Privacy
Information about the policies and programs that support the protection of sensitive information entrusted to CMS by beneficiaries and healthcare providers
Every day, millions of Americans trust CMS with their sensitive data, such as Personally Identifiable Information (PII) and Protected Health Information (PHI). We take the privacy and protection of that data very seriously by following fair information practices – like collecting only the data that’s necessary for a function or service, sharing it only with people who need to know, and being transparent about what information we collect.
The documents, tools, and resources on this page will help you comply with privacy-related requirements and follow best practices for FISMA systems at CMS. If you have questions about the privacy implications of a specific action or change, you can also contact the Privacy Office on this page. Working together, we can keep beneficiary information safe and secure.
CMS Slack Channel- #ispg-sec_privacy-policy
- #ispg-privacy-agreement-consults
CMS Privacy Program Plan
This document summarizes the Privacy Program and its related activities at CMS, including how we implement the HIPAA Privacy Rule, the Privacy Act, and NIST 800-53 controls for CMS information systems.
Top documents and resources
Business Owners and Privacy Advisors working together to determine the terms of sharing PII with other federal or state agencies
Notice provided to the public regarding records maintained by CMS and how those records will be used
Written agreement used in the comparison of automated systems of record between federal or state agencies
Process that identifies and mitigates privacy risks for CMS systems regarding the use of Personally Identifiable Information (PII)
The steps taken at CMS in response to a suspected breach of personally identifiable information (PII)
Summary of HIPAA and its policies, and their implications for ISPG
A plan designed to help CMS staff understand the specific requirements of the Privacy Program at CMS
Filtered view of related content using CyberGeek Search
