CMS Privacy Impact Assessments
Contact: CMS Privacy Office | privacy@cms.hhs.gov
List of all Privacy Impact Assessments for CMS information systems that require a PIA to comply with the E-Government Act
PIA
Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) and determine whether the privacy of that PII is adequately protected. Agencies perform this evaluation through a Privacy Impact Assessment (PIA).
Policy from the U.S. Department of Health and Human Services (HHS) states that operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems. Upon completion of each assessment, agencies are required to make that PIA publicly available.
As an OPDIV of HHS, CMS provides the Privacy Impact Assessments for all CMS information systems that require a PIA. They are listed below.
A-C
- 2020 (CWF)
- Accountable Care Organization Management System
- Accountable Care Organization-Operational System
- Acumen General Support System
- Acumen Web Portals
- Administrative QIC
- Administrative Simplification Enforcement and Testing Tool
- Advanced Provider Screening
- AdvanceMed GSS
- Agent Broker Registry
- Anti-Harassment Complaints Database and 508 Complaints Database
- APM Management System
- Application Programming Interface Gateway
- Arc Geographic Information System
- Automated Plan Payment System
- Blue Button API On Fast Healthcare Interoperability Resources
- Box Storage Solution
- Capitol Bridge Worker’s Compensation Case Tracking System
- CCIIO Customer Relations Management System
- CCIIO Enrollment Resolution and Reconciliation System
- CCSQ Data Repository and Analytics Platform
- Center for Medicare and Medicaid Innovation Cloud Service Provider Salesforce
- Central Data Abstraction Tool-Modernized
- Chronic Condition Data Warehouse
- Cloud Content Management
- CM - CGS
- CM - First Coast Service Options
- CM - Maximus
- CM - National Government Services
- CM - Noridian Healthcare Solutions
- CM - Novitas Solutions Inc
- CM - Wisconsin Physician Services
- CMS Acquisition Lifecycle Modernization
- CMS Administrative Technology Solutions
- CMS Amazon Web Services GovCloud
- CMS Analysis, Reporting, and Tracking System
- CMS Connect
- CMS Enterprise Data Analytics Repository
- CMS Enterprise Portal Services
- CMS Enterprise Services and System Management
- CMS FISMA Controls Tracking System
- CMS FISMA Controls Tracking System-Cloud
- CMS National Training Program Learning Management System
- CMS Operations Information Network
- CMS SharePoint / CAPMS
- COGNOS BI
- Commercial Repayment Center (CRC) Intake
- Common Electronic Data Interchange
- Companion Data Services LLC Virtual Data Center General Support System
- Comprehensive Acquisition Management System
- Comprehensive Error Rate Testing - RC
- Continuously Available CMS Hosting Environment
- Contractor Reporting of Operational and Workload Data 2.0
- Conversion Medicare
- Customer Support Front End System
D-I
- Data Element Library
- Data Exchange System
- Deliverable Administration, Report, and Repository Tool
- Document Storage and Retrieval System
- Drug Data Processing System
- Durable Medical
- Easy Access to System Information
- Electronic Retro Processing Transmission
- Electronic Security System
- Eligibility Appeals Case Management System
- Eligibility Support Desktop Change Utility Tool
- Eligibility Worker Support System
- Encounter Data Processing System
- Enterprise Privacy Policy Engine Cloud
- ESRD Quality Reporting System
- Exchange Automated IT Solution
- Exchange Consumer Web Services
- Exchange Operations Center
- Expanded Data Feedback Reporting
- Federal Data Services Hub
- Federally Facilitated Exchange Analysis Tools
- Federally Facilitated Marketplaces
- FFM Eligibility Appeals Support
- Financial Information and Vouchering System Next Generation
- Financial Management External Data Gathering Environment
- Find Local Help
- Fiscal Intermediary Shared System
- Fraud Prevention System 2.0
- GovDelivery
- Health Care Cost Report Information System
- Health Data Reporting
- Health Insurance and Oversight System
- Health Insurance Casework System
- Health Plan Finder Application
- Health Plan Management System
- Healthcare Fraud Prevention Partnership Trusted Third Party 2.0
- HEDIS Patient Data
- HIPAA Eligibility Transaction System
- Hospital Quality Reporting
- Human Resources Enterprise Systems
- Identity Management
- Information Technology Security and Privacy - Computer Based Training
- Innovation Center
- Integrated Data Repository Cloud
- Internet Quality Improvement and Evaluation System
J-P
- Lewin Group Datacenter
- Marketplace Consumer Record
- Marketplace Electronic Data Interchange
- Marketplace Learning Management System
- Marketplace Lite
- Marketplace Outreach Data System
- Maryland Primary Care Program System
- Master Data Management System
- Measure Authoring Development integrated Environment
- Measures Management System
- Medicaid and CHIP DataConnect
- Medicaid and CHIP Program System
- Medicaid Drug Programs
- Medicare Advantage and Prescription Drug System
- Medicare Appeals System
- Medicare Authenticated Experience
- Medicare Enrollment and Premium Billing System
- Medicare Fee-for-Service Data Collection System
- Medicare Online Support System
- Medicare Part B Shared System Claims Processing Maintenance
- Medicare Part D Coverage Gap Discount Program Direct Payment Process Portal
- Medicare Payment System Environment
- Medicare Provider Analysis and Review System
- Medicare Secondary Payer Systems Contractor - Major Application
- MedTrak
- Metadata Management & Data Governance COTS Software Maintenance and Support Services
- Model INnovation Tool
- Multidimensional Insurance Data Analytics System
- National Claims History
- National Data Warehouse
- Next Generation Desktop
- OCISO Inheritable Controls
- Office of Hearings Case and Document Management System
- One Program Integrity
- Open Payments System 2.0
- Payment Error Rate Measurement-Eligibility Review Data Collection Tool
- Payment Record Processing
- Payment Recovery Information System
- Performance Metrics Database and Analytics
- Premium Estimation Tool
- PRI Review System
- Production Performance Monitoring System
- Program Integrity Contractor CoventBridge
- Program Integrity Contractor Qlarant
- Program Integrity Contractor SGS
- Provider Compliance Group-Fast Healthcare Interoperability Resources
- Provider Customer Service Program System
- Provider Enrollment Chain and Ownership System
- Provider Statistical and Reimbursement System
- Public Website Shared Services
Q-Z
- Q-Net
- Qualified Entity Certification Program CRM System
- Qualified Health Plan Enrollee Experience Survey
- Quality Improvement and Evaluation System
- Quality Management and Review System
- Quality Payment Program
- Quality Service Center
- Recovery Audit Contractor Data Warehouse
- Recovery Audit Contractor Region 3
- Recovery Audit Contractor Region 4
- Recovery Audit Contractor Regions 1, 2 and 5
- Registration for Technical Assistance Portal
- Relationships, Events, Contacts, and Outreach Network
- Research Accessible Products Innovation and Deployable Solutions
- Retiree Drug Subsidy System
- Reusable Framework
- Risk Adjustment Suite of Systems
- Scalable Login Systems
- Security Control Orchestration, Utilities, and Tooling
- Statistical Analytical Software Enterprise Business Intelligence Cloud Platform
- Strategic Work Information Folder Transfer System
- Supplemental Medical Review Contractor System
- Survey and Certification and Clinical Laboratories Improvement Amendments Act
- Training Quality Content
- Transformed Medicaid Statistical Information System
- Unified Case Management System
- ViPS Medicare Shared System
- Virtual Audit Management System
- WAN Services-CMSNet-Verizon
TPWA
The TPWA Privacy Impact Assessment (PIA) is a tool to evaluate how a CMS Operating Division (OpDiv) is collecting/receiving Personally Identifiable Information (PII) through its use of a Third Party Website or Application (TPWA) — any web-based technology that is not exclusively controlled by a government entity.
The TPWA PIA helps the OpDiv identify risks and communicate this information to the public. TPWA PIA questions are based on the specific risks and compliance requirements for TPWAs as outlined by the OMB Memorandum 10-23.
Both PIAs and TPWA PIAs require approval from the U.S. Department of Health and Human Services (HHS). As an OpDiv of HHS, CMS publishes its TPWA PIAs below.