Issued by: Centers for Medicare & Medicaid Services (CMS)

Issue Date: January 01, 2020

In accordance with the E-Government Act of 2002 and OMB Memorandum 03-22, CMS is required to conduct Privacy Impact Assessments (PIA). A PIA is an analysis of how personally identifiable information (PII) is collected, used, shared, and maintained. The purpose of a PIA is to demonstrate that system owners have consciously incorporated privacy protections within their systems for information supplied by the public.

 

PIAs are a critical tool for:

 

• Spotting privacy risks
• Complying with federal regulations and laws
• Identifying collections of Personally Identifiable Information (PII) and/or Protected Health Information (PHI)
• Identifying CMS information systems subject to the Privacy Act of 1974

 

Additionally, OMB Memorandum 10-23 requires CMS to conduct a PIA for each use of a Third Party Website and Application (TPWA). A TPWA is an analysis of third-party websites or application technologies (like social media platforms) used by CMS to communicate and engage with members of the public. 

 

If you have any questions, please contact privacy@cms.hhs.gov 

 

View signed CMS PIAs on the HHS PIA website. 

HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.

DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.