Privacy Office

The CMS Privacy Office is responsible for the management and oversight of the Privacy Act of 1974 as it pertains to the Centers for Medicare & Medicaid Services (CMS).

The CMS Privacy Officer is the principal authority for the management and oversight of the Privacy Act as it pertains to CMS. Contact the Privacy Officer via e-mail Privacy@cms.hhs.gov or by telephone at 410-786-5357.  The Privacy Officer responsibilities include:

• Developing and promulgating this policy;
• Interpreting Privacy Act requirements and rules;
• Implementing the CMS Privacy Act Program;
• Serving as the Agency's adviser for all aspects of the Privacy Act of 1974;
• Serving as the single point of contact for all Privacy Act regulatory and compliance initiatives;
• Developing policy, providing program oversight, and serving as the focal point for CMS Privacy Act matters;
• Reviewing new and existing CMS policies, procedures, program memoranda, interagency agreements and other written arrangements (both inter and intra) which may impact on the personal privacy of an individual;
• Advising and assisting with the development and coordination of Privacy Act computer matching agreements between CMS components and other Federal or State agencies;
• Finalizing, reviewing, coordinating, clearing and submitting for publication in the Federal Register, Privacy Act System of Record (SOR) notices and Computer Matching Agreements (CMA) for CMS components;
• Preparing and coordinating applicable CMS submissions for the biennial Department of Health and Human Services (DHHS) Reports to Congress as required by Office of Management and Budget (OMB) Circular A-130;
• Serving on the CMS Data Review Board, the Beneficiary Confidentiality Board, and other Privacy Act forums, as applicable;
• Managing the Agency Privacy Act training and/or awareness programs;
• Coordinating with all system owner/managers to ensure that they understand the Privacy Act requirements and their related responsibilities;
• Reviewing requests and concurs with the need to establish a new Privacy Act SOR or to modify an existing Privacy Act SOR;
• Assisting system owners/managers in preparing Privacy Act SORs and Computer Matching Agreements in accordance with established procedures;
• Ensuring that SORs and CMAs comply with the Privacy Act; and
• Providing day-to-day policy guidance and assistance to the CMS components in their implementation and execution of their programs.