Enterprise Privacy Policy Engine (EPPE)

Enterprise Privacy Policy Engine (EPPE)

EPPE is the CMS system used to track disclosures of data containing Protected Health Information (PHI) or Personally Identifiable Information (PII).

You can access EPPE using the following link: https://portal.cms.gov/.  To register for EPPE in the portal, follow the EPPE IDM registration instructions (PDF).

Who should be using EPPE?

EPPE is currently required for use by CMS Contracting Officer Representatives (CORs), CMS contractors, and researchers requesting Limited Data Sets (LDSs) to manage their Data Use Agreements (DUAs). CMS CORs, contractors, and LDS requesters must complete EPPE training before accessing the system to submit DUA actions. 

Where can I view my DUAs in EPPE?

To view and save PDF copies of your organization's DUAs, you can request the DUA Viewer role in EPPE. To request and use the role, refer to the DUA Viewer role training (PDF)

Where can I find information and training on Contractor and LDS DUAs?

For information and training materials on how to establish a new DUA or process updates and extensions to existing DUAs, please visit:

Who do I contact if I need help with EPPE?

If you need assistance with EPPE, please review the EPPE FAQs (PDF).  If you are unable to find the answer to your question, contact the EPPE Help Desk at 844-EPPE-DUA (844-377-3382) or EPPE@cms.hhs.gov

Page Last Modified:
11/01/2024 10:07 AM