Privacy Impact Assessment (PIA)
Privacy Impact Assessment (PIA)
In accordance with the E-Government Act of 2002 and OMB Memorandum 03-22, CMS is required to conduct Privacy Impact Assessments (PIA). A PIA is an analysis of how personally identifiable information (PII) is collected, used, shared, and maintained. The purpose of a PIA is to demonstrate that system owners have consciously incorporated privacy protections within their systems for information supplied by the public.
PIAs are a critical tool for:
- Spotting privacy risks
- Complying with federal regulations and laws
- Identifying collections of Personally Identifiable Information (PII) and/or Protected Health Information (PHI)
- Identifying CMS information systems subject to the Privacy Act of 1974
Additionally, OMB Memorandum 10-23 requires CMS to conduct a PIA for each use of a Third Party Website and Application (TPWA). A TPWA is an analysis of third-party websites or application technologies (like social media platforms) used by CMS to communicate and engage with members of the public.
If you have any questions, please contact privacy@cms.hhs.gov
Page Last Modified:
09/10/2024 06:18 PM