Quality Assurance System
· Name of project
Quality Assurance System
· Unique project identifier
· Privacy Impact Assessment (PIA) Contact
Office of Quality Review
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
· System background description or purpose
The Quality Assurance (QA) System is a Social Security Administration (SSA) certified and accredited General Support System consisting of several sub-systems that we describe within this assessment.
The QA system comprises several applications designed to perform quality performance studies and reviews on the accuracy of adjudicative decisions made against SSA beneficiaries. The sub-systems support the business processes of the quality review of claims under the Title II (Retirement, Survivors, Disability Insurance) and the Title XVI (Supplemental Security Income) programs of the Social Security Act. The QA System’s major sub-systems, Disability Case Adjudication and Review System (DICARS), Disability Quality Review (DQR) System, and the Electronic Quality Assurance (eQA) System, perform the quality review functions.
· Describe the information we collect, why we collect the information, how we use the information, and with whom we share the information.
The QA System contains a variety of records used to perform quality performance studies and reviews. Records in this system may contain, but are not limited to any of the following: Social Security number (SSN); state and county of residence; type of claim; information regarding Federally administered supplementation payments; Social Security claims numbers; living arrangements and family composition; income and medical information; sex; race; resources; third party contacts; and indications of processing errors.
The QA system uses the information above to perform quality reviews including sampled disability determinations and non-disability factors relating to the claims decision process. Information from the QA System’s sub-systems is integrated with the Electronic Disability Folder. The QA sub-systems processes, receives downloaded data and uploads both claims data and images to the Electronic Folder.
The information used by the QA System is collected and maintained for purposes related to other business process. We generally disclose the information under those other processes only as necessary to process an individual’s claim for benefits, ensure the proper payment of benefits, or as authorized by Federal law. The QA System is not accessible to members of the public.
The QA System consists of the following subsystems and their corresponding technologies:
Summary of Subsystem Function:
Disability Case Adjudication and Review System (DICARS)/Disability Quality Review (DQR)
DICARS and DQR work in tandem to perform disability quality reviews. When a Disability Determination Service (DDS) clears a disability case and it is processed by the National Disability Determination Service (NDDSS), it is subject to Federal sampling. NDDSS may select a case for Federal review in the QA, Pre-effectuation, or any one of a number of special study samples. If a case is sampled by the NDDSS, it passes clearance information electronically to DICARS, which is used by reviewers and analysts in the Office of Quality Review.
DICARS and DQR assist the SSA in performing pre-effectuation reviews of 50% of favorable Title II, concurrent, and Title XVI Adult Determinations, in evaluating the performance of the state DDSs and reporting on their decisional accuracy, and processing Targeted Denial Reviews, which are a discretionary sample of denied claims.
Electronic Quality Assurance (eQA)
The (eQA) sub-system is a web-enabled intranet application that provides the SSA with a certified and accredited system to perform quality performance studies and reviews on accuracy of decisions made against SSA beneficiaries. The reviews are based on sample data extracted from various SSA agency programs including:
· Title II Retirement and Survivors Insurance (RSI)
· Title XVI Supplemental Security Income (SSI)
· Title XVIII Medicare Part D Prescription Drug Subsidies (Medicare)
· Hearings Level Reviews
The system currently provides the following major functions of the Quality Review Process: Study Definition; Sample Selections; Creation of Findings Forms; Reviewer Completion of Findings Data; Case Documents; Simple Reports; and Analytical Reporting from the dynamic reporting dataset, Business Process Management; support materials; and Electronic Folder Interface (EFI) communication.
· Describe the administrative and technological controls that we have in place to secure the information we collect.
The QA System has undergone authentication and security risk analyses. The latter includes an evaluation of security and audit controls proven to be effective in protecting the information collected, stored, processed, and transmitted by our information systems. These include technical, management, and operational controls that permit access to those users who have an official “need to know.” Audit mechanisms are in place to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
We protect the information in the QA System by requiring authorized staff to authenticate to the SSA network using their SSA issued 6-digit personal identification number and password or their identification credential. In addition to authentication and access controls, we use audit mechanisms to record sensitive transactions as an additional measure to protect information from unauthorized disclosure or modification.
SSA mandates annual information security awareness training, role-based training for personnel performing roles with significant cybersecurity responsibilities, and the reporting and retaining of completed training. All staff who have access to our information systems that maintain personal information must sign a sanction document annually that acknowledges penalties for unauthorized access to, or disclosure of, such information.
· Describe the impact on persons’ privacy rights.
We collect information only where we have specific legal authority to do so in order to administer our responsibilities under the Social Security Act. When we collect personal information from individuals, we advise them of our legal authority for requesting the information, the purposes for which we will use and disclose the information, and the consequences of their not providing any or all of the requested information. The individuals can then make informed decisions as to whether or not they should provide the information.
· Do we afford individuals an opportunity to consent to only particular uses of the information?
When we collect a person’s information, we advise that person of the purposes for which we will use the information. We further advise them that we will disclose this information without their prior written consent only when we have specific legal authority to do so (e.g., the Privacy Act).
· Does the collection of this information require a new system of records under the Privacy Act (5 U.S.C. § 552a) or an alteration to an existing system of records?
The QA System does not require a new Privacy Act system of records or an alteration to an existing system of records. The QA System uses information collected and maintained for business purposes related to other Privacy Act systems of records such as the Quality Review System (60-0040); the Quality Review Case Files (60-0042); and the Quality Evaluation Data Records (60-0057).
PIA CONDUCTED BY PRIVACY OFFICER, SSA:
Mary Ann Zimmerman DATE
Acting Executive Director
Office of Privacy and Disclosure
PIA REVIEWED BY SENIOR AGENCY PRIVACY OFFICIAL, SSA:
Daniel F. Callahan for 12/18/2018
Asheesh Agarwal DATE
Senior Agency Official for Privacy