Primavera ProSight Form Report

Font Size Print Download Reader HHS Home|HHS News|About HHS

06.3 HHS PIA Summary for Posting (Form) / Health Care Quality Improvement Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-06-01-1030-00 009-38-01-06-01-1010-00

4. Privacy Act System of Records (SOR) Number: 09-70-0528, 09-70-0521, 09-70-0565, 09-70-0520, 09-70-0531, 09-70-0543, 09-70-0591, 09-70-0574, 09-70-0519, 09-70-0522, 09-70-0512, 09-70-0593, 09-70-0594, 09-70-0598, 09-70-0575, 09-70-0569, 09-70-0573, 09-70-0580, 09-70-0584

5. OMB Information Collection Approval Number: 0938-0581

6. Other Identifying Number(s): N/A

7. System Name: Health Care Quality Improvement System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dennis Stricker

10. Provide an overview of the system: The Consolidated Renal Operations in a Web-enabled Network (CROWN) will facilitate the collection and maintenance of information about the Medicare End Stage Renal Disease (ESRD) program.

CROWN is being developed to modernize the collection and retrieval of ESRD data in a secure, Web-enabled environment. The new capabilities will allow dialysis facilities to enter information electronically and transmit it to the appropriate ESRD Network, and CMS also will be able to send feedback to the Networks and the facilities through the new environment. CROWN consists of the following major modules:

The Vital Information System to Improve Outcomes in Nephrology (VISION), which will support electronic data entry and encrypted transmission of ESRD patient and facility data from dialysis facilities.

The ESRD Standard Information Management System (SIMS) supports the business processes of the ESRD Network Organizations.

The Renal Management Information System (REMIS) which determines the Medicare coverage periods for ESRD patients and serves as the primary mechanism to store and access ESRD patient and facility information.

The ESRD Program was established in 1972 pursuant to the provisions of 299I, Public Law 92–603. Notice of this system, ESRD/PMMIS was published in a Federal Register at 53 FR 62792 (Dec. 29, 1988), 61 FR 6645 (Feb. 21, 1996) (added unnumbered SSA use), 63 FR 38414 (July 16, 1998) (added three fraud and abuse uses), and 65 FR 50552 (Aug. 18, 2000) (deleted one and modified two fraud and abuse uses).

The Standard Data Processing System (SDPS) consists of many data and reporting requirements and was designed and developed in response to the ongoing information requirements of the Quality Improvement Organizations (QIOs) and other affiliated partners, such as the Clinical Data Abstraction Centers (CDACs) to fulfill their contractual requirements with CMS. This system, which became operational in May 1997, interfaces with CMS Central Office, 53 QIOs and CDACs.

This legislation is under Title XI of the Social Security Act, Part B, as amended by the Peer Review Improvement Act of 1982.

QIES encompasses systems that provide data collection, management reporting, provider feedback and national warehousing. QIES is divided into four primary areas: Assessment management report feedback; Quality Indicator/Quality measure surveillance and feedback; and the National QIES repository and CASPER reporting system.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: This question seeks to identify any, and all, personal information associated with the system. This includes any IIF, whether or not it is subject to the Privacy Act, whether the individuals are employees, the public, research subjects, or business partners, and whether provided voluntarily or collected by mandate. Later questions will try to understand the character of the data and its applicability to the requirements under the Privacy Act or other legislation

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Consolidated Renal Operations in a Web-Enabled Environment (CROWN) is a Major Application (MA) whose purpose is to facilitate the collection and maintenance of information about the Medicare ESRD program, its beneficiaries, and the services provided to beneficiaries. The major CROWN applications provide support for CMS organizational business processes by conducting activities that meet the following CMS goals for the ESRD program:

Improve the quality of health care service and quality of life for ESRD beneficiaries;

Improve data reliability, validity, and reporting among ESRD providers/facilities, Networks and CMS (or other appropriate agency).

Establish and improve partnerships and cooperative activities among and between the ESRD Networks, Quality Improvements Organization (QIOs), State survey agencies, ESRD providers/facilities, ESRD facility owners, professional groups, and patient organizations.

Each participating ESRD facility and network will be required to have a workstation with a minimum system configuration as specified by QualityNet Exchange. QualityNet Exchange will provide the ability for ESRD Networks to securely exchange multiple types of data files such as MSWord, Excel, Text, and PowerPoint, in real-time via the Internet. These files could be used for letters, static reports, comparative clinical data, and general information.

Additionally, QualityNet Exchange will provide an interactive, secure web site that will allow End Stage Renal Disease (ESRD) Facilities to transmit electronic patient data to their corresponding ESRD Network. ESRD Networks will use the QualityNet Exchange to transmit "seed" patient databases to Facilities, receive electronic patient data files from Facilities, and provide feedback to Facilities regarding data transmission. QualityNet Exchange will be responsible for routing files to/from the appropriate ESRD Facilities and Networks and ensuring that each Facility and Network can only access their data files.

REMIS will allow users to view ESRD beneficiary and provider information from the eighteen ESRD Network organizations housed in the Standard Information Management System (SIMS) Central Repository.

Internal users:

· ESRD Networks

· CMS OCSQ staff (i.e., the Analysts)

· Application Administrators (i.e., Supervisors, etc.)

· System Administrators (i.e., DBA’s)

· Other CMS users (i.e., Actuaries)

· Developers (i.e., Programmers).

External users:

· ESRD Facilities

· National Institutes of Health (NIH)

· Health Insurance Companies (Medicare Secondary Payers)

Users of the SDPS data systems include: CMS Central and Regional offices, QIOs, Medicare certified inpatient providers, and authorized PMS vendors.

Any ‘sharing’ of this information outside of the group mentioned above can only be approved by CMS. A Data Use Agreement is submitted to CMS for approval.

The Standard Data Processing System (SDPS) is a Major Application (MA) whose purpose is to provide hardware and software tools to enable Quality Improvement Organization personnel to fulfill the requirements of the QIO programs. The primary purpose of the system is to aid in the administration and monitoring of the tasks mandated by the QIO program. These tasks include:

· Improving Beneficiary Safety and Health Through Clinical Quality Improvement in provider settings of: a. Nursing Home; b. Home Health; c. Hospital; d. Physician Office; e. Underserved and Rural Beneficiaries; and f. Medicare + Choice Organizations (M+COs).

· Improving Beneficiary Safety and Health Through Information and Communications by: a. Promoting the Use of Performance Data; b. Transitioning to Hospital-Generated Data; and c. Other Mandated Communications Activities.

· Improving Beneficiary Safety and Health Through Medicare Beneficiary Protection Activities through: a. Beneficiary Complaint Response Program; b. Hospital Payment Monitoring Review Program; and c. All Other Beneficiary Protection Activities.

Improving Beneficiary Safety and Health Through Developmental Activities

QIES shares data with State agencies and Quality Improvement Organizations (QIO) for the purpose of health care quality and payment. Also, data may be disclosed to entities that meet Privacy Act requirements for routine uses as stated in the SOR. These entities must have a DUA.

VISION provides an electronic data entry and reporting system for the nearly 4000-dialysis facilities in the United States. The information stored in VISION is collected by the ESRD dialysis facility or transplant unit and submitted to the ESRD Networks via Quality Net Exchange. The data collected via the VISION tool is mostly patient registry data to track the patients through their dialysis treatments and transplants. The VISION system also collects some Quality Improvement data via the Clinical Performance Measures tool that will be rolled out this spring. Currently, there are about 135 facilities out of 4600 facilities nationally that are using this system.

Data from VISION is uploaded via Quality Net Exchange to the ESRD Networks. The ESRD Networks import this data into their local SIMS System and perform additional validation and edit checks on the integrity of the data. SIMS, in addition to the patient registry data, also houses clinical data such as vascular access information, and in the near future, electronic laboratory data. Currently, SIMS is used by all employees at every ESRD Network to which all 4600 dialysis facilities and transplant facilities report.

SIMS focuses on the mission critical operations of the ESRD Networks. These operations have been categorized into 5 major areas.

· Form Entry/Submission and Tracking

· Reporting

· Administration

· Database Utilities

· Other SIMS Features

The REMIS (Renal Management Information System) is a web-based interactive database of ESRD patient and provider information located at CMS Data Center in Baltimore, MD. It is used by CMS and the renal community to perform their duties and responsibilities in monitoring Medicare status, transplant activities, dialysis activities, and Medicare utilization (inpatient and physician supplier bills) of ESRD patients and their Medicare providers. REMIS provides a central database for CMS ESRD information.

REMIS will support and improve data collection, validation, and analysis of the ESRD patient population over its predecessor system, REBUS. It will provide timely and accurate analysis information to the ESRD Network organizations, dialysis facilities, transplant centers, and research organizations. This will be accomplished via a Web-based data administration facility and decision support system. REMIS will provide improved support for ESRD program analysis, policy development, and epidemiological research.

REMIS will allow users to view ESRD beneficiary and provider information from the eighteen ESRD Network organizations housed in the Standard Information Management System (SIMS) Central Repository. The Networks provide Beneficiary, Provider, Medical Evidence, Death Notice, and Patient Event data. This information, along with information from CMS systems of record (Medicare Enrollment Data Base, the Common Working File, and the National Claims History, and from the United Network for Organ Sharing (UNOS), is integrated via REMIS.

The data that the SDPS system collects, maintains, and disseminates is as follows:

· summarized data for payment error rates by state and nationally.

· claims,

· case review,

· medical record abstractions,

· payment information

· tracking of medical records,

· helpline and beneficiary complaint information

· raw and rolled up Part A and Part B claims

· tracking information for abstraction of surveillance data,

· beneficiary demographic information for all Medicare beneficiary enrollees,

· clearinghouse of information related to quality improvement information, tools, and techniques.

· contains security access information

· provider specific activities performed by QIOs

· reference data regarding providers from various healthcare settings,

· provider contact telephone and address information, and indicators for provider-vendor authorizations

· provider data for analytical purposes to support quality improvement collaborative efforts

· information, training materials, memos, documentation related to the SDPS questions posed and corresponding answers

The data is gathered on a mandatory basis.

QIES contains resident and patient assessment data. It includes clinical data of patients and residents. The data offers a multidimensional view of residents/patients functional capacities and helps staff to identify health problems. QIES also contains data that tracks and process complaints and incidents reported against Medicare and Medicaid providers and suppliers. The purpose is to measure outcome monitoring and patient risk factors, and to aid in the administration of the survey and certification of Medicare and Medicaid providers and suppliers. The data contains IIF, and submission is mandatory.

SDPS: No

QIES: No

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: CMS Information Systems Security Policy, Standards and Guidelines Handbook, Version 1.2, July 9, 2004, Chapter 16 establishes policy for the security of electronic mail, facsimile, and other media. It serves as the primary source of Information Technology (IT) systems security information for all CMS IT users. The policies, standards and guidelines described therein apply to all users of CMS hardware, software, information, and data. The CMS AIS Security Program ensures the existence of adequate safeguards to protect personal, proprietary, and other sensitive data in automated systems and ensures the physical protection of all CMS General Support Systems (GSSs) and Major Applications (MAs) that maintain and process sensitive data.

CMS QualityNet (QNet) System Security Policy Handbook, Version 3, April 24, 2006, Chapter 4 Guidelines for Destruction of Sensitive Information defines guidelines for the destruction of Medicare sensitive information and establishes a minimum set of security controls that will apply for all QualityNet users. These QualityNet guidelines will be used by the 3 QualityNet Complexes, 53 QIO sites responsible for each US state, territory, and the District of Columbia; 1 Clinical Data Abstraction Center (CDAC); and 18 End Stage Renal Disease networks.

These guidelines were established to provide a standard for QualityNet Functional Component users for the destruction of sensitive Medicare information. Users need to understand that taking personal responsibility for the handling, storage, and destruction of sensitive information is an essential part of their job.

This policy document meets the requirements set forth by the Computer Security Act of 1987 (P.L. 100-235), the Health Insurance Portability and Accountability Act of 1997 (P.L. 104-191), Appendix III to OMB Circular No. A-130 (50 FR 52730; December 24, 1985), and CMS Information Systems Security Policy, Standards and Guidelines Handbook, (The Handbook), Version 1.2, July 9, 2004.

The CROWN/ESRD information is secured in several different layers.

Physical layer - the hard copy data that comes into the ESRD Networks is secured at the local levels behind locked doors and is stored in locked file cabinets.

Hardware layer – All machines that store data have a login required, have an electronic screen saver password and all the application data is protected again behind a login to the software using a secure token.

Communication layer – the entire SIMS system relies on QualityNet (QNet) network infrastructure.

The SDPS system is a ‘closed’ system and consists of the following components:

Complex 1 located in the CMS Data Center in Baltimore, MD.

Complex 2 located in the IFMC Data Center in West Des Moines, IA.

Complex 3 located in Warrenton, VA.

Development LAN and workstations at the IFMC SDPS complex;

WAN connectivity between CMS Corporate and Regional Offices, QIOs, and AGNS. There is also connectivity to the IFMC SDPS complex.

The IFMC SDPS test and development servers are located in the IFMC corporate data center. The IFMC corporate data center is a restricted area and has appropriate environmental security controls implemented, to include measures to mitigate damage to Automated Information Systems caused by fire, electricity, water and climate changes. Access to the corporate data center is controlled by access cards, and only those with a business need to be in the data center are provided access via their access card.

SDPS workstations and servers are also located at each of the QIOs. A QIO Manual was provided to each QIO when the original system was deployed. This document details the minimum requirements for environmental controls, electrical considerations, physical space and furnishings requirements, etc.

For access to all applications, users must complete a QNet Access Request Form, which has been automated for all but CMS RO users in the OARS system. This form specifies which system(s) the user needs access to and the level of authority for that system. (Production, test, training or development, update or read only) The user’s security administrator must approve the request. Once approved through the OARS application, backend processes apply the authorizations to the appropriate systems to allow nearly real-time access for the user (within an hour or less). If completed in paper form, as is needed by the CMS ROs, the form is forwarded to the appropriate CMS CO security administrator for user id setup into the OARS system. This same process is used also for changes and deletions from all SDPS applications.

Users of the SDPS data systems include: CMS Regional officers, Medicare Certified Inpatient Providers, Health Insurance COmpanies, ESRD networks and facilities, nursing homes, Home Health Agencies, and authorized vendors.

QIES personnel having access have been trained in Privacy Act and systems security requirements. Authentication and access control profiles are maintained. User login/password authentication secure QIES functions to preapproved user groups. The proper level of user class is assigned for each user. Access controls enforce segregation of duties. Access to all servers is controlled. Servers are kept in a locked room. Each server requires a specific log-on process access.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Healthcare Integrated General Ledger Accounting System (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-01-1020-00-402-124

4. Privacy Act System of Records (SOR) Number: 09-70-0501, 09-70-0503, 09-90-0024

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Healthcare Integrated General Ledger Accounting System (HIGLAS)

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Janet Vogel

10. Provide an overview of the system: To provide, in a production environment, a dual entry US Standard General Ledger accounting system and standardized accounting and financial management reporting process for CMS central office administrative program accounting activity and for the Medicare Program Benefits administered by the Medicare Fee-For-Service Claims Processing Contractors.

13. Indicate if the system is new or an existing one being modified: New17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): N/A

Medicaid and SCHIP government award data: obligations, advances, and expeditures, grantee name, grantee EIN/TIN, CAN, and Object Class.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: HIGLA uses state-of-the-art technological methods to secure IIF. HIGLAS provides a much higher level of information security than previously available by meeting the following requirements for effective records security:

- Ensures that only authorized personnel have access to electronic records

- Ensures that appropriate agency personnel are trained to safeguard sensitive or classified electronic records

- Ensures that appropriate contractor staff working as agents for the agency are trained to safeguard sensitive or classified electronic records

- Minimizes the risk of unauthorized alteration or erasure of electronic records

- Ensures that electronic records security is included in computer systems security plan prepared sersuant to the Computer Security Act of 1987, HIPAA of 1996, Privacy Act of 1974, OMB Circulars A-123, A-127 and A-130, Government Information Security Reform Act of 1996. JFMIP's Benefit System Requirements.

Users have access only to the data required to perform their dutied in the ORG to which they are assigned.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Human Resources Management Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2008

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-02-00-01-1150-00

4. Privacy Act System of Records (SOR) Number: 09-70-3005

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): No

7. System Name: Human Resources Management Systems

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Faraja Bryant-Ricketts, OOM/APSS, 410-786-2068

10. Provide an overview of the system: *10. Provide an overview of the system:

CHRIS - The CMS Human Resources Information System is a portal for all CMS Human Resources and Personnel related data. This portal is a respository of information related to CMS employees. This portal is used by Human Resources and Management type personnel.

ITSP-CBT – The 2002 FISMA requires all users of the Federal information systems to be exposed to security awareness materials at least annually. The ITSP-CBT provides CMS with the means to meet this requirement by providing basic information security awareness training to all individuals who have been issued a FLSATRAV - The CMS FLSA Travel Tool allows CMS employees to arrive at results decisions for Travel Overtime and Compensatory Time In Lieu of Overtime travel. The static document (Travel Worksheets) has been automated to assist employees in deriving the appropriate conclusion as to whether or not time is compensable or not according the regulation and law.

OATS – The OATS application is a desktop application that allows selected users to review, update, add and report tasks and assignments at various designated levels.

MGCRB Case Tracker - The system is used to track cases/appeals received in the Office of Medicare Adjudication.

MGCRB Calc - The system is used to track cases/appeals received in the Office of Medicare Adjudication.

PRRB – The PRRB Case Tracker is used to track cases/appeals received in the Office of Medicare Adjudication. The system tracks actions taken on each case/appeal; tracks the participants associated with each case/appeal; tracks issues associated with each case/appeal; tracks hearing dates; and generates letters and reports as needed. The PRRB Case Tracker is written in Visual Basic and was developed for the Office of Hearings. The PRRB Case Tracker is a module of the Office of Hearings case tracking system. PRRB Case Tracker was implemented in 05/03. PRRB Case Tracker consists of a Microsoft Access database located on a shared drive in the CMS Data Center.

OIGHTLNE – The OIG Hotline is used to store OIG Hotline complaints for Medicare Frauds & Abuses purposes.

ONREG – The CMS Online Registration System (ONREG) allows CMS employees to register for training courses and calendar events on-line via a web interface. The ONREG system is an integrated system that allows immediate access to training information, as well as, the ability to add and track training courses and calendar events.

CMS Badge System – The CMS Badge system is an application that collects and houses necessary data to ensure that access to CMS Building, during both regular and security hours is restricted and to guard against unauthorized entry.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

CHRIS contains personally identifiable information of Name, SSN, DOB, Vehicle ID, Education, Employment Status, this information is used by Personnel and is only accessed by persons with management authority. The information is password protected with security protocols.

ITSP-CBT - N/A

FLSATRAV - N/A

OATS - N/A

PRRB - N/A

OIGHTLNE - N/A

MGCRB contains Name, Mailing Address, Phone Numbers and Email Address, this information is used by Personnel and is only accessed by persons with management authority. The information is password protected with security protocols.

ONREG contains Names and Email Addresses,

CMS Badge contains Name, Work Location, Work Address and Phone Number and Photo Identification, this information is used by Personnel and is only accessed by persons with management authority. The information is password protected with security protocols.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: CHRIS contains personally identifiable information of Name, SSN, DOB, Vehicle ID, Education, Employment Status, this information is used by Personnel and is only accessed by persons with management authority. The information is password protected with security protocols.

ITSP-CBT - N/A

FLSATRAV - N/A

OATS - N/A

PRRB - N/A

OIGHTLNE - N/A

ONREG contains Names and Email Addresses,

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Tony Trenkle

Sign-off Date: Jun 27, 2008

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Integrated Data Repository (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jun 27, 2008

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-06-01-1120-00

4. Privacy Act System of Records (SOR) Number: 09-70-0571

5. OMB Information Collection Approval Number: NA

6. Other Identifying Number(s): NA

7. System Name: Integrated Data Repository

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: William Craig Mooney

10. Provide an overview of the system: IDR - The Integrated Data Repository is the Agency storage structure for detailed Medicare and Medicaid claims information.

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): CMS staff & contractors, Federal & state agencies, researchers, OIG, GAO, DOJ for various studies, program oversight and fraud & abuse

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: IDR operates in the CMS Data Center

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Suanders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Tony Trenkle

Sign-off Date: Jun 27, 2008

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / IT Management Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-03-00-02-1010-00 009-38-02-00-01-1150-00

4. Privacy Act System of Records (SOR) Number: 09-70-3005

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: IT Management Services

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Jerry J. Williams

10. Provide an overview of the system: The Correspondence Inquiry System (CIS) is the agency’s

correspondence tracking, receiving and document workflow system.

It is used to collect and store internal and external document request,

program inquiries, congressional inquiries, and the agency's responses

to these inquiries and requests. It also allows the tracking and

progress of work items and reassign them to different users, or

components as necessary. It replaces hard-copy folders and documents

with electronic files that can be routed easily to the next user or group

involved with the document processing. It is currently a 16 bit

application and can not be modified or upgraded with out significant

cost.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): System does not discloses or allow any information to be shared with other applications, agencies or outside sources.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?:

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The data is stored within an database as well as on a Document Storage Server. The only access granted is to current users of the application. The system has its own backup unit and the data is incrementally backed up each night and a full backup is scheduled for each weekend. Access to the servers is also on restrictive

Access.

As system administrator I view the data as falling under the Privacy ACT and have set the guidelines for the dissemination of data contained in the

Correspondence Inquiry System.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicaid & State Children's Health Insurance Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-06-01-1010-00 009-38-01-04-01-1060-00

4. Privacy Act System of Records (SOR) Number: 09-70-0541, 09-70-0510, 09-70-0578

5. OMB Information Collection Approval Number: CMS-416 OMB#0938-0354 Expiration Date: 03-31-2009;

CMS-64 OMB# 0938-0067 Expiration Date: 06/30/2008,

CMS-21 & 21B OMB# 0938-0731 Expiration Date 06/30/2008, CMS-37 OMB# 0938-0101 Expiration Date 06/30/2008;

OMB# 0938-0707, Expiration Date 05/31/2008;

OMB# 0938-0599, CMS-102 Expiration Date: 11/30/2007;

OMB# 0938-0599, CMS-105 Expiration Date: 11/30/2007;OMB # 0938-0345, Expiration Date: 07/31/2006;

OMB# 0938-0707, Expiration Date: 05/31/2008

6. Other Identifying Number(s): CMS-R-0284

7. System Name: Medicaid & State Children's Health Insurance System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dona Coffman; Cora Burch; Marcus Koenig

10. Provide an overview of the system: EPSDT: The Early and Periodic Screening, Diagnostic and Treatment (EPSDT) Data System is a web-based Intranet application for use by the Centers for Medicare & Medicaid Services (CMS).

The annual EPSDT Report (Form CMS-416) provides basic information on participation in the Medicaid child health program. The information is used to assess the effectiveness of State EPSDT programs in terms of the number of children (by age group and basis of Medicaid eligibility), who are provided child health screening services, referred for corrective treatment, and the number receiving dental services. Child health-screening services are defined, for purposes of reporting on Form CMS-416, as initial periodic screens required to be provided according to a State’s screening periodicity schedule.

The complete report demonstrates the State’s attainment of its participant and screening goals. Participant and screening goals are two different standards against which EPSDT participation is measured on the Form CMS-416. From the completed reports, trend patterns and projections are developed for the nation and for individual States or geographic areas, from which decisions and recommendations can be made to ensure that eligible children are given the best possible health care. This information is also used to respond to congressional and public inquires.

FULs: The Federal Upper Limit System (FULs) determines the highest allowable Medicaid price for Federal Drug Administration (FDA) approved drugs. This price is derived from manufacturer prices obtained from external sources: Medispan, Blue Book and Red Book. The primary output from this system is the “Payment for Services Report” which lists all products along with their strengths, dosage form, route of administration, package size, the FULs price and source.

SPW: The State Plan Amendment and Waiver Tracking System (SPW) is an information tracking system that tracks State Plan Amendments and Waivers from their initial submittal to their final determination in a common format and Central Office database. This system tracks the following: State Plan Amendments (SPA), PACE SPAs, SCHIP SPAs, 1115 waivers, 1115 Independence Plus waivers, 1915(b) waivers, 1915(c) waivers, and 1915(c) Independence Plus waivers.

MDR: The Medicaid Drug Rebate (MDR) System is composed of an online and batch system that collects drug manufacturers product and price information and state drug utilization data for drugs given to State Medicaid recipients. The system calculates the quarterly unit drug rebates that are then sent to the states for invoicing drug manufacturers each quarter.

MBES/CBES: MBES\CBES collects and stores States Medicaid budgets & expenditure information. The system is used by states to submit budget and expenditure data for the Medicaid and State Children’s Health Insurance Program to CMS. CMS’ Regional Office personnel review the state submissions and enter analysis into the system. All activity is reviewed and certified by CMS Central Office personnel. Summarized data from this information is publicly available on the CMS Public web site.

SCHIP/SEDS: The State Children’s Health Insurance Program (SCHIP) Statistical Database Enrollment System (SEDS) is a system that states use to submit enrollment and demographic data for the SCHIP Program to CMS. CMS' Regional Office personnel review the state submissions and enter analysis into SCHIP SEDS. All of this activity is reviewed and certified by CMS Central Office personnel.

IBNRS: The Incurred But Not Reported Survey system is a web-based application used by CMS biannually both to report estimated expeditures for the Medicaid Programs and State Children's Health Insurance Program. The purpose of the IBNRS application is to create an online version of two forms - the CMS-R199, Form for the Medicaid Accounts Payable and Accounts Receivable as well as the CMS-10180, Form for the SCHIP Accounts Payable and Accounts Receivable. The application converts an existing Word-based Medicaid form into an HTML- based application. It is also designed to provide the reporting and exporting of survey answers back to the Word template.

The States are required to report the latest Comprehensive Annual Financial Report (CAFR) data along with the CAFR for the previous year. The user submits the MEdicaid Account Receivable, Accounts Payable and provides the average number of calendar days that elapse from when a service is provided to a Medicaid beneficiary until the State reimburses the provider for a claim. For each reporting requirement in Sections I and II, States are required to enter total costs as well as the portion known as the Federal Financial Participation. Section III consists of states providing the average number of calendar days that elapse from when a service is provided to a MEdicaid beneficiary until the State reimburses the provider for the claim.

S&C/CLIA: The Survey and Certification (S&C) Clinical Laboratory Improvement Act (CLIA) Budget and Expenditure System is used by states to submit budget and expenditure data for Survey and Certification and CLIA to CMS. CMS’ Regional Office personnel review the state submissions and approve the budget and expenditure data into the Survey & Certification\CLIA System. All of this activity is reviewed and certified by CMS Central Office personnel.

MSIS/MAX: The primary purpose of MSIS is to establish an accurate, current, and comprehensive database containing standardized enrollment, eligibility, and paid claims of Medicaid beneficiaries to be used for the administration of Medicaid at the federal level, produce statistical reports, support Medicaid related research, and assist in the detection of fraud and abuse in the Medicaid program. Information in this system will also be used to support regulatory and policy functions performed within the agency or by a contractor or consultant, another federal or state agency, agency of a state government, an agency established by state law, or its fiscal agent, support research of policy issues, quality and effectiveness of care, and of epidemiological projects, support constituent requests made to a congressional representative, support litigation involving the agency related to this system of records, and combat fraud and abuse in certain federally funded health care programs.

TIPS: TIPS was designed to help with the integration of data from disparate systems within CMSO. The components within TIPS provide a user friendly interface that allows users to quickly search, sort, and manipulate data in and perform analysis. Currently, data from nine CMS critical systems are displayed in various formats within the system, including a color-coded map of the U .S., data cubes, and an ad-hoc query component.

SARTS: The SCHIP Annual Report Summary Template System (SARTS) assists states in completing their annual reports. The information gathered from these reports will allow CMS and the National Academy for State Health Policy (NASHP) to consolidate state reports and make assessments about approved plans and implement program management activities. The reports help recognize diversity in state approaches to

SCHIP and equip CMS with information to allocate funds and manage program activities. States assess the operation of their state child health plans each fiscal year, and report by January 1 following the end of the fiscal year, on the results of the assessment. The state must assess the progress made in reducing the number of uncovered, low-income children.

DDR: The Drug Data Reporting for Medicaid systems is a web-based application used by drug manufacturers participating in the MEdicaid Drug Rebate program. It is a standardized reporting tool for the manufacturers to submit required product and pricing data in support of the MDR and FULs programs. The DDR contains the manufacturer's product and pricing data by labeler code.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

EPSDT: N/A

FULs: N/A

SPW: N/A

MDR: N/A

MBES/CBES: N/A

SCHIP SEDS: N/A

IBNRS: N/A

S&C/CLIA: N/A

MSIS/MAX: Census Bureau for state population, Congressional Budget Office

and for analysis and research purposes and organizations operating under an

approved Data User Agreement such as the Urban Institute.

TIPS: N/A

SARTS: N/A

DDR: N/A

EPSDT: N/A

FULs: N/A

SPW: N/A

MDR: N/A

MBES/CBES: N/A

SCHIP/SEDS: N/A

IBNRS: N/A

S&C/CLIA: N/A

MSIS/MAX: Date of Birth, Social Security Number

TIPS: N/A

SARTS: N/A

DDR: N/A

EPSDT: N/A

FULs: N/A

SPW: N/A

MDR: N/A

MBES/CBES: N/A

SCHIP SEDS: N/A

IBNRS: N/A

S&C/CLIA: N/A

MSIS/MAX: HIPAA Disclosure policy

TIPS: N/A

SARTS: N/A

DDR: N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: EPSDT: Rules of Least Privilage; Authorized personell with approved user ID and password; firewall and intrusion detection; Guards;

Identification Badges; Key Cards

FULs: Rules of Least Privilage; Authorized personell with approved user ID and password; firewall and intrusion detection; Guards;

Identification Badges; Key Cards

SPW: Rules of Least Privilage; Authorized personell with approved user ID and password; firewall and intrusion detection; Guards;

Identification Badges; Key Cards

MDR: Rules of Least Privilage; Authorized personell with approved user ID and password; firewall and intrusion detection; Guards;

Identification Badges; Key Cards

MBES/CBES: Rules of least privilege; authorized personnel with approved user Id and password; firewall and intrusion detection; Identification Badges; Key Cards; Closed Circuit TV (CCTV)

SCHIP/SEDS: Rules of least privilege; authorized personnel with approved user Id and password; firewall and intrusion detection; Identification Badges; Key Cards; Closed Circuit TV (CCTV)

IBNRS: Rules of least Privilege; authorized personnel with approved user ID and password; firewall and intrusion detection; Identification Badges; Key Cards; Close Circuit TV

S&C/CLIA: Rules of least privilege; authorized personnel with approved user Id and password; firewall and intrusion detection; Identification Badges; Key Cards; Closed Circuit TV (CCTV)

MSIS/MAX: Rules of Least Privilage; Authorized personell with approved user ID and password; firewall and intrusion detection; Guards;

Identification Badges; Key Cards

TIPS: Rules of Least Privilage; Authorized personell with approved user Id and password; firewall and intrusion detection; Guards; Identification Badges; Key Cards;

SARTS: Rules of least privilege; authorized personnel with approved user Id and password; firewall and intrusion detection; Identification Badges; Key Cards; Closed Circuit TV (CCTV)

DDR: Rules of least Privilege; authorized personnel with approved user ID and password; firewall and intrusion detection; Identification Badges, Key Cards, Closed Circuit TV

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicare Advantage and Prescription Drug Plan Operation System (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-04-01-1090-00 009-38-01-04-02-1080-00 009-38-01-04-02-1095-00 009-38-01-04-01-1085-00 009-38-01-04-01-1075-00 009-38-02-00-01-1150-00

4. Privacy Act System of Records (SOR) Number: 09-70-4001, 09-70-0500, 09-70-0552, 09-70-0553, 09-70-0557, 09-70-0564

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Medicare Advantage and Prescription Drug Plan Operation System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Marni Land, 410-786-2258

10. Provide an overview of the system: APPS - PROCESS AND MAINTAIN PAYMENT INFORMATION FOR MEDICARE ADVANTAGE PLAN AND PRESCRIPTION DRUG PLANS.

DDPS – The DDPS is being developed to support CMS’ implementation of the new Medicare Prescription Drug Benefit program, mandated by the Medicare Prescription Drug, Improvement and Modernization Act (MMA) of 2003. This system will process all Medicare covered and non-covered drug events, including non-Medicare drug events, for Medicare beneficiaries participating in the Part D programs. The system will process Prescription Drug Event (PDE) transactions and related data as necessary to validate/authenticate Medicare payment of covered drugs made by plans for enrolled Medicare beneficiaries

HPMS – HPMS is a web-enabled Extranet information system that supports numerous business functions of the Medicare Advantage and Part D programs, including plan application submission and review, formulary submission and review, bid submission and review, complaints tracking, and plan oversight.

MARX – MARx is an enhancement of the Medicare Managed Care System (MMCS), with changes for the implementation of the Medicare Modernization Act (MMA).

MIIR – MIIR is a data repository created to report on Medicare Beneficiary Part D information at the aggregate level in support of MMA. Currently, MIIR has counts to be used for analysis on aspects of beneficiaries such as demographics, LIS, enrollment information, etc via a reporting tool. This system is used by CMS internal staff only.

PWS – The Premium Withhold Subsystem tracks Part C and/or Part D beneficiary level premium payments for the entire Medicare population (approximately 40 million beneficiaries) who elect either Part C - Medicare Advantage - or Part D - Medicare prescription drug coverage, including managing the data exchange for Medicare beneficiaries who elect to have their premiums withheld by OPM, SSA, or RRB.

RAS – The Risk Adjustment Suite of Software are modules within the Medicare Modernization Act (MMA) program. The Risk Adjustment Suite of Software receives diagnostic and beneficiary data from other systems, stages the data, calculates Risk Adjustment Factors (RAFs), feeds the RAFs to other systems within MMA, and provides reports on the resulting factors.

TROOP - This system provides MBD and COB info to the TrOOP facilitator.

SPDBS- The SPDBS is the CMS system of record for billing and processing the collection on monies from the states to defray a portion of the Medicare drug expenditures for individuals whose projected Medicaid drug coverage is assumed by Medicare Part D. The SPDBS was developed as a COBOL program and flat file batch process and resides on the mainframe at the CMS Computer Center. The SPDBS does not interface with any databases of CICS.

MPC: Determines the Medicare Plus Choice payment rates for every State by county. These rates are fed into the Automated Plan Payment System Database. The APPS uses these rates to make payments on behalf of MEdicare beneficiaries who choose to obtain Medicare benefits through private health plans under the MEdicare Advantage program.

AAPCC: Supports payment to Medicare Advantage plans by feeding essectial information and data into the MEdicare Advantage System. The AAPCC application captures Medicare enrollment and demographic data that is used as input to the MEdicare Advantage application which calculated payment rates to managed care organizations. A by-product of this system is the tabulation of annual Medicare reimbursement and enrollment on a county basis. The enrollment includes all MEdicare beneficiaries, whereas the reimbursement includes only claims paid by intermediaries and carriers, i.e., it excludes capitation payments made to HMO and similar organizations.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): APPS – OFM FACS system

DDPS – All reporting/data access is restricted to mandated and authorized users of the data with statutory authority as described in the MMA legislation, which includes:

Those necessary to implement, operate, and support the developed system;

The CSSC at Palmetto requiring PDE and beneficiary data access;

The MDBG within CBC responsible for benefit implementation, program administration, and program oversight;

The Medicare PIG within OFM responsible for protecting program integrity and detecting waste, fraud, and abuse of the program;

The QIO contracted by OCSQ responsible for clinical quality and evaluation of health care outcome of the benefit; and

The 723 initiative being coordinated by ORDI responsible for developing integrated databases.

HPMS – HPMS will make the complaints tracking data available via reports and extracts to CMS staff for plan oversight and monitoring. It may also be necessary to share these data with other federal agencies (e.g., FBI, OIG) if further investigation of a Part D organization is required.

MARX – Internal – MBD for determining beneficiary demographic data and identifying information, RAS for risk adjustment rates, PWS for withholding data Gentran / EFT for communicating beneficiary and plan data, NGD for processing disenrollments from the 1800Medicare, Retiree Drug Subsidy (RDS) for rejected enrollments, and IACS for identity management of users.

MIIR – No

PWS – External – SSA, to be able to provide withholding information for beneficiaries

Internal – MARx, MBD to get information about beneficiaries and plans.

RAS – Internal – MARx, MBD for determining beneficiary demographic data and identifying information, NMUD for diagnosis data of a beneficiary

TROOP – N/A

SPDBS: N/A.

MPC: N/A.

AAPCC: N/A

APPS – PART C AND PART D PAYMENT DOLLARS.

DDPS – The system contains both detailed and summary prescription drug claim information on all Medicare covered and non-covered drug events, including non-Medicare drug events, for Medicare beneficiaries of the Medicare program. This system contains both detailed and summary prescription drug claim data, health insurance claim number, card holder identification number, date of service, gender, and optionally, the date of birth. The system contains provider characteristics, prescriber identification number, assigned provider number (facility, referring/servicing physician), and national drug code. The system contains beneficiary, plan, and supplemental payment amounts. Submission of IIF is mandatory - as a condition of payment, all Part D plans must submit data and information necessary for CMS to carry out payment provisions.

HPMS – HPMS collects the name, mailing address, e-mail address, and/or phone number of the beneficiary reporting a complaint related to the Part D program. All fields are optional. CMS will use these data to resolve beneficiary complaints and track plan performance.

MARX – MARX is not the system of record (SOR) for IIF , but it does store and process IIF regarding system users, beneficiary’s healthplan enrollment and plan payment information. The enrollment of beneficiaries into healthplans is provided from the plans, or from the deeming and autoenrollment enrollments from MBD. Policies regarding the voluntary or mandatory nature of the IIF are the responsibility of the systems that provide the enrollment transactions to MARx.

MIIR – MIIR maintains Beneficiary demographics, LIS, and enrollment information from other CMS source systems to be used for reporting aggregate numbers by CMS staff in support of Executive management needs for MMA Part D reporting and analysis.

PWS – PWS is not the system of record (SOR) for IIF , but it does store and process IIF regarding beneficiary’s healthplan enrollment, plan payment information., and individual’s social security status and identifiers. Policies regarding the voluntary or mandatory nature of the IIF are the responsibility of the systems that provide the beneficiaries or plan data to PWS.

RAS – RAS assesses the health risk presented by Beneficiaries to enable the MMCS to produce an appropriate risk based payment to the Managed Care Organizations (MCO). Additionally, RAS requires information from several other application systems. RAS is not the system of record (SOR) for ANY of the IIF, but it does store and process IIF. Policies regarding the voluntary or mandatory nature of the IIF are the responsibility of the SORs for that IIF.

TROOP – Disseminate eligibility/ enrollment and 4Rx data to pharmacists and COB info to plans.

SPDBS: Once a month, the SPDBS receives as input three flat files provided by CMS internal components. CMSO and the MBD provide one dataset containing a count of the number of new MEdicare beneficiary enrollments and disenrollments for which the states are to be held responsible. OACT provides on dataset containing the monthly state billing rates to be applied. OFM provides on dataset containing a record of the state payments that have been posted in the previous month. SPDBS simply receives the new state enrollment counts from the MBD, multiplies those numbers by the billing rates from OACT to generate a new state liability charge. SPDBS then develops a Summary Accounting Statement showing the previous months balance, the payments posted provided by OFM, the new liability charges that have been calculated, and the resulting new account balance. All this information is also recorded in a state account ledger and other CMS billing summary documentation.

AAPCC: Supports payment to MEdicare Advantage plans by feeding essential information and data into the Medicare Advantage System. The AAPCC application captures Medicare enrollment and demographic dataa that is used as input to the MEdicare Advantage application which calculates payment rates to managed care organizations. A by-product of this system is the tabulation of annual Medicare reimbursment and enrollment on a county basis. The enrollment includes all Medicare beneficiaries, whereas the reimbursement includes only claims paid by intermediaries and carriers, i.e., it excludes capitation payments made to HMO and similare organizations.

APPS – NONE

DDPS – Participation in Part D is voluntary and requires an affirmative election to join. When an individual enrolls in a Part D Plan, as part of the application package, the beneficiary has to sign the Agreement page; thus, MMA Part D enrollment equates beneficiary consent.

Authority for maintenance of this system is given under provisions of the

Medicare Prescription Drug, Improvement, and Modernization Act,

amending the Social Security Act (the Act) by adding Part D under Title XVIII (§ 1860D–15(c)(1)(C) and (d)(2), as described in 42 Code of Federal

Regulation (CFR) 423.401.

The Privacy Act permits us to disclose information without an individual’s consent if the information is to be used for a purpose that is compatible with the purpose(s) for which the information was collected. Any such disclosure of data is known as a ‘‘routine use.’’

This system contains Protected Health Information as defined by HHS regulation ‘‘Standards for Privacy of Individually Identifiable Health Information’’ (45 CFR Parts 160 and 164, 65 FR 82462 (Dec. 28, 00), as amended by 66 FR 12434 (Feb. 26, 01)). Disclosures of Protected Health Information authorized by these routine uses may only be made if, and as, permitted or required by the ‘‘Standards for Privacy of Individually identifiable Health Information.’’

In addition, our policy will be to prohibit release even of non-identifiable information, except pursuant to one of the routine uses, if there is a possibility that an individual can be identified through implicit deduction based on small cell sizes (instances where the patient population is so small that individuals who are familiar with the enrollees could, because of the small size, use this information to deduce the identity of the beneficiary).

In addition, CMS will make disclosure from the proposed system only with consent of the subject individual, or his/her legal representative, or in accordance with an applicable exception provision of the Privacy Act.

CMS, therefore, does not anticipate an unfavorable effect on individual privacy as a result of the disclosure of information relating to individuals.

HPMS – There is no process in-place at this time.

MARX – MARx is fed IIF from MBD, and healthplan systems, and passes information to MBD and healthplans. MARx is not the SOR for the IIF, so there are no agreements in place from MARx with the individuals regarding IIF.

MIIR – NO

PWS – PWS is fed IIF from MBD and MARx internal CMS systems, and data from external SSA and RRB systems via CMS Enterprise Data Exchange. PWS is not the SOR for the IIF.

RAS – RAS is fed IIF from MBD, and RAS internal CMS systems, and passes information to MARx. RAS is not the SOR for the IIF

TROOP – NO

SPDBS - N/A

AAPCC: N/A

MPC: N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: APPS – RACF controls are in place per the GSS and EUA systems as fas as technical and administrative electronic access to records, and the data center controls physical access.

DDPS – CMS has safeguards in place for authorized users and monitors such users against excessive or unauthorized use. Personnel having access to the system have been trained in the Privacy Act and information security requirements. Employees who maintain records in this system are instructed not to release data until the intended recipient agrees to implement appropriate management, operational and technical safeguards sufficient to protect the confidentiality, integrity and availability of the information and information systems and to prevent unauthorized access. This system will conform to all applicable Federal laws and regulations and Federal, HHS, and CMS policies and standards as they relate to information security and data privacy. These laws and regulations include but are not limited to: the PRivacy Act of 1974; the Federal Information Security Management Act of 2002; the Computer Fraud and Abuse Act of 1986; the Health Insurance Portability and Accountability Act of 1996; The EGovernment Act of 2002, the Clinger-Cohen Act of 1996; the MEdicare Modernization Act of 2003, and the corresponding implementating regulations. OMB Circulr A-130, Management of Federal Resources, Appendix III, Security of Federal Automated Information Resources also applies. Federal, HHS, and CMs policies and standards include but are not limited to: all pertinent National Institute of Standards and Technology publications; the HHS Infomation Systems Program Handbook and the CMS Information Security Handbook.

HPMS – HPMS utilizes the following control mechanisms: user ID and password-controlled access, firewall, Virtual Private Network technology, encryption, and intrusion detection (technical controls); guards, identification requirements, key cards (physical controls at hosting facility); systems security plan, contingency plan, regular backups, and personnel training (administrative controls).

MARX – RACF controls are in place per the GSS and EUA systems as far as technical and administrative electronic access to records, and the data center controls physical access.

MIIR – Users of MIIR do not have beneficiary level (IIF) access. Prior to access to aggregate data being granted, a business owner listed within EUA receives a request from a user. The user must first have MIIR Training, submit a DUA, and provide a business reason for requiring the access. If all of that is satisfactory, the business owner approves the request for access to the aggregate level information. This process is handled through CMS’s CAA, EUA, and LDAP processes so that all agency related policies for access request, approval, and password protection are utilized.

PWS – RACF controls are in place per the GSS and EUA systems as far as technical and administrative electronic access to records, and the data center controls physical access.

RAS – RACF controls are in place per the GSS and EUA systems as far as technical and administrative electronic access to records, and the data center controls physical access.

TROOP – Contractor must follow the CMS “System Security Plan and Risk Assessment Guidelines” which is based on the NIST special publication “Guide for Developing Security Plans for Information Technology Systems”

AAPCC: N/A

MPC: N/A

SPDBS: N/A

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicare Appeals Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-04-01-1180-00

4. Privacy Act System of Records (SOR) Number: 09-70-0566

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Medicare Appeals System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Aaron Pleines

10. Provide an overview of the system: The Medicare Appeals System allows both tracking of and reporting on the Medicare appeals process. This system is used to support the new Medicare process established by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) and the Benefits Improvement and Protection Act of 2000 (BIPA).

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The Office of Medicare Hearings and Appeals (OMHA), CMS, and the CMS contractors who process Medicare appeals. The IIF is necessary to record and adjudicate the Medicare appeals.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Users are required to wear Identification Badges / Key Cards in order to gain access to the facilities. The user must then access the system through a T1 line that is dedicated to CMS. Firewalls are in place to block unauthorized access. The user can only access the system with their CMS userid and password. This password expires after 60 days, has a minimum length of eight characters, and accounts are locked after three incorrect attempts. Accounts are also logged out after 15 minutes of inactivity. User accounts are also role based to protect unnecessary access to IIF.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicare Beneficiary Enrollment Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2008

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-09-01-1120-00 009-38-01-04-01-1150-00

4. Privacy Act System of Records (SOR) Number: 09-70-0502, 09-70-0536

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Medicare Beneficiary Enrollment Systems

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Mike Fiore, Director, Division of Medicare Enrollment Coordination

10. Provide an overview of the system: The EDB is a collection of automated systems that support the collection and maintenance of information (e.g., demographics, enrollment, insurance, premium payments) about Medicare beneficiaries.

The MBD was developed to provide CMS with a centralized database that supports the collection and maintenance of information about Medicare Program beneficiaries. The Medicare beneficiary information contained in the MBD is used to support managed care enrollments, payments to Managed Care Organizations, and the Prescription Drug Program. Specifically for DBS, to produce appropriate and accurate bills for and track the collection of Medicare Hospital Insurance (HI) premiums (Part A) and Supplementary Medical Insurance (SMI) premiums (Part B). Specifically for TPS, to perform third party premium billing and collection operations.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Public citizens, business partners/contacts (Federal, State, local agencies), etc., as stated under the Routine Uses outlined in the System of Records for the MBD and EDB.

30. Please describe in detail: (1) the information the agency will collect, maintain, or disseminate; (2) why and for what purpose the agency will use the information; (3) In this description, indicate whether the information contains IIF; and (4) whether submission of personal information is voluntary or mandatory: The agency collects information related to Medicare enrollment and entitlement and Medicare Secondary Payer data containing other party liability insurance information necessary for appropriate Medicare claim payment. It contains hospice election, premium billing and collection, direct billing information, and group health plan enrollment data. It also contains the individual’s health insurance numbers, name, geographic location, race/ethnicity, sex, and date of birth. Information is collected on individuals age 65 or over who have been, or currently are, entitled to health insurance benefits under Title XVIII of the Act or under provisions of the Railroad Retirement (RR)Act, individuals under age 65 who have been or currently are, entitled to such benefits on the basis of having been entitled for not less than 24 months to disability benefits under Title II of the Act or under the RR Act, individuals who have been, or currently are, entitled to such benefits because they have ESRD, individuals age 64 and 8 months or over who are likely to become entitled to health insurance benefits upon attaining age 65, and individuals under age 65 who have at least 21 months of disability benefits who are likely to become entitled to Medicare upon the 25th month of their being disabled. It is a voluntary collection.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: The information is collected from Medicare beneficiaries and obtained by CMS. The beneficiaries are informed that CMS will only disclose the minimum personal data necessary to achieve the purpose of the Enrollment Database and under what routine uses the information will be disclosed. By law, CMS is required to protect the privacy of individual’s personal medical information. CMS is also required to give individuals notice telling them how CMS may use and disclose their personal medical information. Individuals are made aware in the ‘Medicare and You Handbook’ published yearly and sent out to each Medicare beneficiary. Individuals have the right to amend any medical information that they believe to be incorrect, get a listing of anyone the information is disclosed to, and ask CMS to limit how their personal medical information is used and given out to pay claims and run the Medicare program.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The system is certified and accredited to process MBES data until 9/1/2009. A draft of the System Security Plan (SSP) and Risk Assessment (RA) was completed for review 06/06 and 05/06 respectively. SSP Security controls are routinely reviewed, a contingency plan is in place and files are backed up and stored offsite regularly. All personnel (users, administrators, developers, contractors) using the system have been trained and made aware of their responsibility to protect the data collected and maintained.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Tony Trenkle

Sign-off Date: Jun 27, 2008

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicare Claims Processing Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-06-01-1110-00 009-38-01-06-01-1120-00 009-38-01-06-01-1130-00 009-38-01-06-01-1140-00 009-38-01-06-02-1150-00 009-38-01-04-01-1160-00

4. Privacy Act System of Records (SOR) Number: 09-70-0526, 09-70-0505, 09-70-0537, 09-70-0572

5. OMB Information Collection Approval Number: n/a

6. Other Identifying Number(s): n/a

7. System Name: Medicare Claims Processing Systems

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Karen Jackson

10. Provide an overview of the system: The Medicare Claims Processing System is a collection of systems hosted in Medicare contractors’ data centers to process Medicare claims for reimbursement.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): IIF is shared with patients, business partner/contacts, and vendors/supplier/contractors to verify receipt of service and properly pay claims.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Access to the systems is given based on need to know and job responsibilities to process Medicare claims. Medicare Claims Processing Standard Systems maintainers use security software and methods to provide “least privilege access.” They will utilize packages such as RACF or ACF2 to grant or deny access to data based upon need to know. Sometimes, in order to fix programmatic problems, programmers are granted temporary access in order to fix and ensure that errors are fixed. The temporary access may be granted for a day or other short periods of time that can be controlled through security software. External audits also verify these controls. Technical controls used include user identification, passwords, firewalls, virtual private networks and intrusion detection systems. Physical controls used include guards, identification badges, key cards, cipher locks and closed circuit televisions.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicare Data Centers (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-04-01-1030-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Medicare Data Centers

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Charlene Fletcher

10. Provide an overview of the system: Congress established the Medicare Program in 1965 when it enacted Title XVIII of the Social Security Act. The Medicare Program is a Federal health insurance program and now serves over 40 million beneficiaries and processes over 900 million claims per year. To ensure a quick and smooth implementation of the Medicare program in 1965, Congress adopted an administrative structure, which was compatible with the historical pattern of administration used by the private health insurance industry. This allowed the Federal Government to contract with existing public or private organizations to facilitate services to beneficiaries and providers of health care services. It also allowed many systems to be developed for Medicare claims processing.

Traditional Fee-For-Service (FFS) coverage in the Medicare Program consists of two distinct parts. Hospital insurance (Part A of the Program) covers expenses for medical services furnished in institutional settings, such as hospitals or skilled nursing facilities, or services provided by a home health agency or hospice. Supplemental medical insurance (Part B of the Program) covers physician and other practitioner services; certain durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) services; and other outpatient services.

Medicare FFS Claims are processed by Fiscal Intermediaries (FIs), Carriers, and Durable Medical Equipment Regional Carriers (DMERCs) using the family of shared systems described below:

Part A Shared System

Hospital insurance claims process through the Fiscal Intermediaries Shared System (FISS), which performs claims processing and benefit payment functions for institutional providers under Parts A and B of the program. The Medicare contractors that use FISS are known as “fiscal intermediaries” (FIs).

Part B Shared System

The Part B Shared System supports the processing of Medicare Part B claims. Medicare Part B is supplemental medical insurance, which covers physician services and other outpatient services. The Shared System for Part B Medicare is the Multi Carrier System (MCS). Medicare Part B claims processing contractors are known as Carriers, and include the Railroad Retirement Board. They process physician and supplier claims provided under Medicare Part B coverage.

Durable Medical Equipment Regional Contractor (DMERC) Shared System

CMS has designated four carriers to have exclusive responsibility for handling Medicare Part B claims for Durable Medicare Equipment Prosthetics, Orthotics, and Supplies (DMEPOS) claims in specified geographic regions of the United States. They are commonly referred to as the “Durable Medical Equipment Regional Carriers (DMERCs).” The selected DMERCs currently use the VMS DME Shared system to process DMEPOS claims.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s):

The agency may share the collected information with a variety of Federal, state, local, and tribal government audiences and professional audiences, including the medical community. This includes, Providers, Ambulance Services, Medigap Companies / Supplemental Insurers, Clinical Labs, CMS contractors, DME Suppliers, Health Plans, Hospitals, Home Health Agencies, Physicians, Potential Contractors, Researchers, Skilled Nursing Facilities, and Suppliers.

Please see hyperlinks to CMS forms below.

Use of information collected

This information is used to process claims and payments for the Medicare Program beneficiaries. Submission of this information is mandatory and includes IIF.

Collection requirements

The Agency, through Medicare contractors and beneficiaries collects information through CMS forms CMS-1450 and CMS-1500. These are OMB approved forms.

Information is collected primarily through electronic means.

Form CMS-1450 (UB-92):

The UB-92 form and instructions are used by institutional and other selected providers to complete a Medicare Part A paper claim for submission to Medicare Fiscal Intermediaries. The paper UB-92 (Form CMS-1450) is neither a government printed form nor distributed by the CMS. The National Uniform Billing Committee (NUBC) is responsible for the design of the form (http://www.nubc.org/).

Form CMS-1500: Non-institutional providers and suppliers use CMS-1500 form and instructions to bill Medicare Part B covered services. It is also used for billing some Medicaid covered services. CMS -1500 (Health Insurance Claims Form) answers the needs of many health insurers. It is the basic form prescribed by CMS for the Medicare and Medicaid programs for claims submitted by physicians and suppliers, except for ambulance services. It has also been adopted by CHAMPUS and has the approval of the AMA Council on Medical Services. See link below for an electronic copy of form 1500.

Electronic Data Interchange (EDI) Enrollment Form

An organization comprising of multiple components that have been assigned Medicare provider numbers, supplier numbers, or UPINs may elect to execute a single EDI Enrollment Form on behalf of the organizational components to which these numbers have been assigned. The organization as a whole is to be held responsible for the performance of its components. The CMS Standard EDI Enrollment Form must be completed prior to submitting electronic media claims (EMC) to Medicare. Each provider of health care services, physician, or supplier that intends to submit EMC must execute the agreement. Each new EMC biller must sign the form and submit it to their local Medicare carrier or fiscal intermediary. Any existing EMC billers who have not completed the CMS Standard EDI Enrollment Form must complete and sign this form and submit it to their local Medicare carrier or fiscal intermediary also.

Please see the CMS Web page link listed below for information on:

Form CMS-1450 (UB92)

Form CMS-1500

Medicare Part A EDI Helpline

Medicare Part B EDI Helpline

EDI Enrollment Form and Instructions

http://www.cms.hhs.gov/electronicbillingeditrans/

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is collected from two CMS forms, the 1450 and 1500. All Medicare Claims Processing Contractors are called ‘satellites’ under CWF. Satellites access the Host CWF databases to obtain needed beneficiary information. Satellites submit claims to the CWF Host for prepayment review and approval. Medicare beneficiaries are provided healthcare services where their personal information is collected and required for payment and reimbursement purposes. Beneficiaries receive HIPAA disclosure information by providers and Medicare directly. A complaint process is in place for individuals to raise their privacy concerns.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The Medicare Claims Processing Systems incorporate a variety of security measures to protect IIF. These security measures include physical (e.g. use of access card readers, locked doors, cipher locks, and guards to control, restrict and monitor access), administrative (e.g. annual training of staff on security awareness and roles and responsibilities as well as background checks for new and existing employees), and technical (e.g. use of firewalls and intrusion detection systems to detect, restrict and monitor access to the systems and data/information - and secondary identification and authentication access controls).

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicare Financial Management & Payment Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-06-02-1150-00 009-38-01-04-02-1105-00 009-38-01-09-01-1010-00

4. Privacy Act System of Records (SOR) Number: 09-70-0501, 09-70-0503, 09-70-0568, 09-70-0598, 09-70-0546

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): CMS ART: OFM 463; PIMR: OFM 225

7. System Name: Medicare Financial Management & Payment Systems

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Antoinette Miller

10. Provide an overview of the system: Medicare Finance Management & Payment System (MFMPS):

CAFM: The CAFM system is the vehicle for tracking all benefit payments, banking issues, and CFO data.

CAFMII: The CAFMII system is the main vehicle for planning, administering and monitoring the administrative expenses of the Medicare contractor community

CAPTS: The CAPTS system will provide an efficient and effective method for tracking Corrective Action Plans related to audit findings as well as the most current status of those plans.

CASR: The CASR System tracks budgeted and incurred costs for the Part A contractor audit and settlement functions by type of activity and type of provider or reporting entity.

CERT: The CERT system produces national, contractor specific, and benefit category specific paid claim error rates.

CMIS: The CMIS system monitors Medicare Fee-for-Service Contractor Performance.

CMS ART: The CMS ART system provides cost and workload information on Program Safeguard Contractors (PSCs) and Qualified Independent Contractors (QICs)

COB: The purpose of the COB Program is to identify the health benefits available to a Medicare beneficiary and involves the collection, management, and reporting of other insurance coverage.

CROWD: The CROWD system provides CMS with a timely way to monitor each Medicare Contractor’s performance in processing claims and paying bills.

DPS: The DPS system provides payment data for issuance to demonstration providers and sites through the Financial Accounting Control System (FACS).

HCRIS: The HCRIS system collects provider cost report information.

PIMR: The PIMR system supports the tracking of Medicare fraud and abuse.

PS&R: The PS&R system summarizes claims data information (statistical and payment data) for use in settling Medicare cost reports.

PULSE: The PULSE system monitors Medicare Fee-for-Service contractor process counts.

RAC: CMS has selected three states: California, Florida and New York, in which to conduct the Recovery Audit Contractors (RAC) demonstration project as required under Section 306 of the Medicare Modernization Act (1996). These three states were selected because they are among the states with the highest per capita Medicare services utilization rates. The RACs within these states will review hospital and other Part A claims, Part B claims, or DMERC claims from these states for the purpose of identifying overpayments and underpayments made by CMS. The RACs will review claims processed from FY2002 through the end of the demonstration project scheduled for FY2008.

STAR: The STAR system is used by FIs to track the cost reporting process from due date to final settlement and the staff time associated with each task performed on a provider’s cost report.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Yes: CAPTS: with the Administrator, COB: IRS and SSA.

NO: CAFM, CAFMII, CASR, CERT, CMIS, CMS ART, CROWD, DPS, HCRIS, PIMR, PS&R, PULSE, RAC, STAR

CAFMII collects data from 11 input forms to accommodate new reporting requirements for the revised Medicare Contractor environment.

CAPTS collects data on Corrective Action Plans to enable in the decision making process in helping to implement these plans.

CASR data is collected from six input forms for monitoring purposes.

CMIS collects monthly data from the Contractor Reporting of Operational and Workload Data (CROWD), the Medicare Contractor Process Counts Monitor System (PULSE) and the Contractor Administrative Financial Management System (CAFMII).

CMS ART: Data is entered about contractor costs, workload and deliverables.

COB: The purpose of the COB Program is to identify the health benefits available to a Medicare beneficiary and involves the collection, management, and reporting of other insurance coverage. as the sole COB contractor and maintainer of the COB System, GHI's Government Programs Division is responsible for ensuring the accuracy and timeliness of updates to Medicare's eligibility and entitlement databases, i.e., the Common Working File (CWF) and MEdicare Beneficiary Database (MBD) through the following tasks; Initial Enrollment Questionnaire (data on other insurance); IRS/SSA/CMS Data Match (information on whether or not a beneficiary ot their spouse is working); Medicare Secondary Payer Claims Investigation (additional information related to the beneficiary's health benefit coverage); Coordination of Benefots Agreement (defines the criteria for transmitting enrollee eligibility data and Medicare adjudicated claim data to other insurers; Workman's Compensation Case Control (imaged copies of incoming cases); Voluntary Data Sharing Agreements to electronically exchange health insurance benefit entitlement; Medicare Prescription Drug Program Part D (collection and maintenance of prescription drug coverage data far Medicare Beneficiaries); National Call Center (trained staff charged with helping customers with COB questions.)

CROWD: Data is collected from 30 input forms and is maintained on direct on-line storage for fiscal years 1986 through the current fiscal year.

DPS: The system collects the minimally necessary identifying, medical and demographic information needed to reimburse demonstration providers for the services rendered to Medicare beneficiaries. The data collection is based on the individual demonstration legislation and only that information needed to pay correctly is collected.

HCRIS: The information pertains to the providers’ cost of doing business and various medical expenses.

PIMR: PIMR collects, validates and consolidates on a monthly basis, operational and workload data from 70 Medicare contractors across the country as well as contractor administrative budget and financial management data from CMS systems into a single reporting system at CMS.

PS&R: PS&R processes all Medicare Part A post-payment claims, breaking each claim into sub-claims based on fee and cost-based reporting criteria, then further summarizing the claims into an aggregate amount per report type per provider. In order for the provider to reconcile its data and prepare for its cost report submission, it must be able to tie back the aggregated report amounts to the individual detail claims. The aggregated summary reports do not contain any sensitive information. It is only at the input paid claims and detail level that privacy-related information is present. The detail claims level is the minimum necessary to accomplish the purpose for the system, as, from an auditing and reimbursement perspective, the provider and intermediary must be able to tie summary totals back to the detailed claims records.

PULSE: On a nightly basis, Medicare contractors transmit their CMS-1565, CMs-1566, and CMS-1522 report files to the CMS data center via Connect: direct. Each CWF host site transmits their 207, and 0101 reports. While daily data provides the most timely metrics, those contractor that do not product daily reports submit the required reports on the days that they have a batch cycle. The Pulse system handles the reports accordingly. The data collection process extracts the defined claim metrics on a nightly basis from Medicare contractors that utilize the existing standard systems.

The RAC data warehouse is a repository for non-IIF claims data; it also contains updates to these non-IIF claims data and related non-IIF user support data. All data in the data warehouse has been stripped of unique beneficiary identification information.

STAR tracks dates, times and settlement amounts for all cost reports for the following activities: tentative settlements, desk reviews, audits, settlements, reopenings and appeals. STAR then feeds this information to CAFMII and CASR, which OFM uses to monitor FI’s workloads and budgets. FI’s budgets are based on their workload numbers and the type of providers they service.

HIGLAS: HIGLAS incorporates financial data that is focused on Medicare claims payment and overpayment collection activities. The main information maintained by HIGLAS is as follows: Payables: supplier, bank, payment terms, location, BACS, UOM, employee, receipt accrual, invoice, accrual, remittance advice; Receivables: customer, bank, payment terms, BACS, UOM, item description, category, employee, invoice, receipt; General Ledger/Budget Execution: set of books (chart of accounts, calendar, currency), BACS value, cross-validation rule, security rule, budget. The information is collected by the Medicare-Fee-For-Service Claims Processing Shared Systems which are SORs. These systems, in turn, populate HIGLAS with data needed to process payments to and collections from Medicare fee-for-service payees.

CAPT will obtain the information via mandated spreadsheets from the Medicare Contractor.

CERT: Information is obtained directly from Medicare contractors' claims processing systems. Medicare beneficiaries sign a privacy act notice when they become eligible for Medicare that informs them that information they provide to justify payments will be used to determine the appropriate of payment.

CMIS: There is no IIF data.

CMS ART: There is no IIF data.

DPS: The information is obtained electronically and hardcopy in a HIPAA compliant format. The suppliers of the information have been informed about data usage through either a contract or an informed consent form. These signed agreements are obtained as the supplier or beneficiary enters the demonstration.

HCRIS: The Healthcare Cost Report Information System is an Oracle data base system containing cost report information from hospitals, SNFs, HHAs, hospice and renal providers. The reports are submitted by providers and updated on a daily flow basis.

PS&R: The information is present on the paid claims record, the format of which is specified by the FISS shared system. Claims, submitted by providers or billing houses, adjudicated by the Common Working File system, are placed into this paid claims format for input into PS&R. This information is not shared with individuals nor is consent given for the data to be shared with individuals. The data is available to providers who provide services to Medicare beneficiaries, and is available to providers in summary and detail form.

PULSE: Information is being collected from existing CMS reports here at CMS.

RAC: There is no IIF data.

STAR: The information in STAR does contain personally identifiable information within the STAR database about Medicare providers (employee names and TIN for providers). The STAR time keeping system lists name of FI employees and an employee number. These data are used only by the FI to track employees’ time when the individual is working on a provider cost report. Employee data are not share by the FI or included in the National STAR database.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: COB: GHI has a Security Program that includes the CAST self-assessment with 441 administrative, physical and technical controls. The program includes security training, corrective action plans, Business Continuity Planning, external tests of security controls contracted to Cybertrust, SDLC, Change Control, Risk Assessments, System Security Plans. Full detail is available in the COB RA's, COB SSPs and COB BCP.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicare Pricing Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-04-02-1105-00

4. Privacy Act System of Records (SOR) Number: 09-70-0576

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Medicare Pricing System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Daniel McGrane

10. Provide an overview of the system: The systems that comprise the Medicare Pricing Systems Family provide software and data files to Medicare contractors and other entities for use in processing claims for Medicare covered services; provide reports for reconciliation of Medicare expenditures; and provide research capabilities in the form of lookup applications.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: No

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Medicare Utilization Data Collection & Access Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-04-01-1160-00 009-38-02-00-01-1150-00 009-38-01-09-01-1010-00

4. Privacy Act System of Records (SOR) Number: 09-70-0558, 09-70-0514

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Medicare Utilization Data Collection & Access System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Al Celentano

10. Provide an overview of the system:

Data Extract System (DESY) – Enterprise Data Extract System for Enterprise Data

Data Agreement and Data Shipping (DADSS) –

The Data Agreement and Data Shipping (DADSS) was created to provide an automated and easy-to-use system for tracking foreign media shipped from the CMS Data Center (CDC). DADSS provides data coordinators and CDC data release staff with the means to follow the movement of foreign media shipped from the CDC. This system maintains the accountability for the shipment of data from the CDC Tape Library.

HCIS/HCISMod (Health Care Information System/Health Care Information System Modernization) – HCIS/HCISMod is a multi-dimensional software application that provides an easy-to-use access path for non-programmers to manipulate Medicare data into information. HCIS provides Graphical User Interface (GUI) views and reports on the different types of Medicare services.

Incurred But Not Reported (IBNR) – The IBNR estimates represents the cost of services provided to Medicare beneficiaries but not paid at the end of the fiscal year, and is needed as part of the CMS financial statements.

Medicare Actuarial Data System (MADS) – The Medicare Actuarial Data Systems (MADS) incorporates monthly summarized Part A and quarterly summarized Part B data in relational statistical tables. The legislation authorizing this activity is OMB Circular A-130.

Monthly Bill and Payment Record Processing (MBPRP) – This system creates monthly and quarterly skeleton files that are used in a variety of other systems. Part A and Part B institutional claims data is used to create these skeleton files. Every input record processed has identifiable data but only select output files require identifiable data.

Medicare Provider Analysis and Review (MEDPAR) – The MEDPAR file is a representation of a beneficiary stay in an Inpatient hospital or Skilled Nursing Facility (SNF).

NCH Processing Reports (NCHPR) – The National Claims History Processing Reports detail by type of service the monthly and cumulative year-to-date totals of the number of claims processed and dollar amounts of adjudicated claims.

NCH Statistical Table System (NCHSTS) – This system produces various utilization tables of Medicare services.

NCH Summary (NCHSUM) – This system creates individual line item files for Medicare services and summarizes various pieces of information to feed to the Part B Extract and Summary System (BESS).

NCH Nearline Update and Maintenance System – The 100% Nearline File is the repository of all common working file (CWF) processed Part A and Part B detailed claims transaction records, beginning with service year 1991. The NCH contains both institutional claims processed by Fiscal Intermediaries (FI) and noninstitutional claims processed by local carriers and DMERCs.

National Medicare Utilization Database (NMUD) – NMUD is the new storage structure for the Medicare claims data. NMUD has been developed to replace the existing sequential flat files NCH with a DB2 environment as the enterprise Medicare utilization repository. NMUD will house CWF-processed detail claims transactions, beginning with service year 1998.

Integrated Data Repository- IDR is CMS' storage structure for detailed Medicare & Medicaid claims information

APS- Retired

BESS- Created to provide access to Part B claims information. Operates under TSO in the mainframe environment.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Data Extract System (DESY) – Other government agencies for fraud and abuse and disease management. Appropriate Data Use Agreement (DUA) is required.

DADSS – Data Agreement and Data Shipping – N/A

HCIS/HCISMod (Health Care Information System/Health Care Information System Modernization) – Other government agencies for fraud and abuse. Appropriate Data Use Agreement (DUA) is required.

Incurred But Not Reported (IBNR) N/A

Medicare Actuarial Data System (MADS) – N/A

Monthly Bill and Payment Record Processing (MBPRP) –

CMS staff/contractors

Medicare Provider Analysis and Review (MEDPAR) –

CMS Staff (including contractors)

DESY

DOJ

OIG

NIH

Hospitals And

Researchers.

Consistent With CMS Mission Purposes,

And With Required DUAs.

NCH Processing Reports (NCHPR) – CMS

staff/contractors

NCH Statistical Table System (NCHSTS) – CMS

staff/contractors

NCH Summary (NCHSUM) – CMS staff/contractors

NCH Nearline Update and Maintenance System – CMS

staff/contractors; Federal and State agencies, researchers;

hospitals, OIG, GAO and DOJ

National Medicare Utilization Database (NMUD) – CMS

staff/contractors; Federal and State agencies; researchers;

hospitals, OIG, GAO, DOJ

Integrated Data Repository (IDR)– CMS staff/contractors; Federal and state agencies; researchers; OIG, GAO, DOJ. APS - N/A.

BESS - N/A.

DADSS – Data Agreement and Data Shipping – DADSS data contains no Personal identifiers of any kind. It houses information related to legally binding Data Use Agreements and information used for shipping of data from the Data Center.

HCIS/HCISMod (Health Care Information System/Health Care Information System Modernization) – NCH, NMUD, Enrollement information is maintained in HCIS. This data is used by government agencies to detect fraud and abuse

Incurred But Not Reported (IBNR) – N/A

Medicare Actuarial Data System (MADS) – N/A

Monthly Bill and Payment Record Processing (MBPRP) – N/A

Medicare Provider Analysis and Review (MEDPAR) – NCH, or NMUDD Claim Information, with the included IFF, is used as inputs to the MEDPAR system to create a stay record, a representation of a beneficiary’s stay in an Inpatient Hospital or Skilled Nursing Facility (SNF)

NCH Processing Reports (NCHPR) – N/A

NCH Statistical Table System (NCHSTS) – N/A

NCH Summary (NCHSUM) – N/A

NCH Nearline Update and Maintenance System – N/A

National Medicare Utilization Database (NMUD) – N/A

Integrated Data Repository (IDR)– Claims information for CMS mission requirements

APS - Retired BESS- Medicare Part B data

Data Extract System (DESY) – PAD handles this.

DADSS – Data Agreement and Data Shipping – N/A

HCIS/HCISMod (Health Care Information System/Health Care Information System Modernization) – N/A

Incurred But Not Reported (IBNR) – N/A

Medicare Actuarial Data System (MADS) – N/A

Monthly Bill and Payment Record Processing (MBPRP) – N/A

Medicare Provider Analysis and Review (MEDPAR) – N/A

NCH Processing Reports (NCHPR) – N/A

NCH Statistical Table System (NCHSTS) – N/A

NCH Summary (NCHSUM) – N/A

NCH Nearline Update and Maintenance System – N/A

National Medicare Utilization Database (NMUD) – N/A

Integrated Data Repository (IDR)– N/A

APS- Retired

BESS- N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: DESY-APCSS RUNS THIS SYSTEM IN THE DATA CENTER.

MEDPAR-APCSS RUNS THIS PRODUCTION SYSTEM IN THE DATA CENTER.

IDR is run in the data center.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Payment Quality Review Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-09-01-1010-00

4. Privacy Act System of Records (SOR) Number: 09-70-0534, 09-70-0527, 09-70-0599

5. OMB Information Collection Approval Number: 0937-1012, 0938-0974, 0938-0994

6. Other Identifying Number(s): FID-OFM-253

7. System Name: Payment Quality Review Systems

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lisa Beylis

10. Provide an overview of the system: PPRMS: PPRMS is a Congressionally mandated system that collects and analyzes physician/supplier and carrier claims data from the NCH SUM system in order to produce reports for trends analysis concerning physician access nationally.

PSOR: Tracks Part B overpayment and collections.

PORS: Tacks physician overpayment and collections.

REMAS: In most instances, Medicare is the primary payer for Medicare covered services furnished to Medicare beneficiaries. This means that Medicare’s full authorized payment is made without considering any other insurance available to the Medicare beneficiary. In some instances where other insurance is available to pay for the furnished services and other conditions are satisfied, Medicare payment is secondary to the payment obligation of the other insurance. The applicable statute is 42 U.S.C. 1395y(b) and the applicable regulations are 42 C.F.R411 Subparts B-H. If Medicare makes a mistaken primary payment in such a situation, Medicare pursues recovery of the mistaken primary payment from an appropriate party. Appropriate parties include providers, suppliers, insurers, employers, beneficiaries and other applicable parties. Once identified, the mistaken primary payments are considered debts to the United States and accounted for on that basis in Medicare’s accounting system and financial statements. ReMAS identifies instances where Medicare made a mistaken or conditional primary payment when it should have been the secondary payer. Claims are then identified and put into cases for the applicable debtor.

FID: The Fraud Investigation Database (FID) is a nationwide database directed to the accumulation of instances of potential and actual Medicare fraud and abuse cases, and the tracking of Medicare payment suspensions.

PERM: CMS has contracted with 3 federal contractors to identify error rates within the MEdicaid and SCHIP programs. These systems collect FFR claims, managed care payments, and eligibility information for both programs.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): PPRMS: N/A

PSOR: The PSOR system shares data with the Debt Collection System.

ReMAS: Shares data with Debt Collection System, DOJ, Attorneys, OGC for the purpose of recovering monies due to the Trust Fund.

FID: Shares information with OIG/DHHS, DOJ, FBI, Medicaid PI directors, Medicare fraud control units PURPOSE: To track specific case development and trends in Medicare fraud.

PERM: The 3 PERM contractors only share PERM data among themselves, as each is responsible for a piece of the entire PERM system. No other entity gets this data.

PSOR: This system collects Part B overpayment at collection (i.e., recovery) information. A minimal level of data is collected due to privacy consideration.

REMAS: ReMAS collects identifying information (name, address, etc.) about beneficiaries that should have been covered under another insurance. Claim information for those beneficiaries is also collected so that users of ReMAS can identify whether each specific claim paid by Medicare was a mistaken or conditional payment that needs to be recouped. Identifying information (name, address, etc.) about providers and suppliers is also captured because that information is needed in order to develop a demand letter to the appropriate party.

FID: The agency accumulates information on cases of potential Medicare fee-for-service fraud and on payment suspensions.

PERM: CMS published a SOR for the 3 PERM system on May 16, 2006. The primary purpose of the PERM systems is to collect and maintain individually identifiable claims information in order to calculate payment error rates for the Medicaid and SCHIP programs.

Information on Medicaid and SCHIP beneficiary elegibility from the annual random sample is also connected. Collection of this information has been identified as a "routine use" under the Privacy Act.

PSOR: Information is obtained from post-payment review and is collected from providers. It is conveyed by written demand letter.

REMAS: ReMAS has several electronic interfaces with other systems. Beneficiary data will be collected from the Medicare Beneficiary Database (MBD). Claims data will be collected from National Claims History (NCH) and National Medicare Utilization Database (NMUD) via the Data Extract System (DESY). Provider data will be obtained from the OSCAR, NSC and UPIN systems. Memorandums of Understanding between ReMAS and all other interfacing systems have been established.

FID: The FID information is entered by one of the following two groups: Medicare program safeguard contractors and Medicare Durable Medical Equipment Regional Carrier benefit integrity units. By it’s nature, the subjects of potential fraud investigations are not generally advised that they are under scrutiny. The information itself is information that a Medicare carrier or intermediary would maintain on a provider or supplier that has billed the Medicare program for reimbursement, and includes all available identifying pieces of information given by that provider or supplier on their enrollment application and/or their bill or claim for payment. Information in the FID could also include summary of findings from Medical or other review of submitted and/or paid claims.

PERM: CMS collects only the information necessary to carry out its statutory mandate to estimate the amount of improper payments made in the MEdicaid and SCHIP programs. Per the PERM SOR, CMS will make disclosures from the PERM only with the consent of the subject individual, or his/her legal representative, or in accordance with the applicable exception provision of the Privacy Act. Information in the system is aquired either directly from the states or from Medicaid or SCHIP providers.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: Normal CMS Data Center physical security applies to all systems. Additionally:

PPRMS: Information is secured through RACF.

PSOR: ID and password are required to enter the system.

REMAS: The data in ReMAS will be secured through application security at the user level. Access to specific sets of data has also been set up at the database level.

FID: Users need a valid CMS user id and password to access the system. User ids and passwords are authenticated through CMS

PERM: IDs and Passwords are required to enter the system. Physical security measures and environment protection controls are in place, as well as System Rules of Behavior for contractor staff.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Procurement & Property Management Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2008

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-02-00-01-1150-00

4. Privacy Act System of Records (SOR) Number: 09-70-0515, 09-70-0518, 09-70-0529

5. OMB Information Collection Approval Number: No

6. Other Identifying Number(s): PRISM-OOM-223

7. System Name: Procurement and Property Management Systems

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Brenda Pickering/Rod Bemson/Olen Clybourn

10. Provide an overview of the system: PPSM - The system tracks forms, manuals, publications, and commodities that are stored in the CMS warehouse. It maintains mailing lists, coordinates requests for printing services, distributes publications, and handles customer orders.

MMS - This COTS product is used for the storage and retrieval of publications, manuals, forms, and commodity items that are maintained in the CMS warehouse.

HOPS - The CMS Online Property System is an inventory and control system which tracks capitalized (cost $25,000 or greater), accountable (cost between $5,000 and $24,999), and sensitive (cost less than $5000) in-house and contractor property. HOPS tracks and reports on usage, depreciation, and disposal of this equipment.

PRISM – This COTS system tracks CMS contract and purchase order activity and produces documents and data for the FPDS-NG system.

RMS – The Records Management System (RMS) tracks the physical location of temporary Agency files stored in the Mezzanine level of the Centers for Medicare and Medicaid Services (CMS) Warehouse on a Kardex movable track filing system.

SUFS – The SiteMan Update File System exists to provide a data source for the Aperture space management software used by the OOM Administrative Services Group (ASG).

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): PRISM – The information that is collected is voluntary information which is public information also contained in the federal CCR. This information is contained in the PRISM Vendor File. It included all information contained in SF 179. This data included vendor name, address, phone number TIN, EIN, and DUNS numbers. The agency only used this data in order to mail documents to the vendor and to report to the Federal Procurement Data System. MMS - N/A. PPSM - N/A. HOPS - N/A. RMS - N/A.

HOPS - System information is collected from CMS procurement documents and personal property physical inventory activities. Information is used to track and account for CMS capitalized and accountable assets, and provide detailed records for capitalization depreciation schedules and property location assignments. This information is the minimum necessary to meet legal requirements for the control and management of government assets.

MMS - Information processed includes Inventory Control Number (ICN), warehouse location, customer number, item totals, and item quantities stored and picked.

PPSM – System information is collected from CMS procurement documents and customer order request forms. Information is used to monitor stock levels and locations, trigger stock reorder activities, stock order requests and customer ship-to information. Information processed includes Inventory Control Number (ICN), business customer information, item totals, and item quantities stored and picked.

RMS – Collects accession numbers, a CMS customers’ name-location-phone number-component, brief description of records stored, destroy date, number of boxes associated with each accession of record. The date collected is necessary in order to retrieve/return/dispose of records in storage.

SUFS - The agency will use information collected by the ASG Customer Service Team as part of the Administrative Services Group (ASG) move-order process.

PRISM - The information that is collected is voluntary information which is public information also contained in the federal CCR (Central Contractor Registry. This information is contained in the PRISM Vendor File. It included all information contained in SF 179. This data included vendor name, address, phone number, TIN, EIN, and DUNS numbers. The agency only used this data in order to mail documents to the vendor and to report to the Federal Procurement Data System (FPDS-NG).

PRISM - Vendors can be contacted if necessary by way of generating mailing labels from the PRISM vendor file data. Any change in the use of this data would only be mandated by a change in federal statute or regulation.

SUFS - System does not directly collect IIF from individuals.

PPSM - N/A

HOPS - N/A

MMS - N/A

RMS - N/A

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: SUFS – The SUFS tool is available to a small user base, and IIF is secured using network authentication for tool access and database authentication for data access.

PRISM - The PRISM system is available to a small user base (100 users), and IIF is secured using network authentication for tool access and database authentication for data access.

PPSM - N/A

HOPS - N/A

MMS - N/A

RMS - N/A

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Tony Trenkle

Sign-off Date: Jun 27, 2008

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Provider Enrollment Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-09-01-1110-00 009-38-01-09-01-1115-00 009-38-01-09-01-1010-00 009-38-01-04-01-1110-00

4. Privacy Act System of Records (SOR) Number: 09-70-0532, 09-70-0525, 09-70-0517, 09-70-0008, 09-70-0530, 09-70-0524, 09-70-0534, 09-70-0597

5. OMB Information Collection Approval Number:

PECOS: 0938-0685 (2/28/2004)

UPIN: 0938-0685 (01/01/2007)

MED: OFM 907

6. Other Identifying Number(s):

FMIB OFM-139 (NPPES)

FMIB OFM-246 (PECOS)

500-02-0041 (MED) / Computer matching agreement between CMS and SSA for PECOS: CMA 2001-05

7. System Name: Provider Enrollment Systems

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Lisa Beylis, 410-786-6339

10. Provide an overview of the system: NPPES: This initiative was mandated by the administrative simplification provisions of P.L. 104-191, the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA mandates the adoption of a standard health care provider identifier and its assignment to every health care provider that transacts electronically any of the transactions specified in that law.

MED: MED receives excluded provider data from OIG each month. The data is formatted and verified, and then distributed to all CMS contractors in accordance with sections 1128A & B and 1162(e) of the Social Security Act.

IRIS: IRIS is comprised of both a mainframe subsystem and a mid-tier subsystem called IRISV3. Teaching hospitals use IRISV3 to log the time worked by interns and residents at their hospitals. This data is tied to the hospitals cost report and is used as a determining factor on how much reimbursement the hospitals get in lieu of care given to Medicare and Medicaid patients. CMS collects the data and produces a periodic duplicate report which points out intrastate overlaps in periods worked by an intern or resident between two or more hospitals.

PECOS: The Medicare Federal Health Care Provider/Supplier Enrollment Application (CMS 855A, 855B, 855I, 855R, and 855S) has been designed by the Centers for Medicare and Medicaid Services (CMS) to assist in the administration of the Medicare program and to ensure that the Medicare program is in compliance with all regulatory requirements. The information collected in this application will be stored in the Provider Enrollment, Chain and Ownership System and used to ensure that payments made from the Medicare trust fund are only paid to qualified health care providers, and that the amounts of the payments are correct. The Centers for Medicare and Medicaid Services (CMS) is authorized to collect the information requested on this form by sections 1124(a)(1), 1124A(a)(3), 1128, 1814, 1815, 1833(e), and 1842(r) of the Social Security Act [42 U.S.C. §§ 1320a-3(a)(1), 1320a-7, 1395f, 1395g, 1395(l)(e), and 1395u(r)] and section 31001(1) of the Debt Collection Improvement Act [31 U.S.C. § 7701(c)]. The OMB approval number for this information collection is 0938-0685, and is renewed each time changes are made to the information collected.

PSCAS: HIPAA gave CMS authprity to enter into contracts, consistent with the Federal Acquisition Regulations (FAR) to promote the integrity of the Medicare program. In May 1999, CMS awarded 13 PSC contracts to perform some, or all, of the program safeguard functions, i.e., medical review, benefit integrity, cost report audit, data analysis, MIP provider education. CMS has awarded more than 40 individual task orders under the PSC Unbrella contract. PSCs maintain claims and eligibility data for beneficiaries and providers in their service areas. The data is used for prevention and prosecution of Medicare fraud, waste and abuse.

NPICS: Data is extracted from NRRES and the provider files (PECOS) and compared to determine what Medicare legacy number and NPI should be mapped.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): CMS Staff, Other Federal Agencies, CMS contractors (IRIS)

Health plans as required by regulations, other federal agencies as described by SOR (NPPES)

NPPES will make all data (excluding the SSN and DOB) available in a downloadable file. This follows FOIA requirements. A file with DOB will only be available to those who have an approved DUA with CMS and only when the SSA and name of the provider is supplied and matchezs what is in NPPES.

Carriers, FI’s, States, PSC’s, and Medicare Advantage Players – to identify and refuse payment to excluded providers. (MED)

PSCAS: The system discloses information to DOJ and the OIG for HHS.

NPICS: Verify legacy/NPI pairs.

MED: The only data taken from the OIG file is the data required to uniquely identify the provider in order to exclude the right guy (name, ssn, dob), as well as the pertinent exclusion data.

IRIS: Information is collected on 3½ inch floppy disks which are mailed to IRIS system maintainer. The information is used to create a periodic duplicate report and is released for research purposes. The minimum amount of data is collected to facilitate production of reports.

PECOS: The Medicare Federal Health Care Provider/Supplier Enrollment Application (CMS 855A, 855B, 855I, 855R, and 855S) has been designed by the Centers for Medicare and Medicaid Services (CMS) to assist in the administration of the Medicare program and to ensure that the Medicare program is in compliance with all regulatory requirements. The information collected in this application will be used to ensure that payments made from the Medicare trust fund are only paid to qualified health care providers, and that the amounts of the payments are correct. This information will also identify whether the provider is qualified to render health care services and/or furnish supplies to Medicare beneficiaries. To accomplish this, Medicare must know basic identifying and qualifying information about the health care provider that is seeking billing privileges in the Medicare program. Medicare needs to know: (1) the type of health care provider enrolling, (2) what qualifies this provider as a health care related provider of services and/or supplies, (3) where this provider intends to render these services and/or furnish supplies, and (4) those persons or entities with an ownership interest, or managerial control, as defined in this application, over the provider.

PSCAS: The system will maintain and disseminate Medicare claims history and MEdicare Provider characteristics to DOJ and OIG for the purposes of detecting, preventing, prosecuting Medicare fraud, waste and abuse.

NPICS: Data is extracted from NPPES and PECOS, NSC and NCPDP and compared tp determine what Medicare legacy number and NPI should be mapped.

MED: All our data and information comes from OIG. They provide us with a file, and Team MED pulls of the data we require to identify an excluded provider.

IRIS: The information is obtained from Fiscal Intermediaries on 3 ½ inch floppy disks who in turn receive the information from teaching hospitals.

PECOS: The information will be collected from all health care providers and suppliers who render services or supplies to Medicare beneficiaries and bill the Medicare program for those services and supplies. This information will be collected via the completion of the CMS 855, Provider/Suppler Enrollment Application. All of this information is conveyed to the providers of the information in writing directly on the CMS 855 and in the certification signature page of the form.

PSCAS: Individuals whose IIF is in the system when major changes occur to the system are notified through publication in the Federal Records of an update to the SOR for Medicare data.

NPICS: Consent of individuals regarding IIF this system collects is obtained through the intitial Medicare beneficiary agreement that is part of the application for Medicare benefits.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: NPPES: Users can get to their NPPES information via a valid user id and password. See the NPPES SSP for more information on system security.

MED: The data is housed on the CMS mainframe, and is subject to standard CMS Data Center security policy.

PECOS: Users need a valid CMS user id and password to access the system. User ids and passwords are authenticated through CMS.

PSCAS: Federal Information Security Management Act requirements are implemented for this system including risk assessments, contingency plans, system security plans, and a self assessment.

NPICS: The data is housed on the CMS mid-tier, and is subject to standard CMS Data Center security policy.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Q-Net (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-06-01-1030-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: 0938-0581 12/2007

6. Other Identifying Number(s): N/A

7. System Name: Q-Net

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dennis Stricker

10. Provide an overview of the system: QualityNet (QNet) is a General Support System (GSS). CMS maintains the QNet network infrastructure, a network environment that uses shared database servers and WAN/LAN resources to monitor and improve utilization and quality of care for Medicare and Medicaid beneficiaries. The program consists of the CMS Data Center Complex 1 located at the CMS central offices in Baltimore, MD; the alternate data center, known as Complex 2, located at the Iowa Foundation for Medical Care (IFMC) in Des Moines, IA; the Internet Complex, also known as Complex 3, located at Buccaneer Computer Systems & Services, Inc. (BCSSI) in Warrenton, VA; a national network of 53 Quality Improvement Organization (QIO) sites responsible for each US state, territory, and the District of Columbia; 1 Clinical Data Abstraction Center (CDAC); 18 End Stage Renal Disease (ESRD) networks; and the two BCSSI and IFMC Contractor support locations.

This legislation is under the Social Security Act, Title XVIII, Section 1864: “93.777 State Survey and Certification of Health Care Providers and Suppliers”

This legislation is under Title XI of the Social Security Act, Part B, as amended by the Peer Review Improvement Act of 1982.

This legislation is under Title XI--General Provisions, Peer Review, and Administrative Simplification

The Balanced Budget Act of 1997 created section 1932 (c)(2) of the Act, which would replace section 1902 (a)(30)(C) with a new requirement for annual, external quality review (EQR) of Medicaid MCOs.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The Quality Improvement System for Managed Care (QISMC) standards and guidelines are key tools for use by CMS and States in implementing the quality assurance provisions of the Balanced Budget Act of 1997 (BBA), as amended by the Balanced Budget Refinement Act of 1999. The QISMC standards and guidelines are intended to achieve four major goals:

· To clarify the responsibilities of CMS and the States in promoting quality as value-based purchasers of services for vulnerable populations.

· To promote opportunities for partnership among CMS and the States and other public and private entities involved in quality improvement efforts.

· To develop a coordinated Medicare and Medicaid quality oversight system that would reduce duplicate or conflicting efforts, and send a uniform message on quality to organizations and consumers.

· To make the most effective use of available quality measurement and improvement tools, while allowing sufficient flexibility to incorporate new developments in the rapidly advancing state of the art.

For further detailed information, please refer to the following Health Care Quality Improvement Systems (HCQIS) PIA’s:

Consolidated Renal Operations in a Web-Enabled Environment (CROWN)

Quality Improvement Evaluation System (QIES)

Standard Data Processing System (SDPS)

· Standard Data Processing System (SDPS)

· Consolidated Renal Operations in a Web-Enabled Environment (CROWN)

· Quality Improvement Evaluation System (QIES)

The QNet WAN/LAN infrastructure supports the following CMS organizational business processes and data collection requirements:

· The capability for collection and management of clinical, survey, and project data from Medicare and Medicaid providers.

· The management and analysis of that clinical, survey, and project data with various SDPS programs by the Quality Improvement Organization (QIO).

· The collection of data by ESRD Network Organizations to administer the national Medicare ESRD program.

· The collection of provider and beneficiary-specific outcomes of care and performance data using QIES across a multitude of delivery sites (such as nursing homes and Rehabilitation and Long Term Care Hospitals, etc.) for use to improve the quality and cost effectiveness of services provided by the Medicare and Medicaid programs.

· The management and provision of Medicare and Medicaid information to providers that include but are not limited to Hospitals, physician or family practice clinics, dialysis clinics, Skilled Nursing Facilities, Home Health Agencies, and various specialized clinics.

For further detailed information, please refer to the following Health Care Quality Improvement Systems (HCQIS) PIA’s:

Consolidated Renal Operations in a Web-Enabled Environment (CROWN)

Quality Improvement Evaluation System (QIES)

Standard Data Processing System (SDPS)

Consolidated Renal Operations in a Web-Enabled Environment (CROWN)

Quality Improvement Evaluation System (QIES)

Standard Data Processing System (SDPS)

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: For further detailed information, please refer to the following Health Care Quality Improvement Systems (HCQIS) Privacy Impact Assessments:

Consolidated Renal Operations in a Web-Enabled Environment (CROWN)

Quality Improvement Evaluation System (QIES)

Standard Data Processing System (SDPS)

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Retiree Drug System (RDS) (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-04-01-1200-00

4. Privacy Act System of Records (SOR) Number: 09-70-0550

5. OMB Information Collection Approval Number: 0938-0957/0938-0977

6. Other Identifying Number(s): FMIB # 6547

7. System Name: Retiree Drug Subsidy System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Dave Gardner

10. Provide an overview of the system: The RDS system is designed to provide information, enrollment, payment, and customer service for Plan Sponsors enrolled in the RDS Program. It is also designed to allow CMS to manage and track expenditures to Plan Sponsors as well as Plan eligibility and compliance.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): RDS shares IIF with Federal Law Enforcement Agencies and with CMS information systems such as the MBD to verify retirees' ability to be claimed by an Employer Plan Sponsor as a qualifying covered retiree under the RDS program.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The data is maintained in the Data Zone of the RDS System and LDAP and other User Controls established to maintain control.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / WAN Services MDCN (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2007

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-02-00-01-1150-00

4. Privacy Act System of Records (SOR) Number: N/A

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: WAN Services/MDCN

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Charlene Fletcher

10. Provide an overview of the system: This GSS provides compute platforms, telecommunications, electronic storage information and operations support services for the collection, maintenance, and access of data and information to support the business functions of CMS.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: No

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: No

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): No

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: No

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The CMS WAN Services/MDN provides telecommunications infrastructure for use by other CMS business application Website functions, but does not directly provide a data or information content Website.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Abby Block

Sign-off Date: Jun 29, 2007

Date Published: Jun 30, 2008

06.3 HHS PIA Summary for Posting (Form) / Administrative Finance Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2008

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-04-01-1090-00 009-38-01-01-01-1020-00

4. Privacy Act System of Records (SOR) Number: 09-90-0024

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Administrative Finance System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Antoinette Miller

10. Provide an overview of the system: ATARS: Tracks the progress of an OIG or GAO audit through CMS clearance process, then monitor the monies collected, saved, or written off.

BAAADS: Provides the OFM/FSG administrative budget staff the capability to disperse funding to CMS components. Funding is allocated at the appropriate level and components are notified of their funded amount via an advice of allotment/allowance. BAAADS is interfaced with FACS to provide for funding input and modifications.

BUCS: Agency-wide budget execution system used by Executive Officers and their staff to manage and track administrative funds.

DCS: Allows CMS employees and Medicare contractors to enter, update, and transmit delinquentdebt for the purpose of collecting debt through Treasury offset and cross servicing.

FACS: Accounting, general ledger, and payment functions.

HTS: Allows CMS employees to enter, submit, and approve travel documents for the purpose of receiving reimbursement of travel expenses.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): ATARS: N/A

BAAADS: N/A

BUCS: N/A

DCS: Delinquent receivables sent to HHS/PSC's Debt Management & Collection System. PSC sends data to Treasury for cross servicing and the Treasury Offset Program.

FACS: Delinquent receivables sent to HHS/PSC’s Debt Referral System (DMCS). PSC sends data to Treasury Offset Program (TOPS). Payment files sent to Treasury. 1099-Misc. files sent to IRS. Budget data extracted from a FACS report file by the BUCS.

HTS: N/A

BAAADS: The information CMS collects is from the Office of Management and Budget based on the Congressional appropriation. It does not contain IIF.

BUCS: CMS Administrative budget data is collected and maintained in BUCS. Funding records contain CMS accounting information including Allowance Number and Common Account Number, Administrative organization codes and funding data. Spending records are detailed budget transactions and contain name, transaction description, dates, spending amounts, object class, CAN and budget identifying codes. Information contains IIF, and submission is mandatory.

DCS: Information associated with principal and interest and individual debtors whether they are individual or corporations. Information contains IIF, and submission is mandatory.

FACS: The IIF contained in the FACS includes vendor and employee EINs/TINs, names, addresses, and banking information. Submission of this information is mandatory, as it is required to make payments to vendors and individuals. Information on taxable payments is sent to the Internal Revenue Service. Additionally, this information must also be tracked for receivables, as this information will be used when referring delinquent debts to the Treasury for collection.

HTS: Information associated with an employee and travel expenses are collected. The information contains IIF, and it was mandatory for employees to receive reimbursement of valid travel expenses.

BAAADS: NO

BUCS: The SSN is only used to systematically retrieve a name on a transaction. When a name is added to a transaction, it is selected from a transaction drop down list that only displays the name of CMS Employees from a reference table. The reference table is maintained by the BUCS technical administrator and is not available to BUCS users.

DCS: The IIF information is supplied by individuals and corporations.

FACS: IIF is obtained from vendors and employees, who are instructed that this information is required in order to receive payment from the CMS. This is conveyed to them through contract and/or appropriate CMS notification (when they are being reimbursed for travel). Vendors can not sign their contract, and employees can not be reimbursed for travel if they do not want to provide this information to the CMS.

HTS: The IIF information is supplied by the personnel file.

32. Does the system host a website?: No

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: ATARS:No

BAAADS: No

BUCS: The data is secured by Oracle database security rules and constraints. User authority is granted via the establishment of user ids and database authorities. In addition, BUCS maintains and controls application security by the establishment of user profiles and specific table access authority.

DCS: The data is secured by DB2 database security rules and constraints. User authority is established via a userid/password.

FACS: IIF is secured through CMS data center policy, as well as the secure CMS facility. Additionally, user-level security includes RACF security, user classes within the FACS, security groups limiting access based on dataset high-qualifiers and usage requirements, and screen-level security.

HTS: The data is secured by Oracle database security rules and constraints. User authority is established via a userid/password.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Tony Trenkle

Sign-off Date: Jun 29, 2008

Date Published: September 8, 2008

06.3 HHS PIA Summary for Posting (Form) / CMS IT Infrastructure IS (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2008

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-04-01-1160-00 009-38-01-09-01-1120-00 009-38-02-00-01-1150-00

4. Privacy Act System of Records (SOR) Number: 09-70-0538

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: CMS IT Infrastructure

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Ed Gray

10. Provide an overview of the system: As a part of the Medicare Modernization Initiative, CMS is changing the way that is does its Medicare claims business. The Medicare Administrative Contracts are being awarded to migrate the traditional fee-for-service Title XVIII contracts over to Federal Acquisition Regulation contracts. Additionally, CMS is taking ownership of the data processing portion of this business its award of the Enterprise Data Center (EDC) contract in March 10, 2006. This contract will migrate the workloads and MEdicare Claims processing systems that are currently running at 14 Medicare data centers in different physical locations to one of the three EDC contractors, (CDS' Cloumbia SC Data Center, EDS' Tulsa Chrokee Data Center and IBM's Southbury Data Center.)

Additionally, this site now supports CMS' web hosting application, (e.g., Medicare.gov, cms.hhs.gov. and HPMS). This GSS does not directly collect, maintain, or disseminate information. It provides platform support infrastructure for other CMS MA's to performm their function.

Part A Shared System: Hospital insurance claims process through the Fiscal Intermediaries Shared System, which performs claims processing and benefit payment functions for institutional providers under Parts A and B of the program.

Part B Shared System: The PArt B Shared System supports the processing of Medicare Part B claims, Medicare Part B is supplemental medical insurance, which covers physician services and other outpatient services. The Shared System for Part B Medicare in the Multi Carrier System. Medicare Part B claims processing contractors are known as Carriers, and include the Railroad Retirement Board. They process physician and supplier claims provided under MEdicare Part B coverage.

Durable Medicare Equipment Regional Contractor Shared Syste: CMS has designated four carriers to have exclusive responsibility for handling Medicare Part B claims, for Durable Medicare Equipment Prosthetics, Orthotics, and Supplies claims in specific geographic regions of the United States. They are commonly referred to as the DMERCs. The selected DMERCs currently use the VMS DME Shared system to process DMEPOS claims. This GSS provides compute platforms, telecommunications, electronic storage infrastructure, and operations support services for the collection, maintenance, and access of data and information to support the business functions of CMS.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): The agency may share the collected information with a variety of Federal, state, local and tribal government audiences and professional audiences, including the medical community. This includes, Providers, Ambulance Services, Medigap Companies/Supplemental Insurers, Clinical Labs, CMS contractors, DME Suppliers, Health Plans, Hospitals, Home Health Agencies, Physicians, Potential Contractors, Researchers, Skilled Nursing Facilities, and Suppliers.

31. Please describe in detail any processes in place to: (1) notify and obtain consent from the individuals whose IIF is in the system when major changes occur to the system (e.g., disclosure and/or data uses have changed since the notice at the time of the original collection); and (2) notify and obtain consent from individuals regarding what IIF is being collected from them and how the information will be used or shared: Information is collected from two CMS forms, the 1450 and 1500. All Medicare Claims Processing Contractors are called 'satellites' under CWF. Satellites access the HOST CWF databases to obtain needed beneficiary information. Satellites submit claims to the CWF Host for prepayment review and approval. Medicare beneficiaries are provided healthcare services where their personal information is collected and required for payment and reimbursement purposes. Beneficiaries receive HIPAA disclosure information by providers and Medicare directly. A complaint process is in place for individuals to raise their privacy concers.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Tony Trenkle

Sign-off Date: Jun 27, 2008

Date Published: September 8, 2008

06.3 HHS PIA Summary for Posting (Form) / Customer Service Systems (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: No

If this is an existing PIA, please provide a reason for revision: PIA Validation

1. Date of this Submission: Jun 27, 2008

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-09-01-1020-00 009-38-01-04-01-1060-00

4. Privacy Act System of Records (SOR) Number: 09-70-0535, 09-70-0500, 09-70-0540, 09-70-0513, 09-70-0542, 09-70-0544

5. OMB Information Collection Approval Number: N/A

6. Other Identifying Number(s): N/A

7. System Name: Customer Service System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: 1. Ketan Patel, 2. Greg Overland, 3. Dave Nelson, 4. Dave Nelson, 5. Dave Nelson, 6. Dave Nelson

10. Provide an overview of the system: 1. The applications that comprise CMS' Customer Service System-

Medicare.gov Website enable the Agency to educate the public, specifically Medicare beneficiaries, on the Medicare program. Originally launched in 1998, Medicare.gov allows consumers to compare health plans, nursing home, home health agenciec, prescription drug coverage, and participating physicians.

2. cms.hhs.gov is the official public Agency website of the Centers for Medicare & Medicaid Services, accessible at www.cms.hhs.gov. The cms.hhs.gov website was launched on September 13, 2001. This site was a replacement for the Agency’s prior website, www.hcfa.gov. The Health Care Financing Administration launched the hcfa.gov website in 1995. While the cms.hhs.gov contained much of the same content as hcfa.gov, it did feature a new design and organization scheme.

3. Provide Accurate and up-to-date information regarding the operations of the various Beneficiary Contact Center (BCC) systems to provide CMS with the ability to make data-based decisions regarding the BCC operations and planning.

4. The BCC serves citizens nationwide by accepting and responding to inquiries relating to Medicare and Medicaid benefits and other related services through CMS. Support services provided include: Responding to telephone inquiries using scripted and plain language, escalating calls as needed; Answering e-mail and written correspondence; Maintaining and delivering a training program,; Fulfilling static and print-pn-demand publication requests; Installing and maintaining telecommunications networks and network-based applications; Employing Intelligent Call Routing (ICR) for call delivery.

5. The MBP provides Medicare beneficiaries with a browser-based graphical user interface to retrieve relevant beneficiary information.

6. The NGD and Medicare.gov is a customer relationship management (CRM) system implemented with Siebel technology (a commercial-off-the-shelf product). The Customer Service Representative desktop was developed to handle inquiries for the 1-800-Medicare Helpline and Medicare Intermediary Cotractors (Med A, Med B, and DMERC). The design of NGD is designed to support the VCS initiatives of OBIS.

13. Indicate if the system is new or an existing one being modified: Existing

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): 1. Shared with print vendors to mail publications. Also shared with 1-800-Medicare CSR to assist beneficiaries with personalized drug plan information. Information is also shared with online enrollment center to assist beneficiaries with personalized drug plan information. Information is also shared with online enrollment center. 2. The system shares or discloses IIF with the CMS employee conference coordinator in order to register the attendee for the conference and also discloses IIF with the business owners for Creditable Coverage Form. Information is shared with the appropriate staff within the agency. Subject matter experts are asked to respond to inquireied in their field of knowledge. 3. Authorized and Authenticated NDW users with appropriate permissions are able to generate reports that may include IIF. 4. Vangent shares IIF with CMS and subcontractors to perform duties defined under the Business Associate Agreement. 5. Beneficiaries for the purpose of providing self service and with call center customer service agents to assist the beneficiaries with inquiries. 6. Beneficiaries for the purpose of providing self service and with call center customer service agents to assist beneficiaries with inquiries.

2. Data is collected to: improve the Agency’s website; allow visitors to ask specific questions of Agency staff; and support conference registration for outreach and educational purposes. The only data element explicitly requested is an email address. This is a voluntary submission. These feedback requests are triaged automatically to the appropriate business component for response. Additionally, we have an onle conference registration system available. This system captures contact information from registrants, including name, business, address, phone, fax and email. This information submission is voluntary and is automatically sent to the conference coordinator and removed from the website after 60 days.

3. As part of the contact with beneficiaries, pertinent information about the contact such as HICN, name, address, city, state, zip, and DOB are collected for generating statistics on activity. PII is populated based on demographic information in the Medicare Beneficiary Database.

4. The information collected, maintained, or disseminated contains IIF. Submission is voluntary. Information includes Privacy Act data elements which are used to access and provide information being requested by Medicare beneficiaries.

5. The MBP will collect Beneficiary Login information (Medicare number and Password) for identification and authentication purposes. For registration, the MBP will collect the user's Medicare Number, Last Name, DOB, Gender and Zip Code for identification. A user cannot register without providing this information. Once registered, the user can access the application via their username and password.

6. The NGD collects and stores information about Medicare beneficiaries. Access to beneficiary Medicare information requires callers to submit identifying information. The Health Insurance Claim Number is utilized as required to identify information about the beneficiary and validated with additional IIF information such as Beneficiary Name, address, date of birth, etc.

2. None in place

3. None in place

4. None in Place

5. None in place

6. The users of the NGD are required to use HIPAA compliant disclosure procedures before disclosing any IIF information about a Medicare beneficiary. The NGD tracks disclosure activities of the customer service representative. The NGD will provide Medicare related general, eligibility and claim information to the Medicare beneficiaries in the form of phone calls and written requests.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: 1. All IIF is secured behind user Ids and passwords. IIF collected through the website is not publicly accessible. In addition, the publications ordering application, which collects more IIF than the user feedback, is secured by SSL encryption. Physical access controls are provided by EDS and EDC, Tulsa, OK.

2. All IIF is secured behind user IDs and passwords. IIF collected through the website is not publicly accessible.

3. Data is protected through layers of security such as logical password controls, firewall and data network access controls, and physical access controls over the servers.

4. Vangent has internal controls to protect the confidentiality, integrity, and availability of IIF using existing administrative, technical and physical controls including Standard Operating Procedures for Business Continuity and Disaster Recovery; Environmental Safeguards; Operating system/application/network level logging, physical and logical identification and authentication. Intrusion Prevention Systems; Firewalls; Virtual Private Networks; Guards and CCTV.

5. The MBP system is designed to secure information while in transit on the network. When user information is in transit, the MBP system uses SSL and Siebel Internet Session Protocol to provide data confidentiality.

6. The NGD system secures IIF by implementing and mutli-tiered architecture using multiple types and layers of firewall and intrusion detection technology. The Siebel infrastructure allows for strict role mased use access control that restricts access on both. Physical controls include ID badges, Key Cards, Cipher Locks, and CCTV.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Tony Trenkle

Sign-off Date: Jun 29, 2008

Date Published: September 8, 2008

06.3 HHS PIA Summary for Posting (Form) / Electronic Health Record System (Item)

PIA SUMMARY AND APPROVAL COMBINED

1	PIA Summary

Is this a new PIA 2008?: Yes

If this is an existing PIA, please provide a reason for revision:

1. Date of this Submission: Jun 27, 2008

2. OPDIV Name: CMS

3. Unique Project Identifier (UPI) Number: 009-38-01-99-02-1126-00

4. Privacy Act System of Records (SOR) Number: 09-70-0501, 09-70-0502, 09-70-0503

5. OMB Information Collection Approval Number: NA

6. Other Identifying Number(s): NA

7. System Name: Electronic Health Record System

9. System Point of Contact (POC). The System POC is the person to whom questions about the system and the responses to this PIA may be addressed: Tony Trenkle

10. Provide an overview of the system: Palmetto GBA will provide, extract and stage the Medicare claims data, subcontracting with Companion Data Services to provide secure data center services. The initial pre-population source of the claims data will be from the Palmetto GBA Statistical Analysis Data Warehouse (SADWH) for multiple claims types. This includes Part A, Durable Medicare Equipment, Part B and beneficiary enrollment and provider/supplier data. The system will be populated with 24 months of data for Part A, Part B, and DME. This will be extracted from SADWH, formatted to Health Trio's Personal Health Record (PHR) specifications, and loaded to the PHR database. Thereafter, PHR database updates will be performed each business day through a lookup of the participating HIC numbers in the paid claims file. A 24 month rolling history of claims data will be maintained in the PHR. All equipment and operations are conducted within the Companion Data Services data center.

Claims data will be sent to the Health Trio Application Server in Denver via a VPN connection with Palmetto/Companion Data Services

13. Indicate if the system is new or an existing one being modified: New

17. Does/Will the system collect, maintain (store), disseminate and/or pass through IIF within any database(s), record(s), file(s) or website(s) hosted by this system?: Yes

Note: If no IIF is contained in the system, please answer questions 21, 23, 30, 31, 37, 50 and 54, then promote the PIA to the Sr. Privacy Official who will authorize the PIA.

If this system contains IIF, all remaining questions on the PIA Form Tabs must be completed prior to signature and promotion.

21. Is the system subject to the Privacy Act?: Yes

23. If the system shares or discloses IIF please specify with whom and for what purpose(s): Claims and eligibility information will be shared with CMS' PHR contractor. The contractor will provide Medicare their fee-for-service claims and eligibility information. The information will be used by the beneficiary to manage their personal health care. Additionally, the purpose of the project is to evaluate methods for educating and outreaching to beneficiaries about PHRs and their benefits and the level of services offered to beneficiaries.

Procedured and/or Surgeries (pre-populated): associated diagnoses, procedure dates;

Office Visits (pre-populated): diagnoses;

Emergency contact information: name, relationship, phone number;

Medications (pre-populated): prescriptions, over-the-counter medications, vitamins, supplements;

Allergies: to medications, animals, insects and other substances;

Laboratory Tests (pre-populated if possible);

Provider information (pre-populated if possible): name, phone number and specialty.

32. Does the system host a website?: Yes

37. Does the website have any information or pages directed at children under the age of thirteen?: No

50. Are there policies or guidelines in place with regard to the retention and destruction of IIF?: Yes

54. Briefly describe in detail how the IIF will be secured on the system using administrative, technical, and physical controls.: The contractor and its business associates shall meet the requirements of the CMS Information Security Program. The policies, standards, and procedures that govern the pilot must conform to the CMS Information Security Program and have a two-fold purpose: (1) to enable CMS' business process to function in an environment with adequate security protections, and (2) to meet the security requirements of federal laws, regulations, and directives, including the Privacy Act of 1974 (as amended), HIPAA, and FISMA, as well as various rules, regulations, policies, and guidance developed by DHHS, OMB, Homeland Security and NIST.

PIA Reviewer Approval: Promote

Comments:

PIA Reviewer Name: William Saunders

Sr. Official for Privacy Approval: Promote

Comments:

Sr. Official for Privacy Name: Tony Trenkle

Sign-off Date: Jun 27, 2008

Date Published: September 8, 2008