Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) to determine that the privacy of this information is adequately protected. The mechanism by which agencies perform this assessment is a privacy impact assessment (PIA). In accordance with HHS policy, operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems (developmental and operational). Upon completion of each assessment, agencies are required to make PIAs publicly available.
Posted in: HHS Administrative