Incident Response

It’s our job to prevent, protect against, and respond to privacy incidents involving personally identifiable information (PII)/protected health information (PHI) we maintain.

What’s a Privacy Incident?

A privacy incident is any event that results in (or could result in) unauthorized use or disclosure of PII/PHI where persons other than authorized users have access (or potential access) to PII/PHI, or use it for an unauthorized purpose.

Incident/Breach Handling

The Incident Management Team (IMT) within the CMS Cybersecurity Integration Center (CCIC) manages privacy incidents enterprise-wide based on policies and procedures in accordance with federal information security and privacy requirements. For more information on incident/breach handling, visit RMH Chapter 08 Incident Response.

How to Report Incident

CMS staff and contractors should contact the CMS IT Service Desk to report a suspected or confirmed privacy incident within one hour of discovery:

410-786-2580 or 1-800-562-1963
CMS_IT_Service_Desk@cms.hhs.gov

Page Last Modified:

11/21/2023 06:21 PM

Help with File Formats and Plug-Ins

CMS Newsroom

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3

section title h3