• Text Resize A A A
  • Print Print
  • Share Share on facebook Share on twitter Share

HHS Privacy Policy Notice

This privacy notice applies to www.hhs.gov and a number of other HHS websites with unique domains, such as www.StopBullying.gov. However, some HHS websites maintain their own privacy policy notices.  You can find links to the applicable privacy notice in the footer of each HHS website.

  • We do not collect personally identifiable information (PII) about you unless you choose to provide that information to us.
  • Any personal information you chose to provide is protected by security practices.
  • Non-personal information related to your visit to our website may be automatically collected and temporarily stored.
  • HHS does not disclose, give, sell, or transfer any personal information about our visitors unless required for law enforcement or by Federal law.

Health Information Privacy
For more information on your health information privacy and security rights, or on the HIPAA Privacy and Security Rules, visit the HHS Office for Civil Rights.

Privacy Act Information
You may also want to read information about the Privacy Act at HHS. If you have privacy questions or issues, contact an HHS Privacy Official. Also see the Privacy Act of 1974 (Department of Justice).

For more detailed information on HHS privacy, see these topics below:


HHS Privacy Program

It is the mission of HHS to enhance and protect the health and well-being of all Americans. HHS fulfills that mission by providing effective health and human services and fostering advances in medicine, public health, and social services. HHS recognizes the importance of protecting the personally identifiable information (PII) entrusted to us by millions of members of public and employees alike, and has built a robust Privacy Program to safeguard this information and ensure that Americans’ privacy rights are upheld. 

System of Records Notices (SORNs)
For a list of all of the Department’s systems of records visit the HHS SORNs page.

Privacy Impact Assessments (PIAs)
For a list of the Department’s System PIAs and Third-Party Websites and Applications PIAs see the HHS Privacy Impact Assessments page.

Matching Notices and Agreements
For a list of the Department’s up-to-date matching notices and agreements see the HHS Computer Matching Agreements page.

Exemptions to the Privacy Act
For more information on the Department’s final rules published in the Federal Register that promulgate Privacy Act exemptions claimed for HHS’s systems of records, see the HHS Privacy Act page.

Privacy Act Implementation Rules
For a list of Privacy Act implementation rules promulgated pursuant to 5 U.S.C. § 552a(f), visit the HHS Privacy Act page.

Publicly Available Agency Policies on Privacy
For a list of all publicly available HHS policies on privacy, including any directives, instructions, handbooks, manuals, or other guidance, visit:

Publicly Available Agency Reports on Privacy
For a list of the Department’s publicly available privacy reports, see the HHS Plans & Reports page.

Instructions for Submitting a Privacy Act Request
Fr instructions for individuals who wish to request access to or amendment of their records pursuant to 5 U.S.C. § 552a(d), visit the HHS “How to Make a Privacy Request” page.

Contact Information for Submitting a Privacy Question or Complaint
For individuals who wish to submit a privacy-related question or complaint, visit the HHS Privacy Act Contacts list.


Contact Information for Privacy Officials

Department-level Privacy Contacts:

The HHS Chief Information Officer (CIO) also holds the position of Senior Agency Official for Privacy (SAOP), ensuring privacy receives senior-level recognition and has visibility across the Department.

For HHS SAOP contact information, see:

Beth Killoran
HHS Senior Agency Official for Privacy;
Deputy Assistant Secretary for Information Technology; and
Chief Information Officer (CIO).
Phone: 202-690-6162
E-mail: beth.killoran@hhs.gov

For HHS Chief Privacy and Data Sharing Officer contact information, see:

Matthew Olsen
HHS Chief Privacy and Data Sharing Officer; and
Executive Director, OCIO Office of Privacy & Information Management.
Phone: 202-260-0322
E-mail: Matthew.Olsen@hhs.gov

OpDiv Senior Officials for Privacy:

Each OpDiv has, at a minimum, a Senior Official for Privacy (SOP) to oversee privacy compliance activities. For OpDiv SOP contact information, see:

Gary Cochran
Administration for Children and Families (ACF)
Phone: 202-401-6465
Gary.Cochran@acf.hhs.gov

Jacques Newgen
Administration of Community Living (ACL)
Phone: 202-795-7414
Jacques.Newgen@acl.hhs.gov

Tim Erny
Agency for Healthcare Research and Quality (AHRQ)
Phone: 301-427-1760
Tim.Erny@ahrq.hhs.gov

Beverly Walker
Centers for Disease Control and Prevention (CDC)
Phone: 770-488-8524
vhz4@cdc.gov

Emery Csulak
Centers for Medicare and Medicaid Services (CMS)
Phone: 410-786-8954
Emery.Csulak@cms.hhs.gov

Cullen Cowley
Food and Drug Administration (FDA)
Phone: 301-796-3900
Cullen.Cowley@fda.hhs.gov

James Ellis
Health Resources and Services Administration (HRSA)
Phone: 301-443-6035
JEllis@hrsa.gov

Heather H. McClane
Indian Health Service (IHS)
Phone: 301-443-1116
Heather.McClane@ihs.gov

Celeste Dade-Vinson
National Institutes of Health (NIH)
Phone: 301-402-6201
celeste.dade-vinson@nih.gov

Kamran Khaliq
Office of Inspector General (OIG)
Phone: 202-205-9207
SOP@oig.hhs.gov or Kamran.Khaliq@oig.hhs.gov

Julia White
Office of the Secretary (OS) and Program Support Center (PSC)
Phone: 301-945-5501
Julia.White@hhs.gov

Ammar Ahmad
Substance Abuse and Mental Health Services Administration (SAMHSA)
Phone: 240-276-0128
Ammar.Ahmad@samhsa.hhs.gov


Personal Information Voluntarily Submitted to HHS

If you choose to provide HHS with personal information -- for example by completing a “Contact Us” form, leaving a comment, sending email, or completing a survey -- we may use that information to respond to your message and/or help us get you the information or services you requested. Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website.

We retain the information only for as long as necessary to respond to your question or request, in most cases no longer than three months. Information submitted electronically is maintained and destroyed as required by the Federal Records Act and records schedules of the National Archives and Records Administration. It may be subject to disclosure in certain cases (for example, if required by a Freedom of Information Act request, court order, or Congressional access request, or if authorized by a Privacy Act System of Records Notice). It is subject to the Privacy Act if maintained in a Privacy Act system.

For more information, see:


Interaction with Children Online

The Department will take all reasonable steps necessary to protect the privacy and safety of any child from whom information is collected, as required by the Children’s Online Privacy Protection Act (COPPA). A child’s parent or guardian is required to provide consent before HHS collects, uses, or shares personal information from a child under age 13.

Information and instructions will be provided by the specific Web page that collects information about a child. The Web page will specify exactly what the information will be used for, who will see it, and how long it will be kept.


Visiting an Official HHS Page on Third-Party Websites

We maintain accounts on third-party websites, such as social media sites, as tools to better interact with the public. The security and privacy policies of third-party websites apply to your activity on those sites. Users of third-party websites often share information with the general public, user community, and/or the third-party operating the website. You should review the privacy policies of all websites before using them and ensure that you understand how your information may be used. You should also adjust privacy settings on your account on any third-party website to match your preferences.

HHS Accounts

Common third-party website privacy policies used by HHS include:

Information Collected and Used from Third-Party Websites

If you have an account/profile with a third-party website, and choose to follow, like, friend, or comment on a third-party website managed by HHS, certain personal information associated with your account may be made available to us based on the privacy policies of the third-party website and your privacy settings within that website. We do not share personally identifiable information made available through these websites.

HHS conducts and publishes a Privacy Impact Assessment for each use of a third-party website. Each use of a third-party website may have unique features or practices. HHS sometimes collects and uses the information made available through third-party websites. To learn more, review the published assessments.


Information Automatically Collected and Stored

When you browse through our website, we use Google’s Universal Analytics (UA) software to gather and temporarily store a variety of information about your visit. However, this information cannot be used to identify you as an individual. The basic information we collect during your visit includes:

  • The name of the domain you use to access the Internet (for example, Verizon.com, if you are using a Verizon online account, or stanford.edu, if you are connecting from Stanford University's domain);
  • The date and time of your visit to our website;
  • The pages and documents you viewed on our website;
  • The URL of the website you visited prior to ours;
  • The type and version of your Web browser and operating system; and
  • Your location at the time of your visit, down to the city-level

We do not associate any of the data we collect with you as an individual. Instead, we aggregate this data from all visits in order to improve our website and provide a better user experience to our visitors. The aggregate data is available only to Web managers and other designated staff who require this information to perform their duties. It is retained only for as long as needed for proper analysis.  The Google Analytics Privacy Policy is available at https://www.google.com/intl/en/policies/privacy/

Demographic and Interest Data

On some portions of our website we have enabled Universal Analytics (UA), and other third-party software (listed below), to provide aggregate demographic and interest data of our visitors. This information cannot be used to identify you as an individual. While these tools are used by some websites to serve advertisements, HHS only uses them to measure demographic data. HHS has no control over advertisements served on other websites. For each listed software, we have included links to Web pages where you can opt-out of having these tools collect data and/or serve you interest-based advertising.

DoubleClick: HHS uses DoubleClick to understand the characteristics and demographics of the people who visit HHS sites. HHS staff only conducts analyses on the aggregated data from DoubleClick. No personally identifiable information is collected by DoubleClick from HHS websites. The DoubleClick Privacy Policy is available at https://www.google.com/intl/en/policies/privacy/

You can opt-out of receiving DoubleClick advertising at https://support.google.com/ads/answer/2662922?hl=en

Quantcast: HHS uses Quantcast to understand the characteristics and demographics of the people who visit HHS sites. HHS staff only conducts analyses on the aggregated data from Quantcast. No personally identifiable information is collected by Quantcast from HHS websites. The Quantcast Privacy Policy is available at https://www.quantcast.com/how-we-do-it/consumer-choice/privacy-policy/

You can opt-out of Quantcast at https://www.quantcast.com/opt-out/

Other Web Measurement and Customization Tools

We use the specified software and features below:

AddThis: HHS offers AddThis on its websites, giving visitors the option to bookmark and share HHS website content on certain social media sites.  Using AddThis on HHS websites does not require registration or personally identifiable information. The AddThis Privacy policy is available at http://www.addthis.com/privacy

Bit.ly: HHS uses Bit.ly to shorten long URLs for use in email  and social media messages. Bit.ly provides analytics on how many people clicked on the URLs distributed by HHS.  Bit.ly analytics do not provide any personally identifiable information about the visitors who click the shortened links. The Bit.ly Privacy Policy is available at http://bit.ly/pages/privacy   

CrazyEgg: HHS uses CrazyEgg to obtain information on how visitors are interacting with specific HHS Web pages. This allows HHS to evaluate and, if necessary or beneficial, to modify its websites to improve value and usability. The data CrazyEgg collects includes information about as how visitors navigate around a Web page and the most commonly clicked links on a specific Web page. CrazyEgg does not collect personally identifiable information. The Crazy Egg Privacy Policy is available at http://www.crazyegg.com/privacy   

Google AdWords: HHS occasionally uses Google AdWords to provide online advertisement delivery and tracking. HHS may employ tools provided by Google AdWords to support Display Advertising, including Remarketing, Google Display Network Impression Reporting, data collection via advertising cookies and anonymous identifiers, the DoubleClick Campaign Manager integration and/or Google Analytics Demographics and Interest Reporting. In general, this means that third-party vendors, including Google, may show HHS ads on sites across the Internet based upon visits to HHS websites. To implement these tools, HHS and third-party vendors, including Google, use first-party cookies and third- party cookies together to inform, optimize, and serve ads based on past visits to HHS websites.  The Google AdWords Privacy Policy is available at https://www.google.com/intl/en/policies/privacy/

Google Analytics: HHS may employ tools provided by Google Analytics to support Display Advertising, including Remarketing, Google Display Network Impression Reporting, data collection via advertising cookies and anonymous identifiers, the DoubleClick Campaign Manager integration and/or Google Analytics Demographics and Interest Reporting. In general, this means that third-party vendors, including Google, may show HHS ads on sites across the Internet based upon visits to HHS websites. To implement these tools, HHS and third-party vendors, including Google, use first-party cookies and third- party cookies together to inform, optimize, and serve ads based on past visits to HHS websites. The Google Analytics Privacy Policy is available at https://www.google.com/intl/en/policies/privacy/

Granicus: HHS uses Granicus (formerly called GovDelivery) to email newsletters and other messages to visitors who subscribe to them on HHS websites. Only HHS staff and managers who email newsletters using Granicus and/or monitor the results of email initiatives have access to the subscriber lists. Granicus never allows access to the subscriber lists to anyone outside of HHS or for any purpose. Granicus also provides aggregate data, such as email opens rates, and total clicks on links. The Granicus privacy policy is available at https://granicus.com/privacy-policy/.

Tynt: HHS uses Tynt to improve the ease of link creation in copied-and-pasted content for website visitors and identify which content is copied-and-pasted. When an HHS website visitor copies content and pastes it into another document, a link back to the original content may be automatically appended. Tynt does not collect personally identifiable information. Tynt Privacy Policy is available at http://www.tynt.com/privacy_policy

Widgets: HHS offers widgets that provide specific HHS site content to any website where the widget code is implemented. You can install an HHS widget on any website simply by using adding the HHS provided code to a website’s source HTML code. If you choose to install HHS widgets, they will not collect any type of Personally Identifiable Information from you.

Voice of Consumer: HHS uses the Voice of Consumer survey tool to collect feedback from HHS website visitors. The Voice of Consumer tool is implemented on HHS websites both as on-page surveys and pop-up surveys.  HHS uses survey results to measure visitor satisfaction with HHS websites. This survey tool does not require users to submit personally identifiable information. The survey reports are available only to HHS managers, members of the HHS Communications and Web Teams, and other designated staff who require this information to perform their duties.


Cookies

Websites can automatically place small text files, known as “cookies,” on the computers of their visitors.  So long as they do not expire or get deleted, cookies identify the unique browser used by the visitor.  On each subsequent visit to the website, the visitor’s browser will retrieve the cookie, allowing us to aggregate the number of return visitors. HHS uses “cookies” to test and optimize our website design and content. We use two types of cookies on our websites:

  • We use session cookies to gather data for technical purposes, such as improving navigation through our website and generating statistics about how the website is used. Session cookies are temporary text files that expire when you leave our website. When cookies expire, they are automatically deleted from your computer. We do not use session cookies to collect personal information, and we do not share data collected from session cookies.
  • We use multi-session cookies, or persistent cookies, to customize our website for frequent visitors and to test variations of website design and content. Multi-session cookies are cookies that are stored over more than a single session on your computer. We do not use multi-session cookies to collect personal information, and we do not share data collected from multi-session cookies. Our multi-session cookies are set to expire no more than two years after your last visit to our website. After two years, they are automatically deleted from your computer. HHS is unable to identify an individual by using such technologies.

You can take actions to block cookies by opting out . Blocking session cookies from your computer will not affect your access to the content and tools on our website. Blocking multi-session or persistent cookies may affect the personalization of the information on those sites.


Website Security

This site is maintained by the U.S. Government. It is protected by federal laws. You can be arrested and prosecuted for violating these laws.

For site security purposes and to ensure that this service remains available to all users, we use software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.

 

Content created by Assistant Secretary for Public Affairs (ASPA)
Content last reviewed on May 17, 2017