Skip to main content

CMS Privacy Impact Assessments

Contact: CMS Privacy Office | privacy@cms.hhs.gov

List of all Privacy Impact Assessments for CMS information systems that require a PIA to comply with the E-Government Act

PIA

Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) and determine whether the privacy of that PII is adequately protected. Agencies perform this evaluation through a Privacy Impact Assessment (PIA).

Policy from the U.S. Department of Health and Human Services (HHS) states that operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems. Upon completion of each assessment, agencies are required to make that PIA publicly available.

As an OPDIV of HHS, CMS provides the Privacy Impact Assessments for all CMS information systems that require a PIA. They are listed below.

A-C

D-I

J-P

Q-Z

TPWA

The TPWA Privacy Impact Assessment (PIA) is a tool to evaluate how a CMS Operating Division (OpDiv) is collecting/receiving Personally Identifiable Information (PII) through its use of a Third Party Website or Application (TPWA) — any web-based technology that is not exclusively controlled by a government entity.

The TPWA PIA helps the OpDiv identify risks and communicate this information to the public. TPWA PIA questions are based on the specific risks and compliance requirements for TPWAs as outlined by the OMB Memorandum 10-23.

Both PIAs and TPWA PIAs require approval from the U.S. Department of Health and Human Services (HHS). As an OpDiv of HHS, CMS publishes its TPWA PIAs below.

A-C

    D-I

      J-P

        Q-Z