Privacy Impact Assessment (PIA)

Privacy Impact Assessment (PIA)

In accordance with the E-Government Act of 2002 and OMB Memorandum 03-22, CMS is required to conduct Privacy Impact Assessments (PIA) on CMS information systems and collections.

PIAs are a critical tool for:

  • Spotting privacy risks
  • Complying with federal regulations and laws
  • Identifying collections of Personally Identifiable Information (PII) and/or Protected Health Information (PHI)
  • Identifying CMS information systems subject to the Privacy Act of 1974

Additionally, OMB Memorandum 10-23 requires CMS to conduct a PIA for each use of a Third Party Website and Application (TPWA). TPWA uses include technologies like social media or applications third parties own and operate.

If you have any questions, please contact

Visit HHS PIA to view signed CMS PIAs.

Page Last Modified:
09/06/2023 04:57 PM