CMS Data Privacy Safeguard Program (DPSP)

Guidance for CMS Data Privacy Safeguard Program (DPSP) Web Page

Issued by: Centers for Medicare & Medicaid Services (CMS)

Issue Date: January 01, 2020

CMS's Data Privacy Safeguard Program (DPSP)

Purpose

The Centers for Medicare & Medicaid Services (CMS) seeks to ensure the protection of CMS data that are disclosed to external organizations for research purposes. To accomplish this, CMS has developed the Data Privacy Safeguard Program (DPSP). The DPSP reflects the Agency's priorities to both improve data stewardship and to protect the privacy and security of CMS research identifiable files (RIF) that are made available for conducting important research studies.

Current Version Date:

01/16/14

Overview of the DPSP

The DPSP consists of a revised Data Management Plan. The Data Management Plan is a section of the Executive Summary that researchers submit to CMS as part of their research protocol. The Data Management Plan section of the Executive Summary has been revised to request additional details about the safeguards researchers have in place to protect CMS RIFs.

A second component of the DPSP is to conduct remote and on-site reviews. These reviews are intended to provide CMS with additional details about how external researchers protect CMS RIFs. The Data Management Plan submission will validate the safeguards research organizations have put in place to protect CMS RIFs.

See the Data Management Plan Guidelines and the Data Management Checklist Evaluation Guide for details when preparing the data management section of the Executive Summary. Also, see an overview of the Data Privacy Safeguard Program and an FAQ document for more information on the program, both of which are provided in the list of additional resources.

One-on-One Guidance Sessions

The Data Privacy Safeguard Program (DPSP) team that reviews your data management plan is available for One-on-One Guidance Sessions. The goal of these sessions is to answer any questions you may have about the information being requested in the data management plan. If your organization is interested in scheduling a One-on-One Guidance Session with representatives from the DPSP team, please contact the team at data_privacy_safeguard_program@mbltechnologies.com.

Article Information

External Author(s): MBL Technologies Level: Introduction Topic: Policy, Request Process Program: Medicare, Medicaid Related Data Request Materials:

RIF Executive Summary Template

Attachment:

CMS DPSP Program Overview (477.2 KB)
DMP Review Checklist Evaluation Guide (69.04 KB)
DMP Collaborator Checklist (60.43 KB)
CMS DPSP Data Management Plan Guidelines (155.34 KB)
DPSP Information Security and Privacy Best Practices (51.88 KB)
DPSP FAQs (50.33 KB)

Disclaimer The process and materials mentioned as part of this KnowledgeBase article are current, as of the publication date on the article, to the best of our knowledge. The examples provided are correct in the aggregate but may not apply to every subgroup or circumstance that a researcher may wish to study. It is up to the researcher to conduct analysis and confirm that the patterns described in this KnowledgeBase article apply to his/her particular study. If your research findings appear to contradict the advice provided, please contact ResDAC at resdac@umn.edu.

HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.

DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.