The Privacy Act of 1974, 5 U.S.C. 552a, establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in a federal agency’s system of records.
A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual.
The Privacy Act requires that agencies create and maintain, as necessary, System of Records Notices (SORN) as defined in the Privacy Act. These notices identify the legal authority for collecting and storing the records, individuals about whom records will be collected, what kinds of information will be collected, and how the records will be used. You may access the Department’s SORNS by following the links below:
The Privacy Act binds only Federal agencies, and covers only records in the possession and control of Federal agencies. The Department of Health and Human Services has specific Privacy Act Regulations regarding records in a Privacy Act system of records.
An individual is entitled to access his or her records and to request correction of these records if applicable. The Privacy Act prohibits the disclosure of a record about an individual from a system of records absent the written consent of the individual, unless the disclosure is pursuant to one of twelve disclosure exceptions.
The Division of FOIA Services handles Privacy Act requests for material in systems of records within PSC only. If your privacy inquiry concerns a specific HHS Operating Division, you may contact the appropriate HHS Privacy Act Contacts.
The E-Government Act of 2002 requires government agencies to assess the impact on privacy for systems that collect personally identifiable information in Privacy Impact Assessments (PIAs). All HHS PIAs are available online.
Privacy Act Resources
Tips for Agency Personnel for Protecting Privacy - Fact Sheets