| Tabs Container |
|---|
|
| Tabs Page |
|---|
| WelcomeIntroducing the HCD Playbook for digital innovation at CCSQ, a valuable resource tailored to stakeholders at the Centers for Medicare and Medicaid Services (CMS) Center for Clinical Standards and Quality (CCSQ). This playbook offers CCSQ-approved practices to applying human-centered design principles across the enterprise. Within this playbook, stakeholders will find practical guidance and tools that empower them to embrace customer-centered approaches. |
| Tabs Page |
|---|
| Accessibility| Panel |
|---|
|
Stop Press: ISG Accessibility Testing All ISG development teams requiring immediate accessibility testing on their products and services should contact directly: Brinda.large@cms.hhs.gov - Section 508 Compliance Officer for further details and support. |
|---|
Reading Time: 8 minutes Introduction to Accessibility Accessibility is the cornerstone of inclusivity, ensuring that all individuals, regardless of their abilities or challenges, can fully participate and engage in the world around them. It goes beyond physical spaces to encompass digital platforms, information, and services. The purpose of accessibility is not just compliance with regulations, but rather fostering a societal mindset where everyone can access information, interact, learn, work, share, and communicate effectively. By embracing accessibility, we empower everyone to contribute their unique talents, perspectives, and potential, enriching our collective human experience and driving innovation forward. Executive Order The Executive Order (EO) 14035 on Diversity, Equity, Inclusion, and Accessibility (DEIA) in the Federal Workforce (published June 2021) is a new mandate that outlines universal provisions and modifications to ensure equal access to employment and for people with disabilities, and the reduction and or elimination of virtual and physical barriers with inclusive best practices. We recommend reviewing the complete draft here. This covers a broad set of topics from policy, definitions, DEI Strategic Plan and the responsibilities of Executive Departments and Agencies to list a few. Ethical Concerns Ethical concerns related to accessibility in the workplace revolve around ensuring equal opportunities for all employees. Failing to provide accessible environments, tools, and accommodations can lead to exclusion and discrimination against individuals with disabilities. This not only violates principles of fairness and inclusivity but also undermines employee well-being and potential. Addressing these concerns is essential to uphold ethical standards, promote diversity, and create an environment where every employee can thrive and contribute their best. Business case Embracing accessibility and inclusion in the workplace and government is not just a moral imperative; it's also a smart business decision and a crucial step towards effective governance. By creating environments where diverse talents and perspectives can thrive, organizations and governments foster innovation, problem-solving, and better decision-making. Accessible workplaces attract a wider pool of skilled employees, boosting productivity, diverse thinking and employee satisfaction. In government, inclusion ensures equitable representation and policy formulation that addresses the needs of all citizens. Both settings benefit from improved public perception, enhanced collaboration, and a stronger bottom line, ultimately contributing to a more just, competitive, and prosperous society. E-commerce for all market sectors continues to show considerable growth, when $5.2 trillion (about $16,000 per person in the US) of conducted sales business in the USA with a projection of over $8.1 trillion by 2026. Understanding disabilities - Understanding disabilities requires empathy and a willingness to learn. It's about recognizing that diversity extends beyond what meets the eye. Disabilities can be physical, sensory, cognitive, or invisible, affecting people's experiences and interactions in unique ways. Educating ourselves about different types of disabilities, challenges individuals may face, and the tools or accommodations that can enhance their participation is essential. By actively listening to people's stories, seeking out resources, and treating everyone with respect and dignity, we can foster a more inclusive and compassionate world for all.
- Guiding how accessibility impacts your job role, and your performance can offer true insight. The UK Department of Work and Pensions (DWP) has developed nine (9) work roles from UX Researchers to Software engineers to Business analysts to Product managers, outlining; things to consider, planning, content hierarchy and risk throughout the duration of a project.
- World Wide Web Consortium (W3C) is an international consortium that develops web international standards and guidelines for accessibility. They have a series of ten impactful (10) videos exploring the need of web accessibility for people with disabilities.
- W3C offer a Free Digital Accessibility Foundation 16–20-hour self-paced course https://www.w3.org/WAI/courses/foundations-course/
- W3C offer a variety of training courses based on function and role type https://www.w3.org/WAI/courses/list/
Accessibility Mindset Consider an accessibility mindset as an approach from true human experiences rather than limitations of compliance as required by law that allows us to go beyond the - Gain leadership support: Prioritize accessibility by involving leaders in product creation and collaborating with affected individuals.
- Embed inclusive processes: Incorporate intentional processes and teamwork across the organization for creating universally usable experiences.
- Establish ongoing education: Invest in learning about accessibility throughout the organization.
- Focus on human experience: Frame accessibility discussions around its impact on people and approach it as a human-centered design challenge.
- Foster inclusive workplaces: Invest in technology, culture, and organization to create workplaces that attract and retain individuals with disabilities, breaking down barriers and normalizing accessibility perspectives.
Personas Personas are a key HCD method to understand and empathize with real user groups without creating stereotypes. Here are a set of eight fictitious personas of disabled users in given situations that help build understanding for the human experience and potential challenges. - World Wide Web Consortium (WC3) has developed a highly actionable folio of eight (8) diverse disability personas. Each persona provides highly informative insight and context to differing challenges for the users. https://www.w3.org/WAI/people-use-web/user-stories/#shopper
- Each persona provides three (3) additional criteria for consideration: Abilities and Barriers, Tools and Techniques, and lastly Accessibility Principles with additional accessibility requirements and considerations.
Disabilities; Situational, Temporary or Permanent - Most disabilities are considered permanent, however, there are three groupings of disabilities to consider with varying distinctions and impairments: Situational, Temporary and Permanent. Disabilities increase with age in adults up to 46%.
Guidelines, Testing & ComplianceWCAG The World Wide Web Consortium (W3C) is an international consortium that develops web standards. W3C’s Web Accessibility Initiative (WAI) focuses on making the web accessible to people with disabilities. The standards are outlined in the Web Content Accessibility Guidelines (WCAG) international standards and materialsinclude guidelines and techniques for making websites and web applications work better for people with disabilities, as well as users with accessibility needs. WCAG documents explain how to make web content accessible to people with disabilities or accessibility needs. There have been three (3) recent revisions to the content and currently there is a WCAG 3.0 drafted for future release. Here are other WCAG language/translation options; WCAG Success Criteria All WCAG 2.1 guidelines offer recommended and testable success criteria at three levels of conformance and defined as: A (lowest), AA, and AAA (highest). CMS require conformance to levels A and AA only. - For Level A conformance (the minimum level of conformance), the Web page satisfies all the Level A Success Criteria, or a conforming alternate version is provided.
- For Level AA conformance, the Web page satisfies all the Level A and Level AA Success Criteria, or a Level AA conforming alternate version is provided.
- For Level AAA conformance, the Web page satisfies all the Level A, Level AA and Level AAA Success Criteria, or a Level AAA conforming alternate version is provided.
Levels of conformance are met by two conditions; the important access issues for people with disabilities that address their problems beyond the usability problems that might be faced by all users, and secondly that usability is testable, to determine if a UX page passes or fails. The WCAG 2.1 site on conformance offers detailed explanations. ISG Accessibility Testing  Step 1: Supplemental Testing All preliminary supplemental testing can be conducted by teams with this self-paced training and testing for accessibility in these categories. This is a robust library of necessary knowledge, tools and tests to support your in-flow development projects before approaching ISG Accessibility Testing team for full compliance. Note there are integral 508 conformances for VPAT/ACR requirements. - Accessibility 101
- NFT (Non-Functional Testing)
- JAWS (Job Access With Speech)
- VPAT (Voluntary Product Accessibility Template)
- Section 508 documentation
- WAVE (Web Accessibility Evaluation Tool)
- Developer Focused Training
Here are resource links: Step 2: ISG Accessibility Testing – Baseline Testing The ISG Accessibility Testing is an internal compliance capability, offering a dedicated Baseline Testing service that walks through a four-step process to test, approve and or remediate all ISG products and services for accessibility before final implementation. Contact directly: Brinda.large@cms.hhs.gov- Section 508 Compliance Officer for further details and support. Figma has a built-in Stark Accessibility Checklist widget for teams to identify, note and track updates and improvements through the development process. https://www.figma.com/community/widget/1030161589655245054 Case Study Quality Payment Program (QPP) 2023 Accessibility Test Case Study The QPP Website collects the clinician data and subsequent clinician scores for the Center for Clinical Standards and Quality. The Application Development Organization (ADO) requests the application to be tested by CMS annually depending on the prior score. (75% is passing). When a score of less than 75% is rendered, an additional test is required. The QPP ADO submitted the Voluntary Product Template with the Conformance Report (VPAT/ACR) and Test Plan on November 13, 2023, for review and requested a date for the Section 508 test. The CCSQ 508 Clearance Officer reviewed the documents and requested the test for conformance of Levels A and AA of the WCAG Standards. The application was tested, and the results were issued on November 30, 2023. After a brief meeting to clarify the results, the Quality Payment Program application was found to be 100% 508 Compliant. The case study documents links below outline the ISG Accessibility pathway to success. Accessibility Beyond Compliance Ad Hoc is a digital services team founded in 2013 that supports HealthCare.gov. They take the position that the result of compliance is enforceable by fear of legal action against an entity rather than the objective. Ad Hoc’s mindset aligns closely with SCOPE, in propagating the social model that people are disabled by barriers in society, not by their impairment or difference and therefore, our responsibility is to ensure our products and services do not create or contribute to systemic barriers, derogatory attitudes, or social exclusion. Additional Resources - The World Wide Web Consortium (WC3) has an extensive set of resources for training, knowledge building, community engagement, public reviews etc. The events site is highly informative for current continued learning. https://www.w3.org/events/
- 18F Methods is the GSA’s Technology Transformation Service for accessibility. A highly robust and excellent go-to resource. https://methods.18f.gov/
- The UK Government site has several informative elements including dos and don’ts, design ethics and visual aids for Accessibility in Government.
|
|
| Tabs Page |
|---|
| title | Community Onboarding & Offboarding |
|---|
| | Panel |
|---|
| Background We know how challenging it can be when you start a new role supporting a large federal agency. There’s so much to learn and many tasks to complete in the first days and months. Similarly, when departing a role supporting the Center for Clinical Standards & Quality (CCSQ), some due diligence is needed to leave the organization on sure footing. Onboarding Best Practices For Everyone First and foremost, learn how the HCD Center of Excellence can support you. Ouronboarding resource provides basic information about the team, our services, and it provides opportunities to align with your peers, partners, and the programs you support. CCSQ’s Information Systems Group (ISG) recommends completing the Foundational Learning Path, consisting of the following core courses, so that all employees and contractor-partners gain greater alignment by putting into practice the key principles of these philosophies: For IT Contractors In addition, if you are a designer or researcher who supports an application development organization (ADO) developing software solutions, we would be happy to meet with you to help orient you to the HCD community. As you immerse yourself into your work, ISG asks that HCD resources create, update, and keep current the following artifacts: - Personas – who are the main consumers of your product and/or service?
- Customer Journeys – what is the experience of each persona as they interact with your product and/or service?
- Research Participants – who are the people you are conducting research with and how do you maintain this information in a way that complies with privacy standards?
Offboarding Best Practices For IT Contractors When a contract ends, personas, journeys, and a listing of research participants should be delivered to appropriate federal contract leadership and to us in order toassist the onboarding of others following you. Other key artifacts that could also be turned over include: - Service blueprints
- Design documents or standards
- Research findings
We’re Here to Help! The HCD Center of Excellence is here to support you as you begin your journey supporting CCSQ or as you near completion of your contract. We want to learn about your experience practicing HCD within this community and how it might be improved. Use the buttons below to email us or submit a project intake through Confluence and our team will follow up with you shortly.
|
|
| Tabs Page |
|---|
| CMS Design System| Panel |
|---|
| BackgroundThe Centers for Medicare & Medicaid Services (CMS) wants all teams working on digital projects to build consistent, responsive, and accessible experiences. According to Scott Weber, Managing Staff Designer for the CMS Design System, “A design system is a collection of reusable components both in design and in code, guided by clear documentation and standards, that can be assembled together to build web experiences and can be easily updated within products.”
Scott argues that CMS’ design system is important because it: - Allows designers and developers to create quickly and at scale.
- Allows product teams to focus on larger, more complex problems.
- It creates a unified language within and between cross-functional teams and products.
- It creates visual consistency across products, departments, and experiences.
- It can serve as a tool and reference for junior-level product team members.
Further, in a government setting like CMS governed by many isolated contracts, adherence to a design system can increase public trust while reducing taxpayer resource costs. Getting StartedWe encourage you to review the the CMS Design System resources for developers and designers and consider watching an overview presentation from Scott at our May 2022 Community of Practice event. If you need help sharing this resource with your teams or determining best practices for leveraging and contributing to the design system, please reach out to us. Additional ResourcesFor more information on the CMS Design System, click here to visit our CMS Design System page. |
|
| Tabs Page |
|---|
| Customer Satisfaction Surveys| Panel |
|---|
| Background Customer satisfaction research allows an organization to gather feedback from its customers about how well it is delivering its products and services and how it might improve delivery. We often prioritize research methods that answer specific and immediate questions for our projects at hand. How much time do users spend on a critical task? Do customers understand our instructions? Though, questions that yield insights for the totality of the customer experience (CX), such as customer satisfaction questions, help us to strategically inform project planning and prioritization across the enterprise. While customer satisfaction as an idea is a general one, a customer satisfaction survey is more defined and refers to a particular type of customer feedback survey. CSAT surveys allow customers to assess and provide feedback, both quantitative and qualitative, on customer service and product quality. These surveys are an ‘always on’ method of continuous data collection that allow us to measure aspects of the CX. These surveys typically provide insights related to: - Overall customer satisfaction
- Ease of use
- Efficiency
- Open-ended, qualitative feedback
Most commonly, CSAT surveys are delivered to customers via email or in the context of a user interface, with a site intercept survey tool/form. The latter has many benefits, most importantly that customers can answer questions while immersed in the experience when it is most fresh in their minds. Measuring the CX with a CSAT survey is an excellent step toward continuous improvement, but it’s what we do with the insights to drive and improve the experience that really counts. For this reason, it’s crucial to have a process in place for making sense of data, especially open-ended, qualitative feedback. Additional ResourcesFor more information, resources and case studies, click here to visit our Measuring Customer Satisfaction Initiative page. We're Here to Help!The HCD Center of Excellence is here to support you as you participate in the CCSQ-wide goal of increasing customer satisfaction research. We can partner with you through key tasks, such as: - Establish and test a site intercept survey tool
- Determine questions for satisfaction, ease of use, and efficiency
- Define a statistically relevant sample for continuous data collection
- Resolve PRA coverage and Information Collection Request (ICR) for site intercept survey
- Complete and submit Third Party Website and Applications (TPWA) form for the site intercept tool
- Determine approach for survey display
- Establish a plan for leveraging ongoing customer data
Use the buttons below to email us or submit a project intake through Confluence and our team will follow up with you shortly. |
|
| Tabs Page |
|---|
| title | Heuristic Evaluations |
|---|
| Heuristic Evaluation (Design Evaluation)| Panel |
|---|
| BackgroundHeuristic evaluation is a methodical and systematic inspection of your digital interface or product, where our experienced team of evaluators assesses its usability against a set of recognized usability principles, known as heuristics. These heuristics are industry-accepted guidelines that have been proven to enhance user satisfaction and overall usability. At our core, we believe that good design is intuitive, efficient, and delightful. A heuristic evaluation is a rigorous assessment of a digital product's usability based on a set of predefined principles or heuristics. It involves a systematic examination of the interface, interaction patterns, and overall user experience. The evaluation aims to uncover usability issues, such as confusing navigation, unclear labeling, or inconsistent feedback, that may hinder users' ability to accomplish their tasks efficiently. By conducting a heuristic evaluation, businesses can gain valuable insights into the strengths and weaknesses of their product, allowing them to make informed design decisions and improve user satisfaction. How We WorkAt our core, we believe that good design is intuitive, efficient, and delightful. Conducting heuristic evaluations can save businesses time and resources in the long run. By proactively identifying usability issues early in the design process, companies can avoid costly and time-consuming redesigns or redevelopments later on. Addressing usability concerns at an early stage not only improves the user experience but also minimizes the need for extensive user testing or costly customer support efforts in the future. If you'd like to partner with our team to complete a heuristic evaluation, here's what you can expect from the process: Initial Consultation:
We begin by understanding your specific goals, target audience, and the unique challenges you face. This initial consultation allows us to tailor our evaluation process to your specific requirements. Evaluation Planning:
Our team of experts carefully designs a customized evaluation plan based on the unique characteristics of your product. We consider various factors, such as your industry, target audience, and usability objectives to ensure the evaluation aligns with your goals. Heuristic Evaluation:
Our evaluators conduct a thorough inspection of your product, employing the established heuristics as a framework. They identify usability issues, areas for improvement, and provide actionable recommendations to enhance the overall user experience. Detailed Report:
Following the evaluation, we compile a comprehensive report that outlines the findings, highlights the identified usability issues, and provides prioritized recommendations. Our report is designed to be clear, concise, and actionable, enabling you to implement changes effectively. Consultation and Support:
We believe in establishing a partnership with our clients. Our team is available to provide further guidance and clarification on the evaluation findings. We support you throughout the implementation phase and help you track the improvements made to ensure optimum results. We're Here to Help!To engage with our team for a heuristic evaluation of a digital product, please use the buttons below to email us or complete a request support form. |
|
| Tabs Page |
|---|
| Maturity Model| Panel |
|---|
| BackgroundThe HCD Center of Excellence developed an HCD Maturity Model, a powerful tool designed to help you assess your organization's level of maturity in implementing human-centered design principles. By understanding where you currently stand, you can chart a clear path towards continuous improvement, innovation, and customer-centricity. Our HCD Maturity Model is a comprehensive framework that evaluates your organization's adoption of human-centered design practices across key dimensions. It encompasses areas such as scope, strategy, research, design, staffing, and measurement. By assessing your maturity level in each dimension, you gain valuable insights into your organization's strengths and areas for development. Why Gauge Your HCD Maturity?Gauging your HCD maturity level offers several benefits: Clear Assessment: The HCD Maturity Model provides a structured approach to assess your organization's current state. It helps you gain a holistic understanding of your strengths and areas that require further focus, enabling you to prioritize and allocate resources effectively. Roadmap for Growth: Once you identify your current level of maturity, you can create a roadmap to enhance your HCD practices systematically. The model acts as a guide, pointing you towards specific areas where you can invest in building capabilities and driving cultural change. Benchmarking and Collaboration: Understanding where you stand in relation to industry standards and peers allows you to benchmark your progress. It also opens doors for collaboration, knowledge-sharing, and learning from organizations that have successfully advanced their HCD maturity. Enhanced User-Centricity: By embarking on a journey to improve your HCD maturity, you elevate the quality of your user experiences. Embracing human-centered design principles results in products and services that truly meet the needs of your customers, fostering loyalty, and driving business growth. We're Here to Help!To learn more about our HCD Maturity Model and how it can benefit your organization, visit our dedicated page click here. There, you will find detailed information about the dimensions and levels of maturity, as well as a case study showcasing how we're partnered with ISG to assess HCD maturity. For guidance in executing an HCD Maturity Assessment, please use the buttons below to email us or complete a request support form.
|
|
| Tabs Page |
|---|
| title | Participant Communication |
|---|
| Participant Communication for Scheduling| Panel |
|---|
| BackgroundEffective and ethical communication with research participants is a cornerstone of Human-Centered Design initiatives. This is particularly important at the Center for Clinical Standards and Quality (CCSQ), where engaging with diverse stakeholders requires a tailored approach. This section of the HCD Playbook outlines best practices for communicating with participants during HCD research projects. Guiding PrinciplesWhen conducting HCD research, always keep these key principles in mind: - Empathy: Treat participants as valuable contributors to the research.
- Clarity: Use straightforward language and set clear expectations.
- Inclusivity: Ensure your communication methods don’t exclude potential participants.
How to Implement Best PracticesThe following actionable steps are derived from industry best practices and have been further enriched by invaluable contributions from the Quality Payment Program (QPP) and the Hospital Quality Reporting (HQR) teams. These guidelines have received the official approval of the Center for Clinical Standards and Quality (CCSQ), ensuring they meet the highest standards for effective human-centered design research. Identifying ParticipantsTo cast a wide net for potential participants, consider employing a diverse array of sourcing methods. These could include utilizing sign-up lists from program newsletters and extracting queries from the Service Center database. Additionally, you might consider using open-ended volunteer forms on your website as a potential source. Screener forms can be used to gather more specific information about your participants, such as their role and level of engagement with CMS programs. However, it's important to note that if you intend to use screener forms, you must secure an Information Collection Request (ICR) approval in compliance with the Paperwork Reduction Act. Invitation to Participate in Research- Initial Outreach: Use a .gov email address, when possible, to establish legitimacy in your initial communication. It also helps to have the name and contact information of a specific team member in the email signature.
- Timing: Aim to reach out 3–4 weeks before the planned study date.
- Email Templates: Adopt a standard email template that covers the basics and leaves room for customization based on your target audience. Here are a couple of examples from HQR and QPP.
- Transparency: Be explicit about your research goals and what you expect from participants. For example, "We are looking for users who have experience in X and Y." You should also be clear that participation is voluntary and unpaid.
- Next Steps: End your communication with a predefined 'Next Step,' like "Reply with 'Yes, I’m interested,' and we’ll take it from there."
Scheduling Time with Research Participants - Calendar Management: Use tools like Calendly, synced with your work calendar, to allow participants to easily pick a slot.
- Tech Integration: Sync Calendly with Zoom to auto-generate meeting links and minimize steps for participants.
- Confirmation: Send a follow-up email shortly after a participant has signed up, summarizing the purpose, and sharing any required documentation, such as Consent Forms.
- Timing: Within 24–48 hours of the participant choosing a slot.
- Details: Confirm date, time, and what will be discussed or tested.
- Reminders:
- First Reminder: 3 days before the session. A gentle reminder of the upcoming session.
- Last Reminder: A business day before the meeting, send a reminder to minimize no-shows and include any last-minute details or changes.
Post-Study Communication- Thank You: Within 24 hours post-study send a “Thank You” email to the participant. Reiterate how your team intends to utilize the insights they've provided. Offer them a point of contact for any outstanding questions or insights they’d like to share after the study.
- Feedback Form: Consider providing an open-ended feedback form. This will allow participants to share their views on the process, giving your team valuable insights into the participant's experience.
Re-Engagement- Wait 3 months to engage with a participant for another research activity.
Pro Tips- Be mindful of healthcare facilities’ firewalls that may block emails with external links. Have a PDF of the consent form readily available.
- Timing matters. Sending emails as participants start their workday can result in higher response rates.
AcknowledgmentWe would like to extend our gratitude to the Quality Payment Program (QPP) and the Hospital Quality Reporting (HQR) teams for their contributions to the creation of this guidance on best practices for HCD research communication. Your insights and experiences have made this resource a practical tool for the community. We're Here to Help!If you encounter challenges or have questions about best practices for participant communication, our team is available for consultations. Your effective communication is our success, and we're here to support that journey. For additional templates, consent forms, and other tools, reach out to us using the buttons below or complete a request support form. By following these best practices, you're not only ensuring a smooth research process but also respecting and valuing the time and contributions of your participants, which is central to the HCD approach. |
|
| Tabs Page |
|---|
| title | Participant Database |
|---|
| Participant Database| Panel |
|---|
| BackgroundThe HCD Participant Database is a centralized repository of individuals who have opted in through the CMS Service Center's funnel to participate in HCD research. It serves as a valuable tool for teams seeking participants for user research, usability testing, co-creation sessions, and other HCD activities. By organizing participants based on program type, it helps teams to identify and engage with the right individuals for their specific needs. We're Here to Help!To gain access to the HCD Participant Database, please use the buttons below to email us or complete a request support form. |
|
| Tabs Page |
|---|
| Personas| Panel |
|---|
| BackgroundA Persona is a fictitious character embodying a segment of real-world people impacted by your product, service or policy. It is based on information gathered via research, both qualitative and quantitative. A persona relays an individual’s needs and goals, defining the crux of who they are. The HCD CoE is beginning to build out this resource, starting with CCSQ QNet-focused personas, and offers enterprise personas for teams to leverage so they can make informed decisions that impact their target customers. All files can be browsed by attribute, viewed in the gallery or downloaded so you may print them out. We understand that you may want to customize these for your work contexts, so feel free to reach out to the team if you would like any source files or if you have any you would like to add. CCSQ PersonasWe're Here to Help!To learn more about our personas, please use the buttons below to email us or complete a request support form. |
|
| Tabs Page |
|---|
| Paperwork Reduction Act| Panel |
|---|
| BackgroundThe Paperwork Reduction Act (PRA) is a federal law intended to ease the data reporting burden imposed by the government. The law pertains to data collection regardless of form or format (including digital, paper-based, and standardized interviews). The PRA governs most research and feedback collection mechanisms done by or on behalf of the federal government. Any federal agency requesting responses from the public is required to estimate the time and cost burden for citizens to respond and the burden on the federal agency to compile and synthesize the data. Authorizations for PRA approval of data collection come from the Office of Management and Budget (OMB), and PRA officers in each agency coordinate the effort. It is essential and mandatory that CCSQ comply with the PRA when applying human-centered design (HCD) processes and methodologies. However, the PRA should not limit HCD best practices to improve the customer experience. If the information you are collecting is subject to clearance, most agencies estimate six to nine months from agency development to approval. We encourage you to take advantage of the flexibilities and requirements that exist for compliance. You can learn more about the basic information related to the PRA at A Guide to the Paperwork Reduction Act. CCSQ Generic Clearance for Fast-Track ApprovalIn July 2021, CCSQ's Information Systems Group (ISG) obtained OMB approval for an information collection request (ICR) titled "Generic Clearance for the Center for Clinical Standards and Quality IT Product and Support Teams (CMS-10706)" (OMB Control Number: 0938-1397)." This clearance is for the Center for Clinical Standards and Quality IT Product and Support Teams (CIPST) to leverage for specific information collections and includes the Fast-Track approval process. Additional ResourcesFor more information about the CCSQ Generic Clearance, job aids, and best practices, click here to visit our Paperwork Reduction Act page. We're Here to Help!The HCD Center of Excellence is here to support you prepare to submit your Information Collection Request (ICR) to gain PRA coverage. Use the buttons below to email us or submit a project intake through Confluence and our team will follow up with you shortly. |
|
| Tabs Page |
|---|
| Privacy| Panel |
|---|
| Introduction to Privacy The topics of privacy and security for the Centers for Medicare and Medicaid Services (CMS) refers to the combined process of keeping sensitive information about public individual beneficiaries secure both physically and digitally. This sensitive information includes PHI and PII. Personally Identifiable Information, or PII, refers to any information that can be used to identify an individual, such as name, address, social security number, and medical information. Protected Health Information, or PHI, is a subset of PII that refers to any personal and identifiable health information that is collected, used, or disclosed by the Centers for Medicare and Medicaid Services. In the context of any research conducted within the QualityNet community, this guidance focuses on three scenarios for collecting and storing data when conducting research with volunteers: Before, During, and After. Before: Recruiting Research Volunteers There are a variety of methods for recruiting research participants. Some of these people may be considered “internal” volunteers. That is, federal employees and government contractors working in support of CMS and its mission. However, for public facing solutions, researchers may need to recruit members of the public who must use a product or service provided by the QualityNet community. It is this latter group that introduces a bit more complexity with recruitment. A general rule of thumb is that if you are collecting equivalent information from 10 or more members of the public, this is considered “burden” and must go through an approval process. We will describe recruitment that both utilizes a Paperwork Reduction Act (PRA) approval process that may collect PII and a process that does not trigger PRA or collect PII. Recruiting Volunteers via a PRA-approved Information Collection Request (ICR) One option for collecting information from the public is to initiate coverage process on your own, but the process can be long and drawn out. The good news is that there is existing PRA coverage (CMS-10706) for CCSQ employees and partners who seek to collect information from the public in order to aid in the design and development of product or service design solutions. If you fall within those parameters, chances are that you would more expeditiously be able to collect survey data from the public that may include PII or PHI. Please reach out to our team or the CMS Office of Strategic Operations and Regulatory Affairs (OSORA) to learn if you quality. Recruiting Volunteers without Triggering PRA The good news for researchers who are new to the community is that there is an existing system that securely captures information from people who have contacted the community help desk (“Service Center”) and volunteered to participate in research. This “Participant Database” stores volunteer information by program and is freely available for researchers in the QualityNet community. But even if you do not have access to this resource, there are options for soliciting volunteers without capturing PII or PHI. Our Participant Communication guidance includes some examples where, as a recruiter, instead of asking volunteers to provide screener information, you call out the specific requirements you have and the volunteer responds if they meet the criteria that might otherwise be collected in the form of PII. In this recruiting method, you are not asking people to volunteer information but simply to express interest in participating in a research activity. During: Conducting Research with Volunteers Once you have identified volunteers for a particular research activity, what are best practices for protecting participant privacy? Consider implementing the following safeguards* (per MACBIS HCD SOP): - – It's not just text. Even audio and video recordings with volunteers are considered PII. In some states (MD being one of them) you must ask permission to record.
- Hide or mark research participant information – Depending on how session information is captured and stored, consider masking or hiding volunteer information. This may include:
- Hiding or masking participant names if session uses video conferencing software
- Hiding or masking participant names when documenting any information pertaining to a research session with a volunteer
- Consider avoiding mentioning participant names during a recording – This keeps PII out of any or documents that may be used for later synthesis. Or, if using names during a session, consider replacing transcript names with unique IDs
After: Storing Research Data and Anonymization Once research has been conducted, teams need to store raw data used for synthesis and making solution recommendations. Consult with your CMS Information System Security Officer (ISSO) for approved systems and storage procedures. For PII/PHI that may be saved on local devices, CCSQ ISG recommends the following protocols* (per QPP HCD SOP):
- Regular deletion of locally hosted PII from completed studies: All recordings and other PII data should be cleared from local devices and accounts (e.g. Zoom) for completed studies. This should happen every 3-6 months.
- Secure Shredding for Paper Documents: Paper documents containing PII should be shredded using a cross-cut shredder or a shredding service that ensures the information is irreversibly destroyed.
- Secure Disposal of Electronic Media: For electronic media, such as hard drives, USB drives, or CDs/DVDs, use secure disposal methods. This can include using data wiping software that overwrites the data multiple times to make it unrecoverable, physically destroying the media, or using certified disposal services that specialize in electronic media destruction.
- Verification of Disposal: Maintain a record of all disposed PII, including the date, method of disposal, and responsible parties involved. This documentation can be important for auditing, compliance, or in case of any future inquiries.
In addition to storage and disposal procedures, steps should be taken to anonymize data when possible. CCSQ ISG recommends the following protocols* (per QPP HCD SOP):
- Remove Identifying Information: Remove any such as names, email addresses, phone numbers, and social media handles.
- Replace Identifiers: Replace participants' names with unique identifiers, such as Participant A, Participant B, or User 1, User 2, to maintain anonymity.
- Redact Direct References: Ensure that any direct references to specific individuals, organizations, or locations are redacted or replaced with generic terms.
- Modify Dates and Times: Adjust or generalize specific dates and times mentioned in the transcript to prevent identification. For example, change "last week" to "recently" or "in the past."
- Use Generic Terminology: Replace specific product names, project codes, or any other proprietary or sensitive information with generic terms to avoid disclosing confidential information.
- Review for Oversights: Conduct a thorough review of the anonymized transcript to identify and correct any oversights or missed instances of identifiable information.
- Data Protection Documentation: Maintain documentation outlining the anonymization process and the measures taken to protect participant privacy. This documentation helps ensure compliance and accountability.
Appendix The 18 PHI (Protected Health Information) identifiers are specific pieces of information that, when linked with health data, can be used to identify an individual. These identifiers are defined by the Health Insurance Portability and Accountability Act (HIPAA) and include the following: - Names
- Geographic subdivisions smaller than a state
- Dates related to an individual (such as birthdate, admission date, discharge date, and date of death)
- Telephone numbers
- Fax numbers
- Email addresses
- Social Security numbers
- Medical record numbers
- Health insurance beneficiary numbers
- Account numbers
- Certificate/license numbers
- Vehicle identifiers and serial numbers
- Device identifiers and serial numbers
- Web URLs
- Internet Protocol (IP) address numbers
- Biometric identifiers (including fingerprints and voiceprints)
- Full-face photographic images and any comparable images
- Any other unique identifying number, characteristic, or code
It's important to note that the unauthorized use or disclosure of PHI identifiers is prohibited under HIPAA regulations to protect individuals' privacy and confidentiality. Additional Resources Security and Privacy Controls for Information Systems and Organizations (NIST SP 800-53 Rev. 5) Federal Information Security Management Act (FISMA) Federal Risk and Authorization Management Program (FedRAMP) CMS Information Security & Privacy Group: Privacy CMS Privacy Program Plan QualityNet Security CMS Policy QualityNet Atlassian Security Policy *Thanks to contributions from QPP and MACBIS HCD communities
We’re Here to Help! The HCD Center of Excellence is here to support you as you seek to be compliant with CMS privacy policy. Use the buttons below to email us or submit a project intake through Confluence and our team will follow up with you shortly. |
|
|
|
ISG Playbook
APIs