Privacy Impact Assessment (PIA)

The CMS Privacy Office provides the technical and management support necessary for the agency to achieve compliance with Title II and III of the E-Government Act of 2002 and the Federal Information Security Management Act (FISMA). A key component of this legislation is the completion, publication, and submission of information technology (IT) system Privacy Impact Assessments (PIAs). Conducting a PIA facilitates the identification of systems that contain personally identifiable information (PII) and satisfies system compliance with all relevant privacy laws, regulations, and guidance. The PIA process also ensures that privacy protections are incorporated into every stage of an IT system's life cycle, and measures the effectiveness of these protections. CMS Privacy Office policy requires that all systems have a current PIA, which requires an annual review of the assessment by CMS System Business Owners and Information System Security Officers (ISSO) and approval that it meets privacy compliance by the CMS Privacy Office. Also, should the CMS System undergo a significant change at any time, the assessment is required to be completed at that time as well and submitted to the CMS Privacy Office for approval.

For any assistance concerning PIA completion and to submit a PIA for approval, please send an e-mail to:
PIA@cms.hhs.gov

Here is a link to a list of all of CMS’ System PIA.

Download the CMS PIA template using the link below.

Downloads

PIA Template [ZIP, 42KB]

Page last Modified: 06/14/2012 8:24 PM
Help with File Formats and Plug-Ins

A federal government website managed by the Centers for Medicare & Medicaid Services
7500 Security Boulevard, Baltimore, MD 21244

Centers for Medicare & Medicaid Services

7500 Security Boulevard

Baltimore, MD21244

USA

Privacy

Privacy Impact Assessment (PIA)

Downloads

CMS & HHS Websites

Tools

Helpful Links