Skip Over Navigation Links
​​​​​​Privacy Program

Privacy Program – The NIH Privacy Program is responsible for mitigating and managing privacy breaches within NIH, and coordinates with IC Privacy Coordinators across NIH to prevent and manage situations where persons other than authorized users have access, or potential access, to personally identifiable information (PII).

Privacy Program Laws, Policies, and Memoranda

Privacy Act of 1974, as amended (5 U.S.C Section 552a)
  • Was created in response to concerns about how the creation and use of computerized databases might impact individual privacy rights; 
  • Protects the privacy of personal information held by the Federal government; and,
  • Safeguards privacy by creating four procedural and substantive rights in personal data. First, it requires government agencies to show an individual any records kept on him or her. Second, it requires agencies to follow certain principles, called "fair information practices," when gathering and handling personal data. Third, it places restrictions on how agencies can share an individual's data with other people and agencies. Fourth, it allows individuals to sue the government for violating its provisions.
Privacy Act Links:
  • Ensures sufficient protections for the privacy of personal information as agencies implement citizen-centered electronic Government:
  • Emphasizes the importance of the "development of a comprehensive framework to protect the government’s information, operations, and assets"; and
  • Requires agencies to conduct privacy impact assessments (PIAs) for information technology (IT) systems.
  • Referred to as the Federal Information Security Management Act (FISMA), Title III of the E-Gov Act provides a framework for protecting personal information and information systems from unauthorized access, use, disclosure, modification or destruction;
  • Seeks to ensure integrity, confidentiality and availability of personal ​information and add valuable government-wide management of risks to information security; and
  • Requires agencies to perform program management, evaluation, and reporting activities, such as conducting annual self-assessments and independent assessments by the agency’s Inspector General (IG). 
  • Provides individuals with the right to access personal records that are collected, maintained, disseminate, and/or shared by the Federal government;
  • Allows the government to withhold information provided that the information falls under one or more of the nine exceptions included in the Act;
  • Requires government agencies to respond to information requests within 20 days; and
  • Requires government agencies to list their major information systems, record locator systems, and reference guides via electronic means in an effort to make records available in formats desired by requesters.
FOIA Links:
  • Includes a series of “administrative simplification" provisions that require HHS to implement national standards for electronic healthcare transactions;
  • Makes it easier for health plans, doctors, hospitals and other healthcare providers to process claims and other transactions electronically; and 
  • Requires the adoption of security and privacy standards in order to protect personal health information.
HIPPA Links:
Policy Links:
1743 - Managing Federal Records
1745 - NIH Information Technology (IT) Privacy Program​​
2813 - NIH Information Security and Privacy Awareness Training Policy
2814 - NIH Prohibited Use of Non-Government Furnished IT Equipment
OMB Memoranda:
OMB Memoranda​​​

Privacy Program

Privacy Program Laws, Policies, and Memoranda
Privacy Act
Privacy Impact Assessments (PIAs)
Privacy Incidents and Breach Response
Social Media and Web Management
Training Resources
Privacy Program FAQs
Privacy Program Glossary
Privacy Program Laws & References
IC Privacy Coordinators​​​

Contacting DCM

Division of Compliance Management

Director, Anna Amar

Administrative Assistant, Raisa Sarwar

Office of Management Assessment (OMA)

Office of Management (OM)

Office of the Director (OD)

6705 Rockledge Dr, Suite 601

Bethesda, MD 20892

Phone: (301) 496-4606

MSC = 7901

​​​ ​​​
Last modified: 2/24/2022 8:53 AM