Privacy Impact Assessment - Safety and Health Information Management System-Applications and Database Management System (SHIMS-ADMS)
SHIMS-ADMS System Overview
The U.S. Department of Treasury Safety and Health Information Management System (SHIMS) is a web-based system for electronically filing Federal Employee Compensation Act (FECA) claims relating to job-related injuries and for processing those claims for electronic transmission to the Department of Labor’s Office of Workers’ Compensation Programs.
Systems of Records Notice (SORN)#:
DOL/GOVT-1DOL/GOVT-1 Office of Workers' Compensation Programs, Federal Employees' Compensation Act File (April 8, 2002, 67 FR 16815)
Data in the System
Describe the information (data elements and fields) available in the system in the following categories:
Taxpayer
Employee
Audit Trail Information (including employee log-in info)
Other (Describe)
Taxpayer - None
Employee - SHIMS-ADMS is a collection of Microsoft Access applications (modules) that process and consolidate raw data (claims relating to job-related injuries). Some of the modules contain Sensitive But Unclassified (SBU) or Personal Identifying Information (PII) data while others may not. Employees access data within the modules listed below with their unique user name. Below is a list of modules that may contain privacy information.
CompensationExtract.mdb and Compen-sationExtract4TIGTA.mdb contain:
Federal Employee Compensation Act (FECA) payment information regarding job-related injury claims for IRS and Treasury Inspector General For Tax Administration (TIGTA) claimants
These modules do not contain Sensitive but Unclassified information (SBU) or Personal Identifying information (PII) data
Payments.mdb and Payments4TIGTA.mdb contain:
FECA medical payment information for IRS and TIGTA payments
Continuation of Pay (COP) COP.mdb and COP4TIGTA.mdb contain:
Continuation of regular pay such as hours of Continuation of Pay (COP) and dollars of COP information for IRS and TIGTA claimants
These modules do not contain SBU or PII data
New Claimant Data and Data for TIGTA
NewClmData.mdb and NewClm-Data4TIGTA.mdb (for each IRS and TIGTA claim) contain:
claimant names (full name)
home addresses
date of births (DOBs)
Social security numbers (SSNs)
SBU/PII data in these modules derive from claimant input
CaselogMerger.mdb, New Workers’ Compensation Center (WCC)
NewWCCReport.mdb,COPEligibilityUpdate-ScriptGenerator.mdb, RecordDeletions&- Conversion.mdb (for each IRS and TIGTA claim) contains:
claimant names (full name)
home addresses
DOBs
SSNs
WCCFileMaster.mdb, NewCaselog.mdb and New Leave Buy-Back Tracking (LBB) NewLBBTrckng.mdb
claimant names (full name)
SSNs for each IRS and TIGTA claim
NewInventory.mdb contains:
listings of active claims and names for WCC case managers
claimant names (full name)
New Claims for Compensation Seven Tracking New Inspection Log and Hearings & ReviewNewCA7Tracking.mdb, NewInspLog.mdb and Hearings&Review.mdb (for each IRS and TIGTA claim) contains:
claimant names (full name)
SSN
New Cost Avoidance and Case Log Table Source for Management Staff Applications NewCstAvdnc.mdb and CaselogTable-Source4ManagementStaffApplications-.mdb (for each IRS and TIGTA claim) contain:
claimant names (full name)
DOBs
SSNs
BangleDatabase.mdb, CorbinDatabase-.mdb, EasterDatabase.mdb, Greene-Database.mdb SmithDatabase.mdb, SumlinDatabase.mdb, and Wiley-Database.mdb (for each IRS and TIGTA claim) contain:
claimant names (full name)
DOBs
SSNs
CaseReviewResults.mdb for each IRS and TIGTA claim) contains:
SSNs
Claimant Names (full name)
Local Application Updater,SHIMS Record Deletion & Conversion Module, SHIMS Record Deletion & Conversion Module for IRS and SHIMS Record Deletion & Conversation Module for TIGTA
LocalApplicationUpdater.mdb, SHIMS RecordDeletion&ConversionModule.mdb, SHIMSRecordDeletion&ConversionModule 4IRS.MDB, and SHIMSRecordDeletion&ConversationModule4TIGTA.MDB (for each IRS and TIGTA claim) contain:
claimant names (full name)
SSNs
DOBs
home addresses
Employee Building Codes
EmployeeBldgCodes.mdb contains:
IRS employee SSNs
EmployeeCountSummary.mdb contains:
SSNs
DOBs
other IRS employee demographic information such as grade, occupation, appointment type, work schedule, etc.
New Quarterly Reports
NewQReports.mdb (for each IRS claim) contains:
claimant names (full name)
SSNs (the general output list contains the last four digits of the employee SSN)
DOBs
home addresses
the output from this module does not contain SBU/PII data
NewBusinessUnitReports.mdb and New WCCServiceMeasuresReport.mdb (for each IRS claim) contain:
claimants names (full name)
home addresses
DOBs
SSNs
the output from these modules does not contain SBU/PII data, but SBU/PII are in the source tables
Office for Workers Compensation Program Chargeback for Chief Financial Officer OWCPChargeback4CFO.mdb and COPExceptionReconciliation.mdb (for each IRS and TIGTA claim) contain:
claimant names (full name)
home addresses
DOBs
SSNs
the output from this module contains no SBU/PII data.
SHIMSAutoPopulate&QuarterlyHoursTable
Cleanup.mdb and AnnualFileDestruction
.mdb (for each IRS and TIGTA claim) contain:
claimant names (full name)
home addresses
DOBs
SSNs
End of the Year Reset for COP & Compensation Extract & Payments
EOYReset4COP&CompensationExtract&Payments.mdb, FY2002ClaimData.mdb, FY2003ClaimData.mdb, FY2004ClaimData-.mdb, FY2005ClaimData.mdb, and FY2006-ClaimData.mdb (for each IRS and TIGTA claim) contain:
claimant names (full name)
home addresses
DOBs
SSNs
Audit Trail Information (including employee log-in info) - SHIMS-ADMS does not implement any auditing capabilities. The system is used for consolidating, analyzing, and reporting on data within SHIMS. Auditing capabilities were never incorporated because of limited resources and complexity of the system and use.
However, Treasury’s SHIMS (the system from which SHIM-ADMS retrieves data extracts) does utilize audit trail functionality and tracks edits made to records.
Other (Describe) - None
Describe/identify which data elements are obtained from files, databases, individuals, or any other sources.
IRS
Taxpayer
Employee
Other Federal Agencies (List agency)
State and Local Agencies (List agency)
Other third party sources (Describe)
IRS - None
Taxpayer - None
Employee - Treasury SHIMS provides all information on employees. IRS employees do not directly provide any information in the system.
Other Federal Agencies - SHIMS-ADMS retrieves data extracts from the U.S. Department of Treasury’s SHIMS application.
State and local agencies (list agency) - None
Other third party sources (Describe) - None
Is each data item required for the business purpose of the system? Explain.
Yes. Each data item is required in order to track FECA concerning job related issues and for processing those claims for electronic transmission to the Department of Labor’s Office of Workers’ Compensation Program.
Is there another source for the data? Explain how that source is or is not used.
No. While the data in SHIMS-ADMS is derived from the Department of the Treasury’s Safety and Health Information Management System (SHIMS), that system provides no means for data analysis and aggregate tracking of cost and lost production days. Consequently, the raw data must be extracted and downloaded from SHIMS for analysis, reporting, and tracking using SHIMS-ADMS.
SHIMS-ADMS is neither interconnected nor shares information with any additional internal systems that require information flow enforcement. The only information flowing into the system is provided through data extract files downloaded from the Treasury’s SHIMS system. These data extract files are placed into a folder of the dedicated workstation at the WCC. The processes on the dedicated workstation consolidate this data and place it into modules residing on the shared file server. These modules are accessed by WCC HR Analysts.
Generally, how will data be retrieved by the user?
Normal use of applications/modules located on the shared resource server does not provide for downloading or extracting tables. The database window on these components is hidden from the user. Users can retrieve data by downloading records, which can include PII data, from SHIMS-ADMS to laptops only by going “behind” the menus and unhiding the database window in order to access any of the tables. Furthermore, policy followed at the WCC requires that no SBU/PII data is to be stored on laptops that leave the WCC. All PII that is transmitted throughout the system is permitted in support of the purpose of the system.
Is the data retrievable by a personal identifier such as name, SSN, or other unique identifier?
Yes. The data is retrievable by a unique user name and can be queried using a social security number, name, etc. Access to the WCC network is granted by obtaining an IRS LAN account through the OL5081 authorization process.
Access to the Data
Who will have access to the data in the system (Users, Managers, System Administrators, Developers, Others)?
Access to SHIMS-ADMS is limited to the DS/SER_EWCC USERS group and MITS network administrators. The DS/SER_EWCC USERS group consists of WCC staff (all of whom are IRS employees) and the WCC contractor physician who has “staff-like” privileges. The SHIMS-ADMS administrator and back-up administrator are both members of the WCC staff
Data extracts from Treasury’s SHIMS can only be entered into SHIMS-ADMS by the SHIMS-ADMS administrator and the administrator’s back-up, who are the only individuals within the WCC with rights for downloading data extracts from Treasury’s SHIMS. Any other capabilities for entering data from the administrative modules of SHIMS-ADMS are restricted to those individuals with access to the dedicated workstation at the WCC, which was set up for the purpose of application administration. SHIMS-ADMS provides limited user input capabilities, and these changes are current to the weekly data loaded from the Treasury’s SHIMS extracts. Only users with access to the shared file server can use these capabilities. Limited data entry is associated with the following processes:
Checking physical case folders in and out of the case library
CA7 Claim for compensation
Removal of duplicate cases
Changing a claim to an incident
SHIMS-ADMS users and the WCC staff are able to look up and read information within the application. In some cases, the user has write capability, the ability to enter tracking numbers, query, view and physically check out case folders.
A user list is maintained that contains an archive of current and inactive user names. A request for user access to the system is submitted to the system administrator of accounts and the user is then granted authorization to the system.
Remote access to PII in SHIMS-ADMS can be achieved through Enterprise Remote Access Project (ERAP), which leverages IPSec-based Virtual Private Network (VPN) technology.
How is access to the data by a user determined and by whom?
Access to SHIMS-ADMS is restricted through access to the WCC network. Access to the WCC network is granted by obtaining an IRS Local Area Network (LAN) account through the OL5081 authorization process. The OL5081 authorization process ensures that each user has their own unique user name and that there are no shared accounts.
Users are required to complete an OL5081, Information System User Registration/Change Request Form, which lists mandatory rules for users of IRS information and information systems. When a user has been approved for access to the application by his/her manager, the OL5081 system sends an email to the user, providing an approval notification. The user then logs into the OL5081 system, reads the Rules of Behavior, and provides an “electronic signature,” acknowledging that he/she has read, understands, and agrees to abide by the Rules of Behavior. Authorization for the system must be revalidated annually, and if not, within 45 days OL5081 is triggered and the system administrator of accounts receives notice to automatically delete the user’s access.
Anyone in the WCC who is provided with a laptop and has access to SHIMS-ADMS receives their laptop through an authorized assignment provided by management. Laptop users are trained in the use and application of encryption and encrypting PII/SBU information and acknowledge their awareness of these requirements with their signature
All staff that has access to SHIMS-ADMS has background clearances, authorized access to the WCC network and authorized access to the source system, Treasury’s SHIMS.
The contractor that has access to Treasury SHIMS and SHIMS-ADMS has an active OL 5081 initiated to receive a LAN account. On or about February 2002, the contractor received the same background investigation performed by TIGTA for IRS employees. The background investigation provides the contractor un-escorted access to the facility and access to information systems.
The contractor’s background investigation is a “moderate” risk level. The contractor’s role as a Human Resource Analyst/End User provides the contractor with access to the data.
A background investigation is required every 5 years. In 2007, the contractor’s next background investigation is required.
Do other IRS systems provide, receive, or share data in the system? If YES, list the system(s) and describe which data is shared. If NO, continue to Question 12.
No. SHIMS-ADMS does not receive or share data with any IRS systems.
Have the IRS systems described in Item 10 received an approved Security Certification and Privacy Impact Assessment? Not applicable.
Will other agencies provide, receive, or share data in any form with this system?
Yes. SHIMS-ADMS receives data extracts from the Treasury SHIMS application via manual downloads. The SHIMS-ADMS administrator has an account on the Treasury’s SHIMS application, which was acquired through the OL5081 process. Once logged into Treasury’s SHIMS, data extracts in the form of pipe-delimited text files are acquired through data extract functions provided by the Treasury SHIMS application. The data extracts are loaded into the server and are imported into SHIMS-ADMS using custom-coded macros for importing data in the application. Using the Treasury’s SHIMS data, SHIMS-ADMS modules on this server build tables and push them out to the shared modules on the server for use by WCC staff.
Administrative Controls Data
12. What are the procedures for eliminating the data at the end of the retention period?
SHIMS-ADMS follows Treasury SHIMS data retention procedures. They are as follows:
All case files and automated data pertaining to a claim are destroyed 15 years after the case file has become inactive. Case files that have been scanned to create electronic copies are destroyed after the copies are verified. Automated data is retained in its most current form only, however, and as information is updated, outdated information is deleted. SHIMS-ADMS does not follow an IRM guiding data retention procedures.
Will this system use technology in a new way? If "YES" describe. If "NO" go to Question 15.
No. This system will not use technology in a new way.
Will this system be used to identify or locate individuals or groups? If so, describe the business purpose for this capability.
Yes. The system will be used to identify and locate individual worker’s compensation claims in order to track the current status of those claims. This system will not be used to locate claimants by groups.
Will this system provide the capability to monitor individuals or groups? If yes, describe the business purpose for this capability and the controls established to prevent unauthorized monitoring.
Yes. SHIMS-ADMS tracks but does not monitor the status of cases. Case managers will query for case records to check, for instance, the case status and a list of active cases. Tracking cases enables case workers to see whether cases are closed, need to be updated, or reopened due to employee recurrences.
Can use of the system allow IRS to treat taxpayers, employees, or others, differently? Explain.
No. SHIMS-ADMS is not used to make any determinations about individual claims. Its function is to facilitate tracking of inventory and reporting aggregate information about costs and trends. SHIMS-ADMS does not track any taxpayer information – only IRS FECA claimant information.
The SHIMS-ADMS system is an inventory of worker’s compensation claims. The system does not make conclusions on the validity of a claimant’s claim. SHIMS-ADMS is only an inventory tool. The information cannot be used to make determinations that will result in a negative outcome against a taxpayer.
Does the system ensure "due process" by allowing affected parties to respond to any negative determination, prior to final action?
The IRS WCC has no authority to make positive or negative information regarding FECA claims. Such determinations are made only by the Department of Labor’s Office of Workers’ Compensation Programs based on data entered into the Department of the Treasury’s Safety and Health Information Management System (SHIMS) and forwarded to DOL/OWCP via electronic data interchange.
When DOL/OWCP makes a negative determination, claimants have statutory review and appeal rights. When DOL/OWCP makes determinations (be they initial or pursuant to subsequent review or appeal), those determinations are then reflected in SHIMS via its weekly DOL/OWCP data upload. When information changes in SHIMS, those changes are then reflected in SHIMS-ADMS via its weekly data refreshment. SHIMS-ADMS simply contains a subset of data contained in SHIMS.
SHIMS-ADMS follows Treasury SHIMS “due process” policies by allowing affected parties an opportunity to respond to any negative determination. They are as follows:
Specific materials in this system have been exempted from certain Privacy Act provisions regarding the amendment of records. The section of this notice entitled “Systems Exempted From Certain Provisions of the Act,'' indicates the kind of materials exempted, and the reasons for exempting them. Any individual requesting amendment of non-exempt records should contact the appropriate OWCP district office, or the system manager. Individuals requesting amendment of records must comply with the Department's Privacy Act regulations at 29 CFR 71.1 and 71.9, and with the regulations found at 20 CFR 10.12 (1999).
If the system is web-based, does it use persistent cookies or other tracking devices to identify web visitors?
No. SHIMS-ADMS is not a web-based system.
| 
