Privacy Impact Assessments
System Privacy Impact Assessments
Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) and determine whether the privacy of that PII is adequately protected. Agencies perform this evaluation through a privacy impact assessment (PIA). HHS policy states that operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems (developmental and operational). Upon completion of each assessment, agencies are required to make that PIA publicly available.
HHS recently implemented new software to manage its PIA drafting and review processes. Questions in the new form are numbered; however, for privacy and relevancy reasons, certain questions are not listed. For example, questions about a website will not be included if the system does not utilize a website.
Administration for Children and Families
- Adoption and Foster Care Analysis and Reporting System
- Announcement Module
- Application Review Module
- Audit Resolution Tracking and Monitoring Systems
- Child and Family Services Reviews Information Portal
- Customer Inquiry Management
- Debtor File
- Enterprise Reporting System (COE)
- Grants Administration Tracking and Evaluation System
- GrantSolution
- Head Start Enterprise System
- Information Family Outcomes Reporting & Management
- National Child Abuse and Neglect Data System
- National Directory of New Hires
- National Youth in Transition Database
- OCSE Data Reliability Audit (DRA)Electronic Information Collection
- OCSE Directory
- OCSE Self Assessment
- Office of Child Care Information System
- Online Data Collection
- Project Save Our Children
- Research and Evaluation Studies
- SSBG Data Portal
- Unaccompanied Alien Children Portal
Agency for Healthcare Research and Quality
- AHRQ AWS Enclave
- AHRQ Data Processing Support System (ADPSS)
- AHRQ.gov Website
- Children's Health Insurance Program Reauthorization Act (CHIPRA)
- Data Application Support System
- Effective Healthcare System
- EvidenceNOW Exchange System
- GovDelivery
- Guidelines, Measures, Innovations System
- HCUP Central Distributor Ordering Web Site
- Healthcare Cost Utilization Project
- Healthcare Cost and Utilization Project Web Services
- Health Literacy Universal Precautions Toolkit
- Patient Safety Organization Privacy Protection Center
- Patient Safety Organization System
- Portal System
- Project Support System
- Quality and Safety Review System
- Registry of Patient Registries
- SQI2
- System Review Data Repository (SRDR)
- United States Prevention Services Taskforce (USPSTF) Website
Centers for Disease Control & Prevention
- AHB Content Management Database
- AHB OpenStack
- Arbovirus Diseases Branch Inventory
- Asthma Information Reporting System
- BioMosaic Mobil
- Budget InSight Tablet
- Chronic Disease State Policy Tracking System
- Clarity
- Congenital Anomaly Surveillance Electronic System
- Countermeasure Response and Administration
- Create-IT
- DART Laboratory Information Management System
- Dating Matters Evaluation
- Digital Signage
- DNPAO Community Guide
- Funding Opportunity Tracking System
- Geneious
- Kenya-Kisian IT Infrastructure
- NTB Cisco TFTP
- NTB Kiwi Servers
- Obesity Cost Calculator
- Remote IPTV Services
- Vision Health Initiative Data Trends and Maps
- Wireless Public Access Network
- Youth Online
Centers for Medicare & Medicaid Services
- Accountable Care Organization-Operational System
- Amazon Web Services
- Benefit Coordination and Recovery Center
- Blue Button API on Fast Healthcare Interoperability Resources
- CCIIO Enrollment Resolution and Reconciliation System
- CM-Cahaba Government Benefit Administrators
- CM-C2C Innovative Solutions Inc.
- CM-CGS
- CM-First Coast Service Options
- CM-Maximus
- CM-National Government Services
- CM-National Heritage Insurance Company
- CM-Noridian Administrative Services
- CM-Q2A
- CM-Winconsin Physician Services
- CMS Communication System
- CMS Issue Tracking System
- Consolidated Renal Operations in a Web-Enabled Environment
- Contractor Administrative Budget and Financial
- Contractor Reporting of Operational and Workload Data
- CO-OP Program Management System
- CSRA/Maricom General Support System
- Durable Medical Equipment Prosthetics, Orthotics and Supplies Bidding System
- Electronic Security System
- Eligibility Appeals Case Management System
- Eligibility Support Desktop Change Utility Tool
- Enterprise Electronic Change Information Management Portal
- Enterprise Eligibility Service
- Enterprise Identity Management
- Enterprise Privacy Policy Engine
- Enterprise User Administration
- Enterprise Website Supporting Tool
- Federally Facilitated Exchange Analysis Tools
- Federally Facilitated Marketplaces
- GovDelivery
- Health Care Cost Report Information System
- Health Insurance and Oversight System
- Health Insurance Casework System
- Health Plan Management System
- HIPPA Eligibility Transaction System
- Incurred But Not Reported Survey System - Medicaid
- Informatica BI
- Information Technology Security and Privacy - Computer Based Training
- Internet Services
- Local Coveage Backend Database
- Medicaid and Children's Health Insurance Program Budget and Expenditure System
- Marketplace Consumer Record
- Marketplace Lite
- Marketplace Outreach Data System
- Measure Authoring Tool
- Medicaid and CHIP Program System
- Medicare Administrative Issue Tracker and Reporting of Operations
- Medicare Learning Network Learning Management and Product Ordering System
- Medicare Shared Savings Program Communication Dessemination Portal
- Multidimensional Insurance Data Analytics System
- National Data Warehouse
- National Plan and Provider Enumeration System
- Next Generation Desktop-Medicare Beneficiary Portal
- Novitas Solutions Inc
- OCISO Systems Security Management
- Opportunity to Network and Engage
- Palmetto Government Benefit Administrator
- Payment Reconciliation System
- Physician Value-Based Modifier
- Premium Estimation Tool
- PRI Review System
- Public Website Shared Services
- Recovery Audit Contractor Region B
- Recovery Audit Contractor Regions 1 and 5
- Recovery Management and Accounting System
- Registration for Technical Assistance Portal
- Scalable Login Systems
- Single Testing Contractor
- Small Business Health Options Program - Enrollment Plan
- Small Business Health Options Program - Premium Aggregation Service
- State Exchange Resource and Tracking System
- Survey and Certification Providing Data Quickly
- Unified Case Management System
- Virtual Audit Management System
- Warehouse Librarian
Food & Drug Administration
- Administrative Applications
- Administrative Applications: Communications Applications
- Administrative Applications: Docket Repository
- Administrative Applications: EASE and Associated Applications
- Administrative Applications: Ethics Applications
- Administrative Applications: FACTRS and AC Online Nominee Submission
- Administrative Applications: FOIA-Related Applications
- Administrative Applications: Office of Health and Constituent Affairs (OHCA) Tracking System
- Administrative Applications: Office of International Programs Travel Applications
- Administrative Applications: Special and Permanent Employment
- Administrative Applications: Support Applications for the Offices of Orphan Products and Women's Health
- CDRH High Performance Computing
- Center Tracking System
- Compliance Management System
- Drug Quality and Compliance Portal
- Electronic Submissions Gateway
- Employee Invention Report
- Enterprise Document Management Platform
- FDA CDER Continuing Education
- FDA CDER FDA Adverse Event Reporting System
- FDA CDER Sentinel
- FDA NCTR Research Management System
- FDA OC Position Description Library
- Field Accomplishments and Compliance Tracking System
- Food Applications Regulatory Management
- Global Unique Device Identifier Database
- Mammography Program Reporting Information System
- OC Telecom System Inventory
- Pharmacovigilance Workflow Manager
- Recall Enterprise System
- Seafood HACCP
- SendSuite Live
- Shiny Server
- User Fees System
Health Resources & Services Administration
- BHW Management Information System Solution
- BHW National Practitioner Data Bank
- C.W. Bill Young Cell Transplantation Program
- HRSA SalesForce
- Insure Kids Now
- OPA Compliance Tool
- vx Veterans Integrated System Technology Architecture
National Institutes of Health
- Clinical Research Information System
- Electronic Research Administration
- Information Security Privacy Awareness Training
Office of Inspector General
- Audit Work System (TeamMate)
- Corporate Management System (CorpView)
- CyberRange
- Data Warehouse (OIGDW)
- Inspector General Support System (IGSS)
- Office Of Investigations General Support System (OIGSS)
- OIG Platform Services
- Snap Survey
Office of the Secretary
- Annual Report on Possible Research Misconduct System
- Business Intelligence Information System
- Comissioned Corps Business Process Management System
- Commissioned Corps Payroll
- Cost Allocation Management Information System
- Employee Eligibility System
- Enterprise Workflow Information Tracking System
- FedHealth System
- FOIAXpress
- GovSpace
- Grants.gov
- Health System Measurement Project
- HHS At-Risk Resiliency Interactive Map
- HHS Email as a Service
- HHS Foreign National Management System
- HHS Information Technology Infrastructure Operations Unified Communications System
- HIV.Gov
- Hosted Unified Communications
- HSMP and SPS Infrastructure as a Service
- Human Resources Employment Processing System
- iComplaints
- Identity Access Management System at HHS
- MedicalCounterMeasures.gov
- Minority Health Website
- Office of Disease Prevention and Health Promotion Web Sites System
- Office of Women's Health Websites
- Online Medical Evaluation Tool
- PACSNorth1
- PACSSouth1
- Private Provider Network Client Portal System
- Response Management System
- Staff Portal Website
- Strategic Planning System
- Strategic Work Information and Folder Transfer
- Supply Chair Tracking Tool
- Think Cultural Health
- ThreatConnect
- Training Tracking Database
- TurnTheTideRx.org
- Worklife4you
Substance Abuse and Mental Health Services Administration
- Behavioral Health Services Information System
- Community Support Evaluation Data System
- Disaster Technical Assistance Center
- DSI Project Management and Registration Systems
- DSI Web Systems
- Electronic Custody and Control Form
- National Registry of Evidence-based Programs and Practices and Websites
- National Survey on Drug Use and Health
- Now is the Time
- Prevention Management Reporting and Training System
- Rapid HIV/Hepatitis Testing
- Services Accountability Improvement System
- Transformation Accountability System
To view PIAs published using the prior software, click on the name of the OpDiv listed below and then scroll through the document containing their PIAs:
- Administration for Children and Families Privacy Impact Assessments
- Agency for Healthcare Research and Quality Privacy Impact Assessments
- Administration on Aging Privacy Impact Assessments
- Centers for Disease Control & Prevention Privacy Impact Assessments
- Centers for Medicare & Medicaid Services Privacy Impact Assessments
- Food & Drug Administration Privacy Impact Assessments
- Health Resources & Services Administration Privacy Impact Assessments
- Indian Health Service Privacy Impact Assessments
- National Institutes of Health Privacy Impact Assessments
- Office of the Inspector General Privacy Impact Assessments
- Office of the Secretary Privacy Impact Assessments
- Substance Abuse and Mental Health Services Administration Privacy Impact Assessments
Third-Party Websites and Applications Privacy Impact Assessments
The Office of Management and Budget Memorandum 10-23, Guidance for Agency Use of Third-Party Websites and Applications, requires that agencies assess their uses of third-party Websites and applications to ensure that the uses protect privacy. The mechanism by which agencies perform this assessment is a privacy impact assessment (PIA). In accordance with HHS policy, operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all third-party Websites and applications in use. Upon completion of each assessment, agencies are required to make the PIAs publicly available.
To view the Third-Party Websites and Applications (TPWA) Privacy Impact Assessments for each individual OPDIV system, please refer to the links located below.
Agency for Healthcare Research and Quality
Centers for Medicare & Medicaid Services
- AOL
- Bing
- Chartbeat
- Chartbeat for Quality Payment Program
- Enhanced Direct Enrollment Partner Websites
- Facebook Ads
- Google+
- GOOGLE ADVERTISING SERVICES ("DoubleClick, AdWords, AdMob")
- Google Analytics
- Google Analytics for Quality Payment Program
- Help On Demand
- Instagram Ad Solutions
- Instagram Social
- Integral Ad Science
- LinkedIn Advertising Services
- MediaMath
- MiQ Digital USA Inc.
- MixPanel
- NewRelic
- NewRelic for Quality Payment Program
- Optimizely
- Pandora Advertising
- Qualtrics
- Resonate Networks (“Resonate”)
- Rocket Fuel
- SpongeCell Inc. (“SpongeCell”)
- Tealium
- Tealium for Quality Payment Program
- Twitch Advertising
- Yahoo Gemini
- YouTube
Indian Health Services
Office of the Secretary
- Office of the Assistant Secretary for Public Affairs Survey Monkey
- OS/Flickr/President's Council - Fitness.gov
- OS/Twitter/HealthFinder
- OS/Twitter/President's Council - Fitness.gov
- OS/Youtube/USGovHHS
- Program Support Center FaceBook
- The Mighty IT Twitter
Substance Abuse and Mental Health Services Administration
- Adoption of Behavioral Health Information Technologies Among Behavioral Health Providers Survey
- PAW
- PPW Youth Data
- SAMHSA Blog
- SAMHSA YouTube TPWA
To view the TPWA Privacy Impact Assessments completed using the prior software, please refer to the links located below.
- Agency for Healthcare Research and Quality Third-Party Websites and Applications Privacy Impact Assessments
- Food & Drug Administration Third-Party Websites and Applications Privacy Impact Assessments
- Health Resources & Services Administration Third-Party Websites and Applications Privacy Impact Assessments
- National Institutes of Health Third-Party Websites and Applications Privacy Impact Assessments
- Office of the Inspector General Third-Party Websites and Applications Privacy Impact Assessments
- Office of the Secretary Third-Party Websites and Applications Privacy Impact Assessments