CMS's Data Privacy Safeguard Program (DPSP)


The Centers for Medicare & Medicaid Services (CMS) seeks to ensure the protection of CMS data disclosed to external organizations for research purposes. To accomplish this, CMS has developed the Data Privacy Safeguard Program (DPSP). The DPSP reflects the CMS priorities to both improve data stewardship and to protect the privacy and security of CMS research identifiable files (RIF) that are made available for conducting important research studies.

Overview of the DPSP

The DPSP consists of a revised Data Management Plan. The Data Management Plan is a section of the Executive Summary that researchers submit to CMS as part of their research protocol. The Data Management Plan section of the Executive Summary has been revised to request additional details about the safeguards researchers have in place to protect CMS RIFs.

A second component of the DPSP is to conduct remote and on-site reviews. These reviews are intended to provide CMS with additional details about how external researchers protect CMS RIFs. The Data Management Plan submission will validate the safeguards research organizations have put in place to protect CMS RIFs.

See the Data Management Plan Guidelines and the Data Management Checklist Evaluation Guide for details when preparing the data management section of the Executive Summary. Also, see an overview of the Data Privacy Safeguard Program and an FAQ document for more information on the program, both of which are provided in the list of additional resources.

One-on-One Guidance Sessions

The Data Privacy Safeguard Program (DPSP) team that reviews your data management plan is available for One-on-One Guidance Sessions. The goal of these sessions is to answer any questions you may have about the information being requested in the data management plan. If your organization is interested in scheduling a One-on-One Guidance Session with representatives from the DPSP team, please contact the team at