HHS Approval Form for Qualtrics Tier 3
Proposed Use of a Multi-Session Web Measurement and Customization Technology that Collects Personally Identifiable Information Form
Per Office of Management and Budget (OMB) instructions found in Memorandum 10-22 Guidance for Online Use of Web Measurement and Customization Technologies (June 25, 2010), the following information serves as public notice for the proposed use by the United States Department of Health & Human Services of a Tier 3 multi-session Web measurement and customization technology that collects personally identifiable information.
The HHS Senior Agency Official for Privacy (SAOP) will post this notice for public comment on the Department’s Open Government Webpage (www.hhs.gov/open) for 30 days from the date of the posting.
Comments
The 30-day comment period is from Tuesday, January 5, 2021 through Thursday, February 4, 2021. Comments about the proposed use can be submitted electronically to [email protected].
| OPDIV | Centers for Medicare and Medicaid Services (CMS) |
| Date posted for public comment | 01/05/2021 |
| The purpose of the Web measurement and/or customization technology | The Centers for Medicare & Medicaid Services (CMS) uses Qualtrics, an Experience Management platform, to gather feedback from visitors to CMS’ websites, including CMS.gov, Medicare.gov, MyMedicare.gov, HealthCare.gov, CuidadoDeSalud.gov, Medicaid.gov, InsureKidsNow.gov, and various subdomains of the above top level domains (TLDs), to gauge overall satisfaction with the website and to find out how to improve the customer experience. These TLDs are hereafter referred to as “CMS’ websites.” Feedback collected is general consumer feedback information via multiple-choice questions such as, "What is your feedback about?" "How can we improve this page?" and "Did you find the information helpful?" Consumers provide feedback through online surveys facilitated by the Qualtrics tool. The Qualtrics platform gathers feedback from CMS website visitors to gauge overall satisfaction with the website to build an omni-channel voice of the customer (VoC) program in an effort to improve the consumer experience. The platform allows CMS to monitor, respond, and optimize every key moment along the customer journey, conducting research and investing in the improvements that boost customer acquisition, retention, satisfaction, and lifetime value. Planned Tier 3 usage: Qualtrics plans to expand the usage of cookies to include usernames that could identify an individual. Collecting this information allows CMS to perform longitudinal analysis on the impact of website changes on the customer experience. Additionally, it allows CMS to follow up with individuals to learn more about their experience and how to improve their interactions with the website. Tier-3 usage of customization technology requires an opt-in decision by the user. The action of opting in means the user is agreeing to specified data being collected in order to improve the user experience. The action of opting in will be accompanied by a notification with information explaining what the decision means, examples of what data may be collected and what benefits are offered to the user. |
| The usage tier (i.e., Tier 1, 2, or 3) | Tier 3 |
| Session Type (multi-session or single session) | Multi-Session |
| Information about the technology used | Qualtrics is an Experience Management platform that helps improve customer experience based on the quality of interactions throughout the customer lifecycle. The platform allows CMS to monitor, respond, and optimize every key moment along the customer journey, conducting research and investing in the improvements that boost customer acquisition, retention, satisfaction, and lifetime value. Feedback collected is general consumer feedback information via both open-ended questions and multiple-choice questions such as, "What is your feedback about?" "How can we improve this page?" and "Did you find the information helpful?" Consumers provide feedback through online surveys facilitated by the Qualtrics tool. |
| Describe the nature of the information collected | CMS uses Qualtrics to gather feedback from individuals to gauge overall satisfaction with their interactions with CMS. This information is used to build an omni-channel voice of the customer (VoC) program in an effort to improve the consumer experience. Feedback collected is consumer feedback information via multiple-choice questions such as, "What is your feedback about?" "How can we improve this page?" and "Did you find the information helpful?" Consumers provide feedback through online surveys facilitated by the Qualtrics tool. Additionally, contact information may be collected if the individual elects to provide it for follow up conversations. Finally, a common user identifier may be collected to identify the same user across multiple devices and across multiple sessions. The data collected by Qualtrics will not include medical or beneficiary data or be linked to medical or beneficiary systems. |
| Describe the purpose and use of the information | Voice of the customer (VoC) is a process used to gather information from and about visitors that represents their likes, dislikes, expectations and any other relevant information about their experience with CMS. This VoC program allows CMS to quickly identify widespread drivers of poor customer experience, close the loop with individual customers and provide trend and performance feedback to work groups throughout the organization. The CMS staff analyze and report using the collected data from Qualtrics. The reports are available only to CMS managers, teams who implement CMS programs, members of the CMS communications and web teams, and other designated federal staff and contractors who need this information to perform their duties. The personally identifiable information (PII) is collected to provide for an enriched and personalized user experience. A primary consideration of this technology is the ability to identify the same user across multiple devices and across multiple sessions. To achieve this, a common user identifier must be captured. Behavioral data from one session/device is leveraged to provide an improved and consistent user experience in future sessions/devices. Users are encouraged not to share unnecessary personal health information via the warning to respondents before they submit information. |
| Describe whether and to whom the information will be disclosed | The information collected will be stored on Qualtrics’ FedRAMP Authorized cloud server. The CMS staff analyze and report using the collected data from Qualtrics. The reports are available only to CMS managers, teams who implement CMS programs, members of the CMS communications and web teams, and other designated federal staff and contractors who need this information to perform their duties |
| Describe the privacy safeguards applied to the information | Qualtrics is FedRamp Authorized. FedRAMP is the gold standard of U.S. government security compliance, with over 300 controls based on the highly-regarded NIST 800-53 that requires constant monitoring and periodic independent assessments. All response data resides in Amazon Web Services (AWS) GovCloud (environment is specific only for Federal customers), and data is protected by disk level encryption and database encryption. AWS GovCloud has an existing ATO (Authority to Operate) under FedRAMP, which gives Government agencies the ability to leverage AWS GovCloud for sensitive workloads. Additional information can be found on the Qualtrics Privacy Statement: https://www.qualtrics.com/privacy-statement/ |
| Describe the data retention policy for the information | General Records Schedule (GRS) 6.5, Item 10, Disposition Authority: DM-GRS-2017-0002-0001. Records from operations such as a customer call center or service center providing services to the public. Services may address a wide variety of topics including but not limited to: incoming requests and responses, system data including customer ticket numbers and visit tracking, evaluations and feedback about customer services, reports generated from customer management data, customer feedback and satisfaction surveys, including survey instruments, data, and reports. CMS may retain records 1 year after resolved, or when no longer needed for business use, whichever is appropriate. The data retention policy is 13 months for the Qualtrics Experience Management platform. CMS is able to connect to the Qualtrics Experience Management platform to export this data to a CMS managed data warehouse. |
| Name of the Privacy Impact Assessment associated with the Website or application using the Web measurement and/or customization technology | https://www.hhs.gov/sites/default/files/cms-qualtrics.pdf Please note that this link is for the Third-Party Website or Application (TPWA) Privacy Impact Assessment (PIA) for the current use of Qualtrics, not the Tier 3 use being proposed. The draft Tier 3 TPWA PIA is available on hhs.gov/open. |
| Name of the System of Records Notice associated with the Website or application using the Web measurement and/or customization technology (if applicable) | N/A |
| Describe whether or not the technology is enabled by default; and if so, why | Qualtrics is enabled by default on the website to allow every user the opportunity to provide feedback in an effort to improve the customer experience. However user personally identifiable information will not be captured unless there is consent obtained through an opt-in process. |
| Describe how to opt-out or opt-in to the Web measurement and/or customization technology | Providing customer experience feedback is optional and not required to complete any tasks. As a result, any user that provides feedback is explicitly opting in. If consumers do not want Qualtrics to collect information, consumers can choose not to take a survey. The Qualtrics tool is leveraged in both a Tier-2 and Tier-3 state, based on the type of information collected. In a Tier-2 state, a visitor can opt out of the ‘Web Analytics’ category at any time through the CMS website’s Privacy Settings. A decision to opt-out at the Tier-2 usage level will also opt a user out of Tier-3, regardless of their expressed consent as described below. In a Tier-3 state, this requires an opt-in decision by the user. The default state is that users will NOT be opted in and will stay at the Tier-2 usage level (unless the visitor also opts out of that usage). The user will be able to select an unchecked (by default) box to indicate consent through any email signup forms as well as through the account sign up process and user profile management screens. The action of opting in means the user is agreeing to specified data being collected in order to improve the user experience. The action of opting in will be accompanied by a notification with information explaining what the decision means, examples of what data may be collected and what benefits are offered to the user. The opt-in decision will be stored in the GovDelivery tool and in the appropriate CMS user profile database (for user-login based identification). The user may also change their opt-in decision in both data locations as well. The GovDelivery tool is used as CMS’ email and SMS based marketing initiatives and has its own system PIA: https://www.hhs.gov/sites/default/files/cms-govdelivery.pdf The Qualtrics XM Directory tracks users that have elected to opt out of future feedback requests and prevents outreach to those individuals. |
| Describe how a member of the public can access comparable information or services if they choose to opt-out of the Web measurement and/or customization technology | If a member of the public chooses not to provide feedback, there will be no impact to their experience on the site. The technology is used to improve the customer experience. Survey questions are used to improve the customer experience and are not applicable to alternative application channels. |
| Identities of all third-party vendors involved in the measurement and/or customization process | Qualtrics is used in concert with Tealium as the only third-party vendors designated to store Tier-3 level personally identifiable information. Data within Qualtrics is not accessible by personnel from Tealium and vice versa. Only designated federal staff and contractors who need this information to perform their duties have access to this data. No other third party organization will have access to the information collected. |
