Incident Response

Incident Response

It’s our job to prevent, protect against, and respond to privacy incidents involving personally identifiable information (PII)/protected health information (PHI) we maintain.


What’s a Privacy Incident?


A privacy incident is any event that results in (or could result in) unauthorized use or disclosure of PII/PHI where persons other than authorized users have access (or potential access) to PII/PHI, or use it for an unauthorized purpose.


Incident/Breach Handling

The Incident Management Team (IMT) within the CMS Cybersecurity Integration Center (CCIC) manages privacy incidents enterprise-wide based on policies and procedures in accordance with federal information security and privacy requirements. For more information on incident/breach handling, visit RMH Chapter 08 Incident Response

How to Report Incident


CMS staff and contractors should contact the CMS IT Service Desk to report a suspected or confirmed privacy incident within one hour of discovery:

Page Last Modified:
11/21/2023 06:21 PM