The FOIA/Privacy Act Division, in the Office of the Assistant Secretary for Public Affairs (ASPA), is the focal point for HHS Privacy Act administration, including the HHS System of Records Notices (SORNs) and Computer Matching Agreements (CMAs).
The Privacy Act of 1974, as amended to present, including Statutory Notes (5 U.S.C. 552a),
For assistance with a Privacy Act question or complaint involving a specific HHS Operating Division’s records, you may contact the appropriate HHS Privacy Act Contacts.
To submit a Privacy Act request to HHS, please follow these instructions: How to Make a Privacy Act Request
E-Government Act of 2002 requires government agencies to assess the impact on privacy for systems that contain personally identifiable information in Privacy Impact Assessments (PIAs). All HHS PIAs are available online.
The Office of the Chief Information Officer (OCIO) within the Office of the Assistant Secretary for Administration (ASA) is the Departmental component responsible for compliance with the E-Government Act of 2002 and other Acts codified at 44 U.S.C. Chapter 35.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules contain privacy, security, and breach notification requirements that apply to individually identifiable health information created, received, maintained, or transmitted by health care providers who engage in certain electronic transactions, health transactions, health plans, health care clearinghouses, and their business associates.
The Office for Civil Rights (OCR) is the Departmental component responsible for implementing and enforcing the HIPAA Rules.
For questions about HIPAA or to file a HIPAA complaint, visit the OCR website (/hipaa), or call (800) 368-1019.