Skip Over Navigation Links
Privacy Program

Privacy Program – The NIH Privacy Program is responsible for mitigating and managing privacy breaches within NIH, and coordinates with IC Privacy Coordinators across NIH to prevent and manage situations where persons other than authorized users have access, or potential access, to personally identifiable information (PII).

Privacy Program Laws, Policies, and Memoranda

Privacy Act of 1974, as amended (5 U.S.C Section 552a)
  • Was created in response to concerns about how the creation and use of computerized databases might impact individual privacy rights; 
  • Protects the privacy of personal information held by the Federal government; and,
  • Safeguards privacy by creating four procedural and substantive rights in personal data. First, it requires government agencies to show an individual any records kept on him or her. Second, it requires agencies to follow certain principles, called "fair information practices," when gathering and handling personal data. Third, it places restrictions on how agencies can share an individual's data with other people and agencies. Fourth, it allows individuals to sue the government for violating its provisions.
Privacy Act Links:
  
  • Ensures sufficient protections for the privacy of personal information as agencies implement citizen-centered electronic Government:
  • Emphasizes the importance of the "development of a comprehensive framework to protect the government’s information, operations, and assets"; and
  • Requires agencies to conduct privacy impact assessments (PIAs) for information technology (IT) systems.
  • Referred to as the Federal Information Security Management Act (FISMA), Title III of the E-Gov Act provides a framework for protecting personal information and information systems from unauthorized access, use, disclosure, modification or destruction;
  • Seeks to ensure integrity, confidentiality and availability of personal ​information and add valuable government-wide management of risks to information security; and
  • Requires agencies to perform program management, evaluation, and reporting activities, such as conducting annual self-assessments and independent assessments by the agency’s Inspector General (IG). 
 
  • Provides individuals with the right to access personal records that are collected, maintained, disseminate, and/or shared by the Federal government;
  • Allows the government to withhold information provided that the information falls under one or more of the nine exceptions included in the Act;
  • Requires government agencies to respond to information requests within 20 days; and
  • Requires government agencies to list their major information systems, record locator systems, and reference guides via electronic means in an effort to make records available in formats desired by requesters.
FOIA Links:
 
  • Includes a series of “administrative simplification" provisions that require HHS to implement national standards for electronic healthcare transactions;
  • Makes it easier for health plans, doctors, hospitals and other healthcare providers to process claims and other transactions electronically; and 
  • Requires the adoption of security and privacy standards in order to protect personal health information.
HIPPA Links:
 
Policy Links:
 
OMB Memoranda:

Privacy Program

Privacy Program Laws, Policies, and Memoranda
Privacy Act
Privacy Impact Assessments (PIAs)
Privacy Incidents and Breach Response
Social Media and Web Management
Training Resources
Privacy Program FAQs
Privacy Program Glossary
Privacy Program Laws & References
IC Privacy Coordinators​​​
​​​​​​​

Contacting DMS

Division of Management Support

Acting Director, Pamala Cery

National Institutes of Health,

Office of Management Assessment

6011 Executive Blvd., Suite 601, MSC 7669

Rockville, MD 20852

Phone: (301) 496-2832 or (301) 496-4606

Fax: (301) 402-0169

Want to know more about allegations?

DPI has the authority to conduct reviews using certain rules and acts.

Learn More About Allegations
​​​ ​​​