Privacy Impact Assessment (PIA)

Privacy Impact Assessment (PIA)

In accordance with the E-Government Act of 2002 and OMB Memorandum 03-22, CMS is required to conduct Privacy Impact Assessments (PIA). A PIA is an analysis of how personally identifiable information (PII) is collected, used, shared, and maintained. The purpose of a PIA is to demonstrate that system owners have consciously incorporated privacy protections within their systems for information supplied by the public.

 

PIAs are a critical tool for:

 

  • Spotting privacy risks
  • Complying with federal regulations and laws
  • Identifying collections of Personally Identifiable Information (PII) and/or Protected Health Information (PHI)
  • Identifying CMS information systems subject to the Privacy Act of 1974

 

Additionally, OMB Memorandum 10-23 requires CMS to conduct a PIA for each use of a Third Party Website and Application (TPWA). A TPWA is an analysis of third-party websites or application technologies (like social media platforms) used by CMS to communicate and engage with members of the public. 

 

If you have any questions, please contact privacy@cms.hhs.gov 

 

View signed CMS PIAs on the HHS PIA website. 

Page Last Modified:
11/21/2023 06:14 PM