U.S. Department of Health & Human Services
  • Text Resize A A A
  • Print Print
  • Share Share

Privacy Impact Assessments

System Privacy Impact Assessments

Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) and determine whether the privacy of that PII is adequately protected. Agencies perform this  evaluation through a privacy impact assessment (PIA). HHS policy states that operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems (developmental and operational). Upon completion of each assessment, agencies are required to make that PIA publicly available.

HHS recently implemented new software to manage its PIA drafting and review processes. Questions in the new form are numbered; however, for privacy and relevancy reasons, certain questions are not listed. For example, questions about a website will not be included if the system does not utilize a website.

Administration for Children and Families

Agency for Healthcare Research and Quality

Centers for Disease Control & Prevention

Centers for Medicare & Medicaid Services

Food & Drug Administration

Health Resources & Services Administration

National Institutes of Health

Office of the Secretary

Substance Abuse and Mental Health Services Administration

To view PIAs published using the prior software, click on the name of the OpDiv listed below and then scroll through the document containing their PIAs:

Third-Party Websites and Applications Privacy Impact Assessments

The Office of Management and Budget Memorandum 10-23, Guidance for Agency Use of Third-Party Websites and Applications, requires that agencies assess their uses of third-party Websites and applications to ensure that the uses protect privacy. The mechanism by which agencies perform this assessment is a privacy impact assessment (PIA). In accordance with HHS policy, operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all third-party Websites and applications in use. Upon completion of each assessment, agencies are required to make the PIAs publicly available.

To view the Third-Party Websites and Applications (TPWA) Privacy Impact Assessments for each individual OPDIV system, please refer to the links located below.

Centers for Medicare & Medicaid Services

To view the TPWA Privacy Impact Assessments completed using the prior software, please refer to the links located below.

Content created by Digital Communications Division (DCD)
Content last reviewed on August 25, 2015