HHS Home > OCIO Home > Capital Planning & Budget > Exhibit 300

Exhibit 300 (BY2009) - Centers for Medicare and Medicaid Services (CMS) Data Management Operations - Claims

PART ONE

OVERVIEW

1. Date of Submission:: 2008-02-04

2. Agency:: 009

3. Bureau:: 38

4. Name of this Capital Asset:: CMS Data Management Operations - Claims

5. Unique Project Identifier:: 009-38-01-02-01-1160-00

6. What kind of investment will this be in FY2009?: Operations and Maintenance

7. What was the first budget year this investment was submitted to OMB?: FY2007

8. Provide a brief summary and justification for this investment, including a brief description of how this closes in part or in whole an identified agency performance gap.: The investment includes: major data repositories for Medicare claims and enrollment; establishing standards and monitoring the major data repositories plus any subsidiary databases built from these repositories; the access path to the repositories; the privacy & security protection for the data; & research support functions. Specifically, this investment is comprised of the following components: 1. The National Claims History (NCH) database is an historical, tape-based system comprised of Medicare claims data from 1991 through the present. It houses approximately 1.1 billion claims per year. The National Medicare Utilization Database (NMUD) is a relational database built in DB2 that houses the NCH claims from 1997 through the present. Claims transactions are processed by the Medicare contractors, edited in the Common Working File system, and loaded from the Common Working File to the NCH on a monthly basis. Agency users account for 83 percent of all users, while external users represent the other 17 percent. All users must obtain permission from the privacy staff to access the data. 2. The data administration (DA) and database administration (DBA) functions support both the major repositories and some 400 CMS databases that are derived from these data. Data administration policies govern the format of the data. DBA policies govern the database structures built to house the data. These functions assure that CMS data is managed to meet agency standards. Additionally, these functions support the development and maintenance of the 400+ CMS databases. 3. The Data Extract System (DESY) is the primary access tool for the NCH/NMUD and MSIS databases and various files derived from these data bases, as well as enrollment data files. DESY is an auditable, web-based tool. It is linked to the privacy authorization system and the privacy accountability tracking system, which authorizes user access levels and monitors releases of data to external users. All users are required to enter into Data Use Agreements that are negotiated with the CMS privacy staff and which control their access to the data. During calendar year 2005, DESY processed over 70 billion records for approximately 300 users.

9. Did the Agency's Executive/Investment Committee approve this request?: yes

9.a. If "yes," what was the date of this approval?: 2007-06-26

10. Did the Project Manager review this Exhibit?: yes

11.a. What is the current FAC-P/PM certification level of the project/program manager?: TBD

12. Has the agency developed and/or promoted cost effective, energy-efficient and environmentally sustainable techniques or practices for this project.: yes

12.a. Will this investment include electronic assets (including computers)?: no

12.b. Is this investment for new construction or major retrofit of a Federal building or facility? (answer applicable to non-IT assets only): no

13. Does this investment directly support one of the PMA initiatives?: yes

If yes, select the initiatives that apply:

Initiative Name
Expanded E-Government

13.a. Briefly and specifically describe for each selected how this asset directly supports the identified initiative(s)? (e.g. If E-Gov is selected, is it an approved shared service provider or the managing partner?): The Data Management Operations - Claims investment directly supports the expanded e-government PMA initiative by its creation of requisite data structures that are critically necessary to the functioning of e-gov. This standardization allows information to be shared more efficiently and provides a single source for data requests.

14. Does this investment support a program assessed using the Program Assessment Rating Tool (PART)?: yes

14.a. If yes, does this investment address a weakness found during the PART review?: yes

14.b. If yes, what is the name of the PARTed program?: 2003: CMS - Medicare Program

14.c. If yes, what rating did the PART receive?: Moderately Effective

15. Is this investment for information technology?: yes

16. What is the level of the IT Project (per CIO Council's PM Guidance)?: Level 3

17. What project management qualifications does the Project Manager have? (per CIO Council's PM Guidance): (1) Project manager has been validated as qualified for this investment

18. Is this investment identified as high risk on the Q4 - FY 2007 agency high risk report (per OMB memorandum M-05-23)?: no

19. Is this a financial management system?: no

20. What is the percentage breakout for the total FY2009 funding request for the following? (This should total 100%)

Area	Percentage
Hardware	3
Software	8
Services	89
Other	0

21. If this project produces information dissemination products for the public, are these products published to the Internet in conformance with OMB Memorandum 05-04 and included in your agency inventory, schedules and priorities?: n/a

22. Contact information of individual responsible for privacy related questions.

Name	Maribel Franey
Phone Number	410-786-0757
Title	Director, Privacy Compliance
Email	Maribel.Franey@cms.hhs.gov

23. Are the records produced by this investment appropriately scheduled with the National Archives and Records Administration's approval?: yes

24. Does this investment directly support one of the GAO High Risk Areas?: yes

SUMMARY OF SPEND

1. Provide the total estimated life-cycle cost for this investment by completing the following table. All amounts represent budget authority in millions, and are rounded to three decimal places. Federal personnel costs should be included only in the row designated Government FTE Cost, and should be excluded from the amounts shown for Planning, Full Acquisition, and Operation/Maintenance. The total estimated annual cost of the investment is the sum of costs for Planning, Full Acquisition, and Operation/Maintenance. For Federal buildings and facilities, life-cycle costs should include long term energy, environmental, decommissioning, and/or restoration costs. The costs associated with the entire life-cycle of the investment should be included in this report. All amounts represent Budget Authority Note: For the cross-agency investments, this table should include all funding (both managing partner and partner agencies). Government FTE Costs should not be included as part of the TOTAL represented.

Cost Type	Py-1 & Earlier -2006	PY 2007	CY 2008	BY 2009
Planning Budgetary Resources	0.000	0.000	0.000	0.000
Acquisition Budgetary Resources	0.000	0.000	0.000	0.000
Maintenance Budgetary Resources	27.344	15.263	18.030	15.525
Government FTE Cost	0.377	0.195	0.200	0.212
# of FTEs	4	2	2	2

2. Will this project require the agency to hire additional FTE's?: no

PERFORMANCE

In order to successfully address this area of the exhibit 300, performance goals must be provided for the agency and be linked to the annual performance plan. The investment must discuss the agency's mission and strategic goals, and performance measures (indicators) must be provided. These goals need to map to the gap in the agency's strategic goals and objectives this investment is designed to fill. They are the internal and external performance benefits this investment is expected to deliver to the agency (e.g., improve efficiency by 60 percent, increase citizen participation by 300 percent a year to achieve an overall citizen participation rate of 75 percent by FY 2xxx, etc.). The goals must be clearly measurable investment outcomes, and if applicable, investment outputs. They do not include the completion date of the module, milestones, or investment, or general goals, such as, significant, better, improved that do not have a quantitative measure.

Agencies must use the following table to report performance goals and measures for the major investment and use the Federal Enterprise Architecture (FEA) Performance Reference Model (PRM). Map all Measurement Indicators to the corresponding Measurement Area and Measurement Grouping identified in the PRM. There should be at least one Measurement Indicator for each of the four different Measurement Areas (for each fiscal year). The PRM is available at www.egov.gov. The table can be extended to include performance measures for years beyond FY 2009.

Row	Fiscal Year	Strategic Goal Supported	Measurement Area	Measurement Grouping	Measurement Indicator	Baseline	Planned Improvement to the Baseline	Actual Results
1	2006	S.O. 1.3 - Improve health care quality, safety, cost and value	Technology	External Data Sharing	Number of months NCH/Medicare Utilization data released to disease management contractors within 15 days after the end of the month	7	10	10
2	2006	S.O. 1.3 - Improve health care quality, safety, cost and value	Processes and Activities	Productivity	Percent of Medicare Utilization data updated monthly in DESY	100%	100%	100%
3	2006	S.O. 1.3 - Improve health care quality, safety, cost and value	Customer Results	Delivery Time	Percent DESY extracts process utilizing new data source	60%	80%	80%
4	2006	S.O. 1.3 - Improve health care quality, safety, cost and value	Mission and Business Results	Information Management	Percent increase in DBA monitoring at CMS contractor sites	400 Database Monitored	50%	50%
5	2007	S.O. 1.3 - Improve health care quality, safety, cost and value	Technology	External Data Sharing	Number of months NCH/Medicare Utilization data released to disease management contractors within 15 days after the end of the month	10	11	TBD
6	2007	S.O. 1.3 - Improve health care quality, safety, cost and value	Processes and Activities	Productivity	Percent of Medicare Utilization data updated monthly in DESY	100%	100%	TBD
7	2007	S.O. 1.3 - Improve health care quality, safety, cost and value	Customer Results	Delivery Time	Percent of DESY extract requests returned in 1 day for enrollment, 3 days for SAFS, and 1 week for NCH/Medpar.	80%	90%	TBD
8	2007	S.O. 1.3 - Improve health care quality, safety, cost and value	Mission and Business Results	Information Management	Percent increase in DBA monitoring of 41 contractors managing 668 databases	50%	10%	TBD
9	2008	S.O. 1.3 - Improve health care quality, safety, cost and value	Technology	External Data Sharing	Number of months NCH/Medicare Utilization data released to disease management contractors within 15 days after the end of the month	11	12	TBD
10	2008	S.O. 1.3 - Improve health care quality, safety, cost and value	Processes and Activities	Productivity	Percent of Medicare Utilization data updated monthly in DESY	100%	100%	TBD
11	2008	S.O. 1.3 - Improve health care quality, safety, cost and value	Customer Results	Delivery Time	Percent of DESY extract requests returned in 1 day for enrollment, 3 days for SAFS, and 1 week for NCH/Medpar.	90%	90%	TBD
12	2008	S.O. 1.3 - Improve health care quality, safety, cost and value	Mission and Business Results	Information Management	Percent increase in DBA monitoring of 41 contractors managing 668 databases	10%	10%	TBD
13	2009	S.O. 1.3 - Improve health care quality, safety, cost and value	Technology	External Data Sharing	Number of months NCH/Medicare Utilization data released to disease management contractors within 15 days after the end of the month	12	12	TBD
14	2009	S.O. 1.3 - Improve health care quality, safety, cost and value	Processes and Activities	Productivity	Percent of Medicare Utilization data updated monthly in DESY	100%	100%	TBD
15	2009	S.O. 1.3 - Improve health care quality, safety, cost and value	Customer Results	Delivery Time	Percent of DESY extract requests returned in 1 day for enrollment, 3 days for SAFS, and 1 week for NCH/Medpar.	90%	90%	TBD
16	2009	S.O. 1.3 - Improve health care quality, safety, cost and value	Mission and Business Results	Information Management	Percent increase in DBA monitoring of 41 contractors managing 668 databases	10%	10%	TBD
17	2010	S.O. 1.3 - Improve health care quality, safety, cost and value	Technology	External Data Sharing	Number of months NCH/Medicare Utilization data released to disease management contractors within 15 days after the end of the month	12	12	TBD
18	2010	S.O. 1.3 - Improve health care quality, safety, cost and value	Processes and Activities	Productivity	Percent of Medicare Utilization data updated monthly in DESY	100%	100%	TBD
19	2010	S.O. 1.3 - Improve health care quality, safety, cost and value	Customer Results	Delivery Time	Percent of DESY extract requests returned in 1 day for enrollment, 3 days for SAFS, and 1 week for NCH/Medpar.	90%	90%	TBD
20	2010	S.O. 1.3 - Improve health care quality, safety, cost and value	Mission and Business Results	Information Management	Percent increase in DBA monitoring of 41 contractors managing 668 databases	10%	10%	TBD
21	2011	S.O. 1.3 - Improve health care quality, safety, cost and value	Technology	External Data Sharing	Number of months NCH/Medicare Utilization data released to disease management contractors within 15 days after the end of the month	12	12	TBD
22	2011	S.O. 1.3 - Improve health care quality, safety, cost and value	Processes and Activities	Productivity	Percent of Medicare Utilization data updated monthly in DESY	100%	100%	TBD
23	2011	S.O. 1.3 - Improve health care quality, safety, cost and value	Customer Results	Delivery Time	Percent of DESY extract requests returned in 1 day for enrollment, 3 days for SAFS, and 1 week for NCH/Medpar.	90%	90%	TBD
24	2011	S.O. 1.3 - Improve health care quality, safety, cost and value	Mission and Business Results	Information Management	Percent increase in DBA monitoring of 41 contractors managing 668 databases	10%	10%	TBD
25	2012	S.O. 1.3 - Improve health care quality, safety, cost and value	Technology	External Data Sharing	Number of months NCH/Medicare Utilization data released to disease management contractors within 15 days after the end of the month	12	12	TBD
26	2012	S.O. 1.3 - Improve health care quality, safety, cost and value	Processes and Activities	Productivity	Percent of Medicare Utilization data updated monthly in DESY	100%	100%	TBD
27	2012	S.O. 1.3 - Improve health care quality, safety, cost and value	Customer Results	Delivery Time	Percent of DESY extract requests returned in 1 day for enrollment, 3 days for SAFS, and 1 week for NCH/Medpar.	90%	90%	TBD
28	2012	S.O. 1.3 - Improve health care quality, safety, cost and value	Mission and Business Results	Information Management	Percent increase in DBA monitoring of 41 contractors managing 668 databases	10%	10%	TBD
29	2013	S.O. 1.3 - Improve health care quality, safety, cost and value	Technology	External Data Sharing	Number of months NCH/Medicare Utilization data released to disease management contractors within 15 days after the end of the month	12	12	TBD
30	2013	S.O. 1.3 - Improve health care quality, safety, cost and value	Processes and Activities	Productivity	Percent of Medicare Utilization data updated monthly in DESY	100%	100%	TBD
31	2013	S.O. 1.3 - Improve health care quality, safety, cost and value	Customer Results	Delivery Time	Percent of DESY extract requests returned in 1 day for enrollment, 3 days for SAFS, and 1 week for NCH/Medpar.	90%	90%	TBD
32	2013	S.O. 1.3 - Improve health care quality, safety, cost and value	Mission and Business Results	Information Management	Percent increase in DBA monitoring of 41 contractors managing 668 databases	10%	10%	TBD

Enterprise Architecture

In order to successfully address this area of the business case and capital asset plan you must ensure the investment is included in the agency's EA and Capital Planning and Investment Control (CPIC) process, and is mapped to and supports the FEA. You must also ensure the business case demonstrates the relationship between the investment and the business, performance, data, services, application, and technology layers of the agency's EA.

1. Is this investment included in your agency's target enterprise architecture?: yes

2. Is this investment included in the agency's EA Transition Strategy?: yes

2.a. If yes, provide the investment name as identified in the Transition Strategy provided in the agency's most recent annual EA Assessment.: CMS Data Management Operations - Claims

3. Is this investment identified in a completed (contains a target architecture) and approved segment architecture?: no

4. Identify the service components funded by this major IT investment (e.g., knowledge management, content management, customer relationship management, etc.). Provide this information in the format of the following table. For detailed guidance regarding components, please refer to http://www.whitehouse.gov/omb/egov/. Component: Use existing SRM Components or identify as NEW. A NEW component is one not already identified as a service component in the FEA SRM. Reused Name and UPI: A reused component is one being funded by another investment, but being used by this investment. Rather than answer yes or no, identify the reused service component funded by the other investment and identify the other investment using the Unique Project Identifier (UPI) code from the OMB Ex 300 or Ex 53 submission. Internal or External Reuse?: Internal reuse is within an agency. For example, one agency within a department is reusing a service component provided by another agency within the same department. External reuse is one agency within a department reusing a service component provided by another agency in another department. A good example of this is an E-Gov initiative service being reused by multiple organizations across the federal government. Funding Percentage: Please provide the percentage of the BY requested funding amount used for each service component listed in the table. If external, provide the funding level transferred to another agency to pay for the service.

Row	Agency Component Name	Agency Component Description	Service Type	Component	Internal or External Reuse?	Funding %
1	Audit Trail Capture and Analysis	Audit Trail Capture and Analysis - Support the identification and monitoring of activities within an application, system, or network.	Security Management	Audit Trail Capture and Analysis	No Reuse	0
2	Identification and Authentication	Defines the set of capabilities that support obtaining information about those parties attempting to log on to a system or application for security purposes and the validation of those users.	Security Management	Identification and Authentication	No Reuse	0
3	Access Control	Access Control - Support the management of permissions for logging onto a computer, application, service, or network; includes user management and role/privilege management.	Security Management	Access Control	No Reuse	0
4	System Resource Monitoring	Defines the set of capabilities that support the balance and allocation of memory, usage, disk space and performance on computers and their applications.	Systems Management	System Resource Monitoring	No Reuse	0
5	Standardized / Canned	Defines the set of capabilities that support the use of pre-conceived or pre-written reports.	Reporting	Standardized / Canned	No Reuse	0
6	Ad Hoc	Defines the set of capabilities that support the use of dynamic reports on an as needed basis.	Reporting	Ad Hoc	No Reuse	2
7	Data Warehouse	Defines the set of capabilities that support the archiving and storage of large volumes of data.	Data Management	Data Warehouse	No Reuse	0
8	Data Recovery	Defines the set of capabilities that support the restoration and stabilization of data sets to a consistent, desired state.	Data Management	Data Recovery	No Reuse	0
9	Data Classification	Defines the set of capabilities that allow the classification of data.	Data Management	Data Classification	No Reuse	0
10	Data Cleansing	Defines the set of capabilities that support the removal of incorrect or unnecessary characters and data from a data source.	Data Management	Data Cleansing	No Reuse	0
11	Meta Data Management	Defines the set of capabilities that support the maintenance and administration of data that describes data.	Data Management	Meta Data Management	No Reuse	0
12	Extraction and Transformation	Defines the set of capabilities that support the manipulation and change of data.	Data Management	Extraction and Transformation	No Reuse	17
13	Data Exchange	Defines the set of capabilities that support the interchange of information between multiple systems or applications; includes verification that transmitted data was received unaltered.	Data Management	Data Exchange	No Reuse	19

5. To demonstrate how this major IT investment aligns with the FEA Technical Reference Model (TRM), please list the Service Areas, Categories, Standards, and Service Specifications supporting this IT investment. FEA SRM Component: Service Components identified in the previous question should be entered in this column. Please enter multiple rows for FEA SRM Components supported by multiple TRM Service Specifications. Service Specification: In the Service Specification field, Agencies should provide information on the specified technical standard or vendor product mapped to the FEA TRM Service Standard, including model or version numbers, as appropriate.

Row	SRM Component	>Service Area	Service Category	Service Standard	Service Specification (i.e., vendor and product name)
1	Standardized / Canned	Component Framework	Data Management	Reporting and Analysis	COBOL
2	Data Recovery	Service Platform and Infrastructure	Database / Storage	Storage	Direct Access Storage Device (DASD)
3	Data Exchange	Component Framework	Data Interchange	Data Exchange	Email
4	Meta Data Management	Service Interface and Integration	Interoperability	Data Format / Classification	ERwin Data Modeler
5	Data Cleansing	Service Platform and Infrastructure	Software Engineering	Modeling	ERwin Data Modeler
6	Extraction and Transformation	Component Framework	Data Management	Database Connectivity	IBM DB2
7	Standardized / Canned	Component Framework	Data Management	Reporting and Analysis	IBM DB2
8	Data Classification	Component Framework	Data Management	Reporting and Analysis	IBM DB2
9	Data Recovery	Service Platform and Infrastructure	Database / Storage	Storage	IBM DB2
10	Data Recovery	Service Platform and Infrastructure	Software Engineering	Test Management	Load Runner
11	Data Warehouse	Component Framework	Business Logic	Platform Dependent	Mainframe
12	Data Exchange	Component Framework	Business Logic	Platform Independent	Mainframe
13	Data Warehouse	Service Platform and Infrastructure	Database / Storage	Database	Microsoft SQL Server
14	Data Warehouse	Component Framework	Business Logic	Platform Dependent	Mid Tier
15	Data Exchange	Component Framework	Business Logic	Platform Independent	Mid Tier
16	Data Warehouse	Service Platform and Infrastructure	Database / Storage	Database	Oracle
17	Access Control	Service Platform and Infrastructure	Software Engineering	Software Configuration Management	Resource Access Control Facility
18	Access Control	Component Framework	Security	Supporting Security Services	Resource Access Control Facility
19	Audit Trail Capture and Analysis	Service Access and Delivery	Service Requirements	Hosting	Time Sharing Option
20	Identification and Authentication	Service Platform and Infrastructure	Software Engineering	Integrated Development Environment	Time Sharing Option
21	Data Exchange	Component Framework	Data Interchange	Data Exchange	Web Browser
22	Ad Hoc	Service Access and Delivery	Delivery Channels	Intranet	Windows Internet Explorer
23	System Resource Monitoring	Service Access and Delivery	Access Channels	Web Browser	Windows Internet Explorer

6. Will the application leverage existing components and/or applications across the Government (i.e., FirstGov, Pay.Gov, etc)?: no

PART THREE

RISK

You should perform a risk assessment during the early planning and initial concept phase of the investment's life-cycle, develop a risk-adjusted life-cycle cost estimate and a plan to eliminate, mitigate or manage risk, and be actively managing risk throughout the investment's life-cycle.

Answer the following questions to describe how you are managing investment risks.

1. Does the investment have a Risk Management Plan?: yes

1.a. If yes, what is the date of the plan?: 2007-01-01

1.b. Has the Risk Management Plan been significantly changed since last year's submission to OMB?: no

COST & SCHEDULE

1. Was operational analysis conducted?: yes

1.a. If yes, provide the date the analysis was completed.: 2007-06-30

What were the results of your operational analysis?: The operational analysis was complete to validate that the project's principal goals were done in a timely manner and within budget. The systems continue to perform at an acceptable level for CMS users and contractors.

1.c. If no, please explain why it was not conducted and if there are any plans to conduct operational analysis in the future.: Not Applicable.