U S Department of Health and Human Services www.hhs.gov
  CMS Home > Research, Statistics, Data and Systems > Information Security > Overview
Information Security


CMS Information Security (IS) "Virtual Handbook" 

The links to the left are the collection of all CMS policies, procedures, standards and guidelines which implement the CMS Information Security Program. 

"Holding Ourselves to a Higher Standard"

As CMS is a trusted custodian of individual health care data, we must protect its most valuable assets, its information and its information systems.  At CMS, we believe that putting the government's credibility at risk is not acceptable. 

Computer Based Training (CBT) is mandatory for most users of CMS Information Systems when an individual is initially issued their CMS UserID and then in conjunction with annual certification of their CMS UserID.  Select the "Information Security CBT" link below.

Access to CMS Systems - for more information about CMS UserIDs in the EUA system, the annual UserID certification process, EUA Passport or EUA Workflow, select the the "EUA" link to the left or below.  Select the "IACS" link below for UserIDs related to Medicare Parts C and D. 

HIPAA Security Rule - for information regarding the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) and the HIPAA Security Rule, select the "HIPAA Security Rule" link below.  For a more encompassing view of HIPAA, select the "HIPAA Privacy Standard" link below.

Identity Theft - find out everything that you need to know about how to protect yourself or recovery from Identity Theft by visiting the Federal Trade Commission's web site by selecting the "Identity Theft" link below.

Information System Security Officers (ISSO) - are the primary points of contact within each CMS Office/Center regarding information security issues and they are the component's liaison with the CMS Chief Information Security Officer (CISO).  Select the "ISSO" link below.

Security in the Systems Development Lifecycle (SDLC) - Are you involved in the design or maintenance of an information system for CMS ???  Select the links to the left to access the applicable information security laws, regulations, policies, procedures, standards and guidelines that affect all CMS information and information systems.  The overall "Systems Lifecycle Framework" can be reached through the link below.  

Cyber Tyger - Do you have a question or comment about the CMS Information Security Program ??? Send an e-mail to CyberTyger@cms.hhs.gov and Cyber Tyger will find the answer for you.


HIPAA Security Rule [Final] (PDF - 309 Kb)

CMS ISSOs (PDF - 120 Kb)

Related Links Inside CMS

Information Security CBT (for authorized CMS system users only)



System Lifecycle Framework

Related Links Outside CMSExternal Linking Policy

Identity Theft

HIPAA Privacy Standard


Page Last Modified: 05/27/2008 6:53:38 PM
Help with File Formats and Plug-Ins

Submit Feedback