It’s our job to prevent, protect against, and respond to privacy incidents involving personally identifiable information (PII)/protected health information (PHI) we maintain.
What’s a Privacy Incident?
A privacy incident is any event that has resulted in (or could result in) unauthorized use or disclosure of PII/PHI where persons other than authorized users have access (or potential access) to PII/PHI, or use it for an unauthorized purpose.
The Incident Management Team (IMT) within the CMS Cybersecurity Integration Center (CCIC) manages privacy incidents enterprise-wide based on policies and procedures in accordance with federal information security and privacy requirements. For more information on incident/breach handling, visit RMH Chapter 08 Incident Response
How to Report Incident
CMS staff and contractors should contact the CMS IT Service Desk to report a suspected or confirmed privacy incident within one hour of discovery:
- 410-786-2580 or 1-800-562-1963