SOCIAL SECURITY ADMINISTRATION

PRIVACY IMPACT ASSESSMENT

 

·         Name of project.

Quality Assurance System

·         Unique project identifier.

016-00-SSA/FAM-G-012

·         Privacy Impact Assessment Contact.

      Deputy Associate Commissioner
      Office of Quality Data Management
      Office of Quality Performance
      Social Security Administration
      6401 Security Boulevard
      Baltimore, MD 21235

·         Describe the information to be collected, why the information is being collected, the intended use of the information and with whom the information will be shared.

The Social Security Administration’s (SSA) Quality Assurance (QA) System is a certified and accredited General Support System consisting of several sub-systems that support the business processes of the quality review of the claims decisions under the Title II (Retirement, Survivors, Disability Insurance) and the Title XVI (Supplemental Security Income) programs of the Social Security Act.  The QA System quality reviews include sampled disability determinations and non-disability factors relating to the claims decision process.  The QA System was formerly known as the Disability Case Adjudication and Review System (DICARS), which is now a sub-system of the QA System.  The QA System’s major subsystems, DICARS and the Electronic Quality Assurance (eQA) System, perform the quality review functions. 

DICARS performs the disability quality reviews.  When a Disability Determination Service clears a disability case and it is processed by the National Disability Determination Service System (NDDSS), it is subject to Federal sampling.  A case may be selected for Federal review in the QA, Pre-effectuation, or any one of a number of special study samples.  If a case is sampled by the NDDSS, it passes clearance information electronically to DICARS which is used by reviewers and analysts in the Office of Quality Control.

The eQA System, sometimes referred to as the Modernized Quality Assurance application, handles the non-disability quality review.  The eQA System pulls data regarding specific “sampled” claims from the Master Beneficiary Record and Supplemental Security Record databases, Claims Processing Management System, and Title XVIII (Health Insurance) databases to provide the following major functions of the quality review process:  study definition; sample selection; creation of findings forms; reviewer completion of findings data; simple reports; and analytical reporting from the reporting database. 

Information from both of the QA System’s sub-systems is integrated with Electronic Disability Folder processing, receiving downloaded data, and uploading both claims data and images to the Electronic Folder. 

The information used by the QA System is collected and maintained for purposes related to other business processes.  We generally disclose the information under those other processes only as necessary to process an individual’s claim for benefits, ensure the proper payment of benefits, or as authorized by Federal law.  The QA System is not accessible to members of the public.  

·         Describe the administrative and technological controls that are in place or that are planned to secure the information being collected.

The QA System has undergone authentication and security risk analyses.  The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems.  These include technical, management, and operational controls that permit access to those users who have an official “need to know.”  Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.

We protect the information in the QA System by requiring employees who are authorized to access the information system to use a unique Personal Identification Number.  In addition, we store the computerized records in secure areas that are accessible to those employees who require the information to perform their official duties.  Furthermore, all of our employees who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.

·         Describe the impact on individuals’ privacy rights.

Are individuals afforded an opportunity to decline to provide information? 

We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act.  When we collect personal information from individuals, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information.  The individuals can then make informed decisions as to whether or not they should provide the information.

Are individuals afforded an opportunity to consent to only particular uses of the information?

When we collect information from individuals, we advise them of the purposes for which we will use the information.  We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so

(e.g., the Privacy Act). 

·         Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?

No.  Existing systems of records, Quality Review System (60-0040), Quality Review Case Files (60-0042), and Quality Evaluation Data Records (60-0057) cover the QA System, and they do not require any changes.

 

PIA CONDUCTED BY PRIVACY OFFICER, SSA:

Privacy Officer Willie J Polk Signature

______________________________                     September 25, 2007

SIGNATURE                                                          DATE

PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:

   /S/    Thomas W. Crawley________                       September 28, 2007

SIGNATURE                                                             DATE


Privacy Policy