Skip to main content

CMS Privacy Impact Assessments

List of all Privacy Impact Assessments for CMS information systems that require a PIA to comply with the E-Government Act.

Contact: privacy@cms.hhs.gov | CMS Privacy Office

Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) and determine whether the privacy of that PII is adequately protected. Agencies perform this evaluation through a Privacy Impact Assessment (PIA).

Policy from the U.S. Department of Health and Human Services (HHS) states that operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems. Upon completion of each assessment, agencies are required to make that PIA publicly available.

As an OPDIV of HHS, CMS provides the Privacy Impact Assessments for all CMS information systems that require a PIA. They are listed below.

A-C

D-I

J-P

Q-Z