities, about their orders from external systems. No payment information is included in the system as CMS provides the order materials at no cost to the requesting organization. The Warehouse Librarian system is a COTS product that manages CMS warehouse inventory (forms, publications, misc. items) and warehouse orders for those items. The system only uses order numbers to retrieve records and orders. PII is not used to retrieve orders or records in this system. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | The Warehouse Librarian system is a COTS product that manages CMS warehouse inventory (forms, publications, misc. items) and warehouse orders for those items. The external orders originate from the Product Ordering Website (POW). The Product Ordering Website receives orders from hospitals, medical offices, and other medical providers for CMS publications and Forms. These orders are sent through the CMS Electronic file transfer (EFT) process that is maintained by Leidos (manages the Ashburn Data Center) and CMS Office of Information Technology (OIT) staff. The data is encrypted as it arrives and the EFT server places the encrypted data into the WL CONAP212 server. The EFT transfer process is a temporary connection between the POW EFT server and the WL Server and its system. The first elements are the Business Name and mailing address for the businesses that order publications and forms that are processed in the Warehouse Librarian program. The collection of this information enables orders to be processed, packed, and shipped. The system maintains the information until the order is picked from the carousel, then packed into boxes, and a label attached to the box. Then the data is deleted from the system. The second elements are the Usernames and passwords of CMS employees and direct contractors which are used to control access to the Warehouse Librarian software. The usernames and passwords tell the system what areas of the software the user has access to. Permission levels are set for each user (administrator, carousel user, bulk user). |
| Does the system collect, maintain, use or share PII? | Yes |
| Indicate the type of PII that the system will collect or maintain. |
|
| Indicate the categories of individuals about whom PII is collected, maintained or shared. | Employees |
| How many individuals' PII in the system? | 100-499 |
| For what primary purpose is the PII used? | There are two types of PII elements with the Warehouse Librarian system. The first elements are the Business Name and mailing address for the businesses that order publications and forms that are processed in the Warehouse Librarian program. The collection of this information enables orders to be processed, packed, and shipped. The system maintains the information until the order is picked from the carousel, then packed into boxes, and a label attached to the box. Then the data is deleted from the system. The second elements are the Usernames and passwords of CMS employees and direct contractors which are used to control access to the Warehouse Librarian software. The usernames and passwords tell the system what areas of the software the user has access to. Permission levels are set for each user. (administrator, carousel user, bulk user). |
| Describe the secondary uses for which the PII will be used (e.g. testing, training or research) | N/A |
| Describe the function of the SSN. | N/A |
| Cite the legal authority to use the SSN. | N/A |
| Identify legal authorities governing information use and disclosure specific to the system and program. | 42 CFR 401.101–401.148 and 1106(a) of the Social Security Act, 42 U.S.C. 1306(a); 5 U.S.C. 301, Departmental Regulations. |
| Are records on the system retrieved by one or more PII data elements? | No |
| Identify the sources of PII in the system: Directly from an individual about whom the information pertains |
|
| Identify the sources of PII in the system: Government Sources |
|
| Identify the sources of PII in the system: Non-Government Sources |
|
| Identify the OMB information collection approval number and expiration date | N/A |
| Is the PII shared with other organizations? | No |
| Describe the process in place to notify individuals that their personal information will be collected. If no prior notice is given, explain the reason. | If there is a change in how customer's PII are used, policies will be updated on the CMS system, POW, where the customer provides account information (this is a separate system from WL and outside of its scope). WL receives extract files from POW. When customers place an order, they agree to have their names, business shipping addresses, telephone numbers and account information stored. They are also notified that names and shipping addresses will be needed for orders (if they don’t agree, they can elect not to place the order). The customer's telephone number is optional to enter but, if entered it is considered PII. |
| Is the submission of the PII by individuals voluntary or mandatory? | Voluntary |
| Describe the method for individuals to opt-out of the collection or use of their PII. If there is no option to object to the information collection, provide a reason. | They are notified by another CMS system, POW, that their names and shipping addresses are needed for orders. The customer's telephone number is optional. If they don't agree, they can elect not to place an order. CMS employee user credentials are essential to performing their job duties and cannot be opted out of providing this information. POW is covered under the CMS Internet Services Privacy Impact Assessment (PIA), which can be found at Internet Services PIA PDF |
| Describe the process to notify and obtain consent from the individuals whose PII is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changes since the notice at the time of original collection). Alternatively, describe why they cannot be notified or have their consent obtained. | WL is a COTS product and the data use and disclosure will not change. If the system were to change, customers would be notified via mail before they start the ordering process. |
| Describe the process in place to resolve an individual's concerns when they believe their PII has been inappropriately obtained, used, or disclosed, or that the PII is inaccurate. If no process exists, explain why not. | There is no direct collection of PII within the WL system. All PII is collected outside of the WL system and passed to it via another CMS system, POW. The PII is stored in WL for 180 days The requestor is able to verify that their PII is correct before submitting to POW. POW is covered under the CMS Internet Services PIA which can be found Internet Services PIA PDF |
| Describe the process in place for periodic reviews of PII contained in the system to ensure the data's integrity, availability, accuracy and relevancy. If no processes are in place, explain why not. | The PII cannot be improperly or inadvertently destroyed because only system users are responsible for entering the requestor's account information. The data within POW is downloaded into a flat file, transferred to EFT, and downloaded to into WL. There is no way for WL to ensure that POW has passed the correct data as this is the responsibility of the POW system. The requestor can verify that their PII is correct via POW before submitting through POW. Once the requestor inputs information into POW, the information cannot be changed. They are given the opportunity to make changes before submitting. The orders cannot be changed by any other person. The orders are sent to Warehouse Librarian by a flat file, which cannot be altered. Once an order is complete, the information is only retained for a defined period after orders are shipped and then purged from the system on a defined schedule. |
| Identify who will have access to the PII in the system and the reason why they require access. |
|
| Describe the procedures in place to determine which system users (administrators, developers, contractors, etc.) may access PII. | The WL system has role-based access as required by the CMS Acceptable Risk Safeguards (ARS). Only CMS authorized users, administrators, developers, and contractors are allowed to access PII. Roles are defined for each type of user and assigned by the WL System Administrator. |
| Describe the methods in place to allow those with access to PII to only access the minimum amount of information necessary to perform their job. | The WL system enforces role-based privileges to users and this limits their access to the minimum amount of information necessary to perform their job. System and network access are limited to CMS employees and contractors with properly issued credentials. |
| Identify training and awareness provided to personnel (system owners, managers, operators, contractors and/or program managers) using the system to make them aware of their responsibilities for protecting the information being collected and maintained. | Every CMS employee and contractor must take the CMS Computer Based Training as well as the privacy awareness training every year to ensure the awareness of everyone's responsibility to the system and CMS. |
| Describe training system users receive (above and beyond general security and privacy awareness training) | The system maintainers are responsible for training individuals on the system. When a new employee is hired, they are trained on how to use the carousel to retrieve items, how to go into the system to retrieve request and mark for completion. There is no additional security awareness or privacy training needed beyond what is required for all CMS employees to access WL. |
| Do contracts include Federal Acquisition Regulation and other appropriate clauses ensuring adherence to privacy provisions and practices? | Yes |
| Describe the process and guidelines in place with regard to the retention and destruction of PII. Cite specific records retention schedules. | The WL processes in place with regard to the retention and destruction of data are in accordance with the General Records Schedules (GRS) 5.2 Item 20. Disposition Authority: DAA-GRS-2017-0003-0002. Destroy upon verification of successful creation of the final document or file, or when no longer needed for business use, whichever is later. GSR 5.2 Item 010. Disposition Authority: DAA-GRS-2013-0007-0012 Destroy when no longer needed for business use, or according to an agency predetermined time period or business rule. |
| Describe, briefly but with specificity, how the PII will be secured in the system using administrative, technical, and physical controls. | All CMS Systems are subject to Rules of Behavior agreements and security protocols. The information can only be accessed by authorized personnel. Computers are only accessed by employees with PIV cards and a password created by the user. CMS also has firewalls and security measures in place to protect unauthorized users from accessing CMS systems. The system itself is on a private isolated network which is only accessible from a guarded location in the CMS warehouse, which is locked up during non-business hours. The identification of everyone that enters the facility as well as the warehouse is checked. |
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services