Privacy Impact Assessment (PIA)
In accordance with the E-Government Act of 2002 and OMB Memorandum 03-22, CMS is required to conduct Privacy Impact Assessments (PIA) on CMS information systems and collections.
PIAs are a critical tool for:
- Spotting privacy risks
- Complying with federal regulations and laws
- Identifying collections of Personally Identifiable Information (PII) and/or Protected Health Information (PHI)
- Identifying CMS information systems subject to the Privacy Act of 1974
Additionally, OMB Memorandum 10-23 requires CMS to conduct a PIA for each use of a Third Party Website and Application (TPWA). TPWA uses include technologies like social media or applications third parties own and operate.
If you have any questions, please contact PIA@cms.hhs.gov.
Visit HHS PIA to view signed CMS PIAs.