Enterprise Privacy Policy Engine (EPPE)

What is EPPE?

EPPE is the CMS system used to track disclosures of data containing Protected Health Information (PHI) or Personally Identifiable Information (PII).

You can access EPPE using the following link: https://portal.cms.gov/. 

Who should be using EPPE?

EPPE is currently required for use by CMS Contracting Officer Representatives (CORs), CMS contractors, and researchers requesting Limited Data Sets (LDSs) to manage their Data Use Agreements (DUAs). CMS CORs, contractors, and LDS requesters must complete EPPE training before accessing the system to submit DUA actions. 

Where can I find information and training on Contractor and LDS DUAs?

For information and training materials on how to establish a new DUA or process updates and extensions to existing DUAs, please visit:

Who do I contact if I need help with EPPE?

If you need assistance with EPPE, please review the EPPE FAQs (PDF).  If you are unable to find the answer to your question, contact the EPPE Help Desk at 844-EPPE-DUA (844-377-3382) or EPPE@cms.hhs.gov


Page Last Modified:
05/13/2021 11:15 AM