CMS Information Security and Privacy Overview: Computer Matching Agreements (CMA)
Guidance for why computer matching agreements came about.
Issued by: Centers for Medicare & Medicaid Services (CMS)
Issue Date: January 01, 2020
Computer Matching Agreements (CMAs)
A Computer Matching Agreement (CMA) is a written agreement establishing the conditions, safeguards, and procedures under which a federal agency agrees to disclose data with another federal or state agency. For access to CMAs, visit HHS CMA website.
Information Exchange Agreements (IEAs)
The Privacy Act of 1974 established the Information Exchange Agreement (IEA). The IEA is a document used when CMS discloses Personally Identifiable Information (PII) to a Department of Health and Human Services (HHS) Operating Division (OpDiv), another federal agency, or a state agency. The IEA states the terms and conditions for the data exchange between CMS and the other party, including the privacy and security safeguards to ensure that the information is protected.
An IEA is required when exchanging information with outside agencies. It is similar to an Interconnection Security Agreement (ISA) but does not include technical details and specific boundaries of the system. An ISA may be required in addition to an IEA, depending on the method used to transfer data.
HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.
DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.