Skip to Main Content

Privacy Office

The CMS Privacy Office is responsible for the management and oversight of the Privacy Act of 1974 as it pertains to the Centers for Medicare & Medicaid Services (CMS).

The CMS Privacy Officer is the principal authority for the management and oversight of the Privacy Act as it pertains to CMS. Contact the Privacy Officer via e-mail Privacy@cms.hhs.gov or by telephone at 410-786-5357.  The Privacy Officer responsibilities include:

  • Developing and promulgating this policy;
  • Interpreting Privacy Act requirements and rules;
  • Implementing the CMS Privacy Act Program;
  • Serving as the Agency's adviser for all aspects of the Privacy Act of 1974;
  • Serving as the single point of contact for all Privacy Act regulatory and compliance initiatives;
  • Developing policy, providing program oversight, and serving as the focal point for CMS Privacy Act matters;
  • Reviewing new and existing CMS policies, procedures, program memoranda, interagency agreements and other written arrangements (both inter and intra) which may impact on the personal privacy of an individual;
  • Advising and assisting with the development and coordination of Privacy Act computer matching agreements between CMS components and other Federal or State agencies;
  • Finalizing, reviewing, coordinating, clearing and submitting for publication in the Federal Register, Privacy Act System of Record (SOR) notices and Computer Matching Agreements (CMA) for CMS components;
  • Preparing and coordinating applicable CMS submissions for the biennial Department of Health and Human Services (DHHS) Reports to Congress as required by Office of Management and Budget (OMB) Circular A-130;
  • Serving on the CMS Data Review Board, the Beneficiary Confidentiality Board, and other Privacy Act forums, as applicable;
  • Managing the Agency Privacy Act training and/or awareness programs;
  • Coordinating with all system owner/managers to ensure that they understand the Privacy Act requirements and their related responsibilities;
  • Reviewing requests and concurs with the need to establish a new Privacy Act SOR or to modify an existing Privacy Act SOR;
  • Assisting system owners/managers in preparing Privacy Act SORs and Computer Matching Agreements in accordance with established procedures;
  • Ensuring that SORs and CMAs comply with the Privacy Act; and
  • Providing day-to-day policy guidance and assistance to the CMS components in their implementation and execution of their programs.
.