Privacy Impact Assessment (PIA)

Privacy Impact Assessment (PIA)

In accordance with the E-Government Act of 2002 and OMB Memorandum 03-22, CMS is required to conduct Privacy Impact Assessments (PIA) on CMS information systems and collections.

PIAs are a critical tool for:

  • Spotting privacy risks
  • Complying with federal regulations and laws
  • Identifying collections of Personally Identifiable Information (PII) and/or Protected Health Information (PHI)
  • Identifying CMS information systems subject to the Privacy Act of 1974

Additionally, OMB Memorandum 10-23 requires CMS to conduct a PIA for each use of a Third Party Website and Application (TPWA). TPWA uses include technologies like social media or applications third parties own and operate.

If you have any questions, please contact PIA@cms.hhs.gov.

Visit HHS PIA to view signed CMS PIAs.

Page Last Modified:
09/06/2023 04:57 PM