Privacy Office

The CMS Privacy Office is responsible for the management and oversight of the Privacy Act of 1974 as it pertains to the Centers for Medicare & Medicaid Services (CMS).

The CMS Privacy Officer is the principal authority for the management and oversight of the Privacy Act as it pertains to CMS. Contact the Privacy Officer via e-mail Privacy@cms.hhs.gov or by telephone at 410-786-5357.  The Privacy Officer responsibilities include:

  • Developing and promulgating this policy;
  • Interpreting Privacy Act requirements and rules;
  • Implementing the CMS Privacy Act Program;
  • Serving as the Agency's adviser for all aspects of the Privacy Act of 1974;
  • Serving as the single point of contact for all Privacy Act regulatory and compliance initiatives;
  • Developing policy, providing program oversight, and serving as the focal point for CMS Privacy Act matters;
  • Reviewing new and existing CMS policies, procedures, program memoranda, interagency agreements and other written arrangements (both inter and intra) which may impact on the personal privacy of an individual;
  • Advising and assisting with the development and coordination of Privacy Act computer matching agreements between CMS components and other Federal or State agencies;
  • Finalizing, reviewing, coordinating, clearing and submitting for publication in the Federal Register, Privacy Act System of Record (SOR) notices and Computer Matching Agreements (CMA) for CMS components;
  • Preparing and coordinating applicable CMS submissions for the biennial Department of Health and Human Services (DHHS) Reports to Congress as required by Office of Management and Budget (OMB) Circular A-130;
  • Serving on the CMS Data Review Board, the Beneficiary Confidentiality Board, and other Privacy Act forums, as applicable;
  • Managing the Agency Privacy Act training and/or awareness programs;
  • Coordinating with all system owner/managers to ensure that they understand the Privacy Act requirements and their related responsibilities;
  • Reviewing requests and concurs with the need to establish a new Privacy Act SOR or to modify an existing Privacy Act SOR;
  • Assisting system owners/managers in preparing Privacy Act SORs and Computer Matching Agreements in accordance with established procedures;
  • Ensuring that SORs and CMAs comply with the Privacy Act; and
  • Providing day-to-day policy guidance and assistance to the CMS components in their implementation and execution of their programs.
Page Last Modified:
06/14/2012 08:24 PM