Incident Response

Incident Response

It’s our job to prevent, protect against, and respond to privacy incidents involving personally identifiable information (PII)/protected health information (PHI) we maintain.

 

What’s a Privacy Incident?

 

A privacy incident is any event that results in (or could result in) unauthorized use or disclosure of PII/PHI where persons other than authorized users have access (or potential access) to PII/PHI, or use it for an unauthorized purpose.

 

Incident/Breach Handling

The Incident Management Team (IMT) within the CMS Cybersecurity Integration Center (CCIC) manages privacy incidents enterprise-wide based on policies and procedures in accordance with federal information security and privacy requirements. For more information on incident/breach handling, visit RMH Chapter 08 Incident Response

How to Report Incident

 

CMS staff and contractors should contact the CMS IT Service Desk to report a suspected or confirmed privacy incident within one hour of discovery:

Page Last Modified:
09/10/2024 06:18 PM