Privacy

Quick Access

CMS Privacy Program Plan
Data Sharing Agreements
Privacy Impact Assessment (PIA)
Breach Response

Overview

Information Privacy at CMS means we protect the sensitive data entrusted to us by the American people -- such as Personally Identifiable Information (PII) and Protected Health Information (PHI). We collect only what data is necessary, and share it only with people who need to know. CMS Privacy Impact Assessments (PIA)s show what data is collected by CMS systems and how it is used and protected.

The resources on this page help you comply with privacy-related requirements for system(s) entrusted to your care. If you have questions or need help, contact the CMS Privacy Office.

All resources in Privacy

General Information

Breach Response
CMS Computer Matching Agreement (CMA)
CMS Information Exchange Agreement (IEA)
CMS Information Security Advisory Board (CISAB)
Data Sharing Agreements
Email Encryption Requirements at CMS
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Privacy Impact Assessment (PIA)
System of Records Notice (SORN)
System Security and Privacy Plan (SSPP)

Policies and Handbooks

CMS Breach Analysis Team (BAT) Handbook
CMS Breach Response Handbook
CMS Privacy Impact Assessment (PIA) Handbook
CMS Privacy Program Plan

Tools and Services

No tools and services to display

Authorization to Operate (ATO)

Ongoing Authorization (OA)

Assessments & Audits

CMS Policies and Guidance

Federal Policies and Guidance

Application Security

Security Operations

Risk Management and Reporting

Agreements

Privacy Activities

Privacy Resources

Reporting & Compliance

System Security

Tests & Assessments