Energy Case Management System (ECMS) 2010
In accordance with Department of Labor (DOL) guidelines the Office of Worker’ Compensation Programs (OWCP)’s Division of Energy Employees Occupational Illness Compensation (DEEOIC) conducted a Privacy Impact Assessment (PIA) on the Energy Case Management System (ECMS).
ECMS is a major application that provides a case management system to support DEEOIC core business functions in administering the Energy Employees Occupational Illness Compensation Act of 2000.
OWCP in conjunction with the Office of the Chief Information Officer (OCIO) has determined that ECMS processes privacy information. As such, this document has been prepared to describe the information collected by ECMS; what it is used for; who has access to the information; how the information can be corrected; and in general terms how the information is secured.
ECMS resides on the DITMS General Support System (GSS), which is primarily a distributed client-server open architecture made up of various components shared by all programs within OWCP.
The Energy Employees Occupational Illness Compensation Program (EEOICP) is a benefits program that provides employees of the Department of Energy (DOE), contractors and subcontractors with lump sum compensation, medical, impairment and wage loss benefits for illnesses due to their exposure to radiation, beryllium, silica, uranium or other toxic substances at covered facilities. Eligible survivors of the qualified employees may also be entitled to lump-sum and wage loss payments.
DOL, in compliance with federal privacy laws, regulations, and directives, is responsible for ensuring PII that in-house agencies collect, store, and transmit is properly protected.
The scope of the PIA focuses on assessing the privacy of information DEEOIC collects and tracks on ECMS.
Characterization of the Information
The following questions are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, or technology being developed.
Specify whether the system collects personally identifiable information (PII) on DOL employees, other federal employees, contractors, members of the public (U.S. citizens), foreign citizens, or minor children.
ECMS collects information on individuals or their survivors who claim benefits under the Energy Employees Occupational Illness Compensation Program Act (EEOICPA). These individuals include, but are not limited to, federal employees or survivors of federal employees; employees or survivors of employees of the Department of Energy, its predecessor agencies, and their contractors and subcontractors; and members of the armed forces.
In addition to these individuals the system contains records of medical providers, attorneys representing claimants, nurses, and other health care professionals who provide information in support of compensation claims.
- What are the sources of the PII in the information system?
- Forms submitted either by the individual claimant or their employer/agency. A list of the forms can be found at the following link:
- Reports by the employee and/or the U.S. Department of Energy
- Employment records
- Exposure records
- Safety records or other incident reports
- Dose reconstruction records
- Workers' or family members contemporaneous diaries, journals, or other notes
- Forms authorizing medical care and treatment
- Other medical records and reports
- Bills and other payment records
- Compensation payment records
- Formal orders for or against the payment of benefits
- Transcripts of hearings conducted
- Any other medical, employment, or personal information submitted or gathered in connection with the claim.
- Communication between attorneys' representing claimants and the agency.
- Other records of communication including notes on phone calls, letters, etc
PII is provided to the agency in a variety of ways including:
- What is the PII being collected, used, disseminated, or maintained?
- First and/or last name
- Date of birth
- Residential address
- Personal phone numbers (e.g., phone, fax, cell)
- Mailing address (e.g., P.O. Box)
- Medical information including physician's notes
- Medical record number
- Financial Account Information and/or Numbers
- Employment History
- Compensation Payment Data
- Coordination of Benefits/Offset data
- Survivor Eligibility Data, (e.g., relationship marriage, divorce, death)
- Notes on debt collection/litigation issues
- EEOICPA entitlement status
- How is the PII collected?
- Fact of Illness/Medical Evidence
- Fact Covered Employment
PII is collected via paper forms and input into the system.
The process is initiated with the receipt of a claim. The claim is reviewed to determine if it is covered under Part B or Part E of the EEOIC Act. The requirements for eligibility are:
A Claims Examiner (CE) reviews all the information submitted with the claim, however he/she may need and obtain additional information to support the claim. The District Office Senior CE issues a recommended decision. All recommended decisions are reviewed and finalized by the Final Adjudication Branch (FAB). If the claim is accepted, it is determined if the claimant will receive lump-sum payments or medical benefit payments.
The claimant may accept the recommended decision by waiving their rights to review, or may dispute the decision by requesting a review of written record or an oral hearing before the FAB.
When a Final Decision has been made, the claimant is required to complete an acceptance of payment form and has the option to receive payments electronically transferred using the Electronic Funds Transfer (EFT) system or by paper check.
- How will the information be checked for accuracy?
A claimant submits a claim for benefits and an employment history forms to the District Office, Regional Resource Center (RRC) or the EEOIC web site. Forms that are received at the RRC will be sent to the District Office. After identifying the applicable part of the act, a Case Create Clerk is assigned. They enter the claimant’s information on a Case screen in the Energy Case Management System (ECMS). When the information is entered it becomes a case file. The Claims Examiner reviews the accuracy of the information that was entered by the Case Create Clerk, comparing the claim form to the information in ECMS. If the information is not correct, the Claims Examiner returns the case file to the Case Create Clerk for correction.
- What specific legal authorities, arrangements, and/or agreements defined the collection of information?
OWCP has been authorized by Congress (Public Law 106-398: National Defense Authorization Act for Fiscal Year 2001) to require persons who file notices of injury and/or claims for compensation under the Energy Employees’ Occupational Illness Compensation Act of 2000 and its extensions to disclose certain identifying information, including SSN. Consequently, applicable regulations, including 20 CFR 702.202 concerning the employer's report of an employee's injury or death, have been amended to expressly require the reporting of the injured worker's SSN. The amended regulations are contained in the Federal Register dated December 23, 1993 (58 FR 68032).
- Privacy Impact Analysis
There are many potential risks when medical information is recorded about an individual, such as identity theft, certain types of insurance coverage being refused if certain medical information became public, loss of employment, etc. In particular the risk of PII being disclosed inadvertently when information is being passed between medical offices, rehabilitation counselors, other medical staff and DEEOIC is taken very seriously. DEEOIC understands its obligation to safeguard this information to prevent any of the potential risks from being realized and has established policies and procedures to safeguard this information. Throughout the remainder of this document examples of those safeguards have been explained to illustrate this commitment to prevention of PII being compromised.
In addition to the safeguards in place internally, DEEOIC requires its medical bill payment contractor’s (ACS) operation to be in full compliance with Federal security guidance to ensure proper safeguards are in place to prevent the accidental release of information that has been entrusted to the organization.
Uses of the PII
The following questions are intended to clearly delineate the use of information and the accuracy of the data being used.
- Describe all the uses of the PII
- Conduct correspondence with claimants, attorneys, and various medical personnel to determine the eligibility of the claim
- Determine whether a claim is eligible or not, and notify the claimant
- Calculate the amount of benefits the claimant is eligible for
- Receive electronic file of approved payments from ACS for transmission to the Treasury Department
- Disburse benefit payments to claimants or their beneficiaries
- Review pre-authorization requests for medical procedures
- Conduct hearings and reviews when a claimant or their representative has filed an appeal
- Provide statistics for quality reviews including utilization review and fraud and abuse detection
DEEOIC uses the collected PII data as critical information for the purposes of managing the claimant’s case and successfully fulfilling the mission.
ECMS operations provide the following functions which in some part depend on PII:
- What types of tools are used to analyze data and what type of data may be produced?
Data mining and some pattern recognition is used to look for instances of potential fraud, as well as, for reporting purposes to determine if performance goals are being met.
- Will the system derive new data, or create previously unavailable data, about an individual through aggregation of the collected information?
The system does not.
- If the system uses commercial or publicly available data, please explain why and how it is used.
The system does not.
- Privacy Impact Analysis
All system users are required to read and sign the Rules of Behavior before being granted access to the system. ECMS uses least privilege principles to ensure that only those who need access to the data to fulfill the agency’s mission are given access in addition to the authentication controls discussed above.
The system maintains only PII that is necessary and relevant to accomplish the purpose for which it is being collected.
The following questions are intended to outline how long information will be retained after the initial collection.
- How long is information retained in the system?
Currently the information is being retained indefinitely and no files or data has been destroyed or archived. However, archiving will be performed in the future as necessary.
- Has the retention schedule been approved by the DOL agency records officer and the National Archives and Records Administration (NARA)?
A retention schedule has been planned but not yet approved.
- Privacy Impact Analysis
ECMS is required to maintain the paper record for the interval indicated by the Archivist of the United States. The paper files are maintained in a secure location within the DEEOIC offices. While the indefinite maintenance of records is a privacy concern, this program is relatively new and the vast majority of its records are not old enough to be archived per the proposed schedule. None of the records are old enough to be eligible to be destroyed at this time. DEEOIC is working diligently to get the retention schedule approved so that appropriate archiving can be put in place.
Internal Sharing and Disclosure
The following questions are intended to define the scope of sharing within the Department of Labor.
- With which internal organization(s) is the PII shared, what information is shared, and for what purpose?
Electronic case records can be requested by the following organizations outside of the OWCP program for auditing purposes: the DOL Office of Inspector General (OIG) and the Office of the Chief Financial Officer (OCFO) for audit purposes; and the Office of the Solicitor (SOL) for litigation support.
- How is the PII transmitted or disclosed?
All PII data shared internally (with OIG) is transmitted via portable media (typically CD/DVD) and is encrypted via the DOL mandated encryption software.
- Privacy Impact Analysis
The sharing of data with internal users is limited to SOL for litigation support; and the OIG and OCFO and their designated auditors. All auditors are required to sign strict non-disclosure agreements, read and sign Rules of Behavior and complete security screening before they are authorized to access any data. The information is being shared with auditors and the SOL for civil or criminal law enforcement.
External Sharing and Disclosure
The following questions are intended to define the content, scope, and authority for information sharing external to DOL which includes federal, state and local government, and the private sector.
- With which external organization(s) is the PII shared, what information is shared, and for what purpose?
- Department of the Treasury Financial Management Services (FMS) disposition of ECMS benefit payments to and on behalf of beneficiaries
As discussed earlier, DEEOIC receives documents from its Central Bill Process (CBP) contractor for purposes of prior authorization and other claims management. Also as part of its contract with OWCP, CBP prepares files for transmission to the U.S. Treasury for payments to be made. These payments are authorized and approved by the OWCP program office, so no transaction is completed without the intervention of authorized federal staff who confirms the payments.
- Is the sharing of PII outside the Department compatible with the original collection? If so, is it covered by an appropriate routine use in a SORN? If so, please describe. If not, please describe under what legal mechanism the program or system is allowed to share the PII outside of DOL.
- How is the information shared outside the Department and what security measures safeguard its transmission?
- Privacy Impact Analysis
The following Agency receives ECMS data via Connect:Direct.
Yes. It is covered by DOL/ESA-49. Authorization is granted via a Memorandum of Understanding (MOU) and/or an Interconnectivity Security Agreement (ISA) between OWCP/DEEOIC and the outside Agencies.
The transmission of data is through a direct connection which includes two factor authentication and encryption of the data.
The external sharing of data is the required connections to ACS and the Treasury’s FMS.
Since the connection is made through the OWCP network an Interconnection Service Agreement is in place between OWCP and Treasury’s FMS. In addition an MOU between the U.S. Department of Labor and U. S. Treasury Department is also in place covering this connection. The data is used in order for checks to be issued to claimants.
There is also an MOU/ISA in place between the U.S. Department of Labor and ACS to cover this connection.
The following questions are directed at notice to the individual of the scope of PII collected, the right to consent to uses of said information, and the right to decline to provide information.
- Was notice provided to the individual prior to collection of PII?
Privacy Act considerations are included on the back of our claimant forms. Claimants are instructed to review the entire document before submitting the form.
- Do individuals have the opportunity and/or right to decline to provide information?
Yes, we have the following statement included in our claimant forms,
In accordance with the Privacy Act of 1974, as amended (5 U.S.C. 552a), you are hereby notified that:
- The Energy Employees Occupational Illness Compensation Program Act (42 U.S.C. 7384 et seq.) (EEOICPA) is administered by the Office of Workers’ Compensation Programs of the U.S. Department of Labor, which receives and maintains personal information on claimants and their
- Information which the Office has received will be used to determine eligibility for, and the amount of, benefits payable under EEOICPA, and may be verified through computer matches or other appropriate means.
- Information may be given to the Federal agencies or private entities that employed the claimant at the time of injury in order to verify statements made, answer questions concerning the status of the claim, verify billing, and to consider other relevant matters.
- Information may be disclosed to physicians and other health care providers for use in providing treatment, making evaluations for the Office of Workers’ Compensation Programs and for other purposes related to the medical management of the claim.
- Information may be given to Federal, state, and local agencies for law enforcement purposes, to obtain information relevant to a decision under the EEOICPA, to determine whether benefits are being paid properly, including whether prohibited payments have been made, and, where appropriate, to pursue salary/administrative offset and debt collection actions required or permitted by the Debt Collection Act.
- Disclosure of the claimant's social security number (SSN) or tax identification number (TIN) is mandatory. The SSN or TIN, and other information maintained by the Office, may be used for identification, to support debt collection efforts carried on by the Federal government, and for other purposes required or authorized by law.
- Failure to disclose all requested information may delay the processing of the claim or the payment of benefits, or may result in an unfavorable decision.
- Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right?
As indicated in the previous question, OWCP has been authorized by law to collect certain information in order to process claims. The information is used only for the purposes of managing the Energy claim. Claimants consent to this use of their information by signing the claimant form.
- Privacy Impact Analysis
Specific notice of the need to have and use privacy data to process a claim is included on the claim form itself to ensure that all claimants are aware of the data necessary to complete their claim and its uses. In addition SORNs which outline the users of privacy data for this system are available to the public through the DOL internet.
Access, Redress, and Correction
The following questions are directed at an individual’s ability to ensure the accuracy of the information collected about them.
- What are the procedures that allow individuals to gain access to their information?
Claimants have the right to request a copy of their file at any time.
- What are the procedures for correcting inaccurate or erroneous information?
Claimants can contact the closest OWCP-DEEOIC office and provide amended information. They are also periodically contacted by DEEOIC claims administrators to request updated information for their claim as needed to adjudicate the claim.
- How are individuals notified of the procedures for correcting their information?
At the time they file the claim they are informed that they should contact the office should there be any changes in the information provided. DEEOIC is also in regular communication with the claimant providing the opportunity for correction of information throughout the life of the claim.
- If no formal redress is provided, what alternatives are available to the individual?
Individuals have access, redress, and amendment rights under the Privacy Act for their records, and the procedures pertaining thereto are documented in the Privacy Act system of records notice.
- Privacy Impact Analysis
Electronic access to the claimant’s records is strictly limited to preserve the privacy of the claimant. Only the claimant and their legal representatives have the right to a copy of the admin claim file) and can request copies of their records to avoid any potential breach of privacy.
Technical Access and Security
The following questions are intended to describe technical safeguards and security measures.
- What procedures are in place to determine which users may access the system and are they documented?
DEEOIC has put in place access control measures that include documented user access authorization, encryption and least privilege. Detailed access control, as well as, other security control information is recorded in the ECMS System Security Plan.
- Will Department contractors have access to the system?
- Describe what privacy training is provided to users, either generally or specifically relevant to the program or system?
The annual OWCP Information System Security Awareness (ISSA) Training which has a privacy module or component to it.
- What auditing measures and technical safeguards are in place to prevent misuse of data?
OWCP uses the concept of least privilege as described above. Access is granted only after authorization based on documented access request policies. Logs for certain system functions are also reviewed on a regular basis to check for any misuse or other issues.
All OWCP operations are required to have security audits and assessments conducted of their operations on an annual basis. All OWCP systems must have system level auditing enabled to provide for reasonable response in the event of a security situation. IT system auditing and security testing is an essential aspect of how we ensure the integrity and availability of our computing systems. Auditing and assessments also provide us the ability to be more effective in preventing security vulnerabilities.
- Privacy Impact Analysis
There are many potential risks when medical information is recorded about an individual, such as identity theft, certain types of insurance coverage being refused if certain medical information became public, loss of employment, etc. DEEOIC understands its obligation to safeguard this information to prevent any of the potential risks from being realized. Throughout this document examples of those safeguards have been explained to illustrate this commitment to prevention of PII being compromised.
There are appropriate administrative, technical and physical safeguards in place to ensure the security and confidentiality of the information.
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware, RFID, biometrics, and other technology.
- What stage of development is the system in, and what project development life cycle was used?
Operations and Maintenance.
The DOL System Development Life Cycle Management (SDLCM) Manual
- Does the project employ technology which may raise privacy concerns? If so please discuss their implementation?
As a result of performing the PIA, what choices has the agency made regarding the information technology system and collection of information?
OWCP has completed the PIA for ECMS which is currently in operation. OWCP has determined that the safeguards and controls for this moderate system adequately protect the information.
OWCP has determined that it is collecting the minimum necessary information for the proper performance of a documented agency function.