Skip Navigation
  • Text Size: A A A
  • Print
  • Email
  • Facebook
  • Tweet
  • Share
  • Print
  • Email
  • Facebook
  • Tweet
  • Share

Privacy Impact Assessments

System Privacy Impact Assessments

Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) to determine that the privacy of this information is adequately protected. The mechanism by which agencies perform this assessment is a privacy impact assessment (PIA). In accordance with HHS policy, operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems (developmental and operational). Upon completion of each assessment, agencies are required to make PIAs publicly available.

To view the PIAs for each individual OPDIV system, please refer to the links located below.

Third-Party Websites and Applications Privacy Impact Assessments

The Office of Management and Budget Memorandum 10-23, Guidance for Agency Use of Third-Party Websites and Applications, requires that agencies assess their uses of third-party Websites and applications to ensure that the uses protect privacy. The mechanism by which agencies perform this assessment is a privacy impact assessment (PIA). In accordance with HHS policy, operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all third-party Websites and applications in use. Upon completion of each assessment, agencies are required to make the PIAs publicly available.

To view the Third-Party Websites and Applications (TPWA) Privacy Impact Assessments for each individual OPDIV system, please refer to the links located below.


Content last reviewed on December 15, 2014

HHS System of Record Notices

The Privacy Act of 1974 requires that agencies create and maintain, as necessary, a system of record notice for systems as defined in the Privacy Act provisions. A system is subject to the Privacy Act if it contains a system of records; any item, collection, or grouping of information about an individual that identifies an individual, and where those records are retrieved by the name of the individual or by some type of unique identifier. In accordance with the Privacy Act of 1974, OPDIVs are responsible for completing and maintaining system or records notices.