The Privacy Act
The FOI/Privacy Acts Division is the focal point for the HHS Privacy Act administration, including the HHS System of Records Notices (SORN).
The Privacy Act of 1974, as amended at 5 U.S.C. 552a,
- Protects records about individuals retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual has rights under the Privacy Act to seek access to and request correction (if applicable) of any such records maintained about him or her.
- Prohibits disclosure of records without the written consent of the individual(s) to whom the records pertain, unless one of the twelve disclosure exceptions enumerated in the Act applies.
- Requires such records to be described in System of Records Notices (SORNs) published in the Federal Register and posted to the Internet.
- Binds only federal agencies and covers only records in the possession and control of federal agencies.
- HHS Privacy Act regulations (45 CFR Part 5b)
- FDA Privacy Act regulations (21 CFR Part 21)
If your privacy inquiry concerns a specific HHS Operating Division’s records, you may contact the appropriate HHS Privacy Act Contacts.
Privacy Impact Assessments (PIAs)
E-Government Act of 2002 requires government agencies to assess the impact on privacy for systems that contain personally identifiable information in Privacy Impact Assessments (PIAs). All HHS PIAs are available online.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) contains privacy protection provisions that apply to health information created or maintained by health care providers who engage in certain electronic transactions, health plans, and health care clearinghouses.
The HHS regulation that implements the HIPAA privacy provisions, Standards for Privacy of Individually Identifiable Health Information is an HHS pplies to entities covered by HIPAA. The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the HIPAA privacy regulation.
For questions, visit the OCR FAQ database or call (800) 368-1019.