EXECUTIVE SUMMARY REPORT
INTRODUCTION TO THE PIA
This privacy impact report seeks to identify the essential components of
the Automated Support Package (ASP) to ensure that personally identifiable
information (PII) is protected by security procedures and controls commensurate
with the sensitivity of the information. Additional information is contained in
the System Security Plan, section entitled General Description/Purpose, for
this system.
Purpose
In addition, this PIA will assist with identifying the nature of
personally identifiable information associated with the business process,
validate "Rules of Behavior" for managing the collection, use, disclosure and
destruction of personally identifiable information and provide management with
a tool to make informed policy, operations and system design decisions, based
on an understanding of privacy risk and of the options available for mitigating
that risk.
Scope
The Automated Support Package is used in the Employment Standards
Administration, Office of Workers' Compensation Programs, and Division of Coal
Mine Workers' Compensation located in Washington, D.C.
The ASP contains five subsystems: Claimant and Payment Subsystem,
Medical Bill Processing Subsystem, Black Lung Accounting Subsystem, Management
Information Subsystem, and Interagency Data Exchange Subsystem.
DCMWC comprises the National Office and nine (9) District Offices. The
District Offices are in Charleston, WV, Columbus, OH, Greensburg, PA,
Johnstown, PA, Denver, CO, Mt Sterling, KY, Parkersburg, WV and Wilkes-Barre,
PA.
The ASP is the only major application that DCMWC uses to support its
core business processes in administering the agency's business operations and
the delivery of critical services in-house and to the public that the agency
serves.
Approach
The Office of Worker's Compensation Programs (OWCP) consulted with the
Office of Management, Administration, and Planning's Division of Information
Technology Management and Services to gain an understanding of the business and
legislative drivers for conducting a Privacy Impact Assessment (PIA). Based on
our understanding that the conduct of a PIA is a shared management
responsibility, we performed a high-level review of the assessment questions to
determine the level of skill sets required to:
- Ensure that privacy protection is a core consideration in the initial
framing of program or service objectives;
- Ensure that accountability for privacy issues is clearly incorporated
into the duties of program managers and technical specialists; and
- Promote an awareness of sound privacy practices associated with
program and service delivery.
Results Summary
Based on the Privacy Impact Assessment Questionnaire, DCMWC has not
discovered any discrepancies.
|
