Privacy Impact Assessments

• System Privacy Impact Assessments
• Third-Party Websites and Applications Privacy Impact Assessments

System Privacy Impact Assessments

Titles II and III of the E-Government Act of 2002 require that agencies evaluate systems that collect personally identifiable information (PII) and determine whether the privacy of that PII is adequately protected. Agencies perform this evaluation through a privacy impact assessment (PIA). HHS policy states that operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all systems (developmental and operational). Upon completion of each assessment, agencies are required to make that PIA publicly available.

HHS recently implemented new software to manage its PIA drafting and review processes. Questions in the new form are numbered; however, for privacy and relevancy reasons, certain questions are not listed. For example, questions about a website will not be included if the system does not utilize a website.

Administration for Children and Families

• 2015 LiHEAP RECS Data Match System
• Adoption and Foster Care Analysis and Reporting System
• Announcement Module
• Application Review Module
• Audit Resolution Tracking and Monitoring Systems
• Child and Family Services Reviews Information Portal
• Customer Inquiry Management
• Debtor File
• Electronic Case Management Record System
• Enterprise Reporting System (COE)
• Federal Case Registry
• Grants Administration Tracking and Evaluation System
• GrantSolution
• Head Start Enterprise System
• Information Family Outcomes Reporting & Management
• MonAFI
• National Child Abuse and Neglect Data System
• National Directory of New Hires
• National Youth in Transition Database
• OCSE Data Reliability Audit (DRA)Electronic Information Collection
• OCSE Directory
• OCSE Self Assessment
• Office of Child Care Information System
• Online Data Collection
• Project Save Our Children
• Research and Evaluation Studies
• SSBG Data Portal
• Unaccompanied Alien Children Portal

Agency for Healthcare Research and Quality

• AHRQ AWS Enclave
• AHRQ Data Processing Support System (ADPSS)
• AHRQ.gov Website
• *Business Operations and Program Support System
• Children's Health Insurance Program Reauthorization Act (CHIPRA)
• Data Application Support System
• Effective Healthcare System
• EvidenceNOW Exchange System
• GovDelivery
• Guidelines, Measures, Innovations System
• HCUP Central Distributor Ordering Web Site
• Healthcare Cost Utilization Project
• Healthcare Cost and Utilization Project Web Services
• Health Literacy Universal Precautions Toolkit
• *Medical Expenditure Panel Survey
• Medical Expenditure Panel Survey Enclave
• *Medical Expenditure Panel Survey - Medical Provider Component
• *Patient Safety Organization Privacy Protection Center
• Patient Safety Organization System
• Portal System
• Project Support System
• Quality and Safety Review System
• Registry of Patient Registries
• SQI2
• System Review Data Repository (SRDR)
• *U.S. Preventive Services Task Force (USPSTF)

Centers for Disease Control & Prevention

• AHB Content Management Database
• AHB OpenStack
• Arbovirus Diseases Branch Inventory
• Asthma Information Reporting System
• BioMosaic Mobil
• Budget InSight Tablet
• *CDC Zoom (CDC Zoom)
• Chronic Disease State Policy Tracking System
• Clarity
• Congenital Anomaly Surveillance Electronic System
• Countermeasure Response and Administration
• Create-IT
• *CSELS Data Hub (CDH)
• DART Laboratory Information Management System
• Dating Matters Evaluation
• *DCIPHER WHR (DCIPHER WHR)
• Digital Signage
• DNPAO Community Guide
• Funding Opportunity Tracking System
• Geneious
• *Immunization Gateway (IZ Gateway)
• Kenya-Kisian IT Infrastructure
• *NCIRD Immunization Datalake and Data Storefront (IZDL)
• *NCIRD Text Illness Monitoring (TIM)
• NTB Cisco TFTP
• NTB Kiwi Servers
• Obesity Cost Calculator
• Remote IPTV Services
• *Vaccine Administration Management System (VAMS)
• Vision Health Initiative Data Trends and Maps
• Wireless Public Access Network
• Youth Online

Centers for Medicare & Medicaid Services

• 1115 Demonstration Performance Management Database and Analytics System
• Accountable Care Organization-Operational System
• Acquisition and Grants Exchange
• *Administrative Simplification enforcement and Testing Tool
• Amazon Web Services
• *Arc Geographic Information System
• Benefit Coordination and Recovery Center
• Blue Button API on Fast Healthcare Interoperability Resources
• CCIIO Enrollment Resolution and Reconciliation System
• Children's Health Insurance Program Statistical Enrollment Data System
• Chronic Condition Data Warehouse
• CM-C2C Innovative Solutions Inc.
• CM-CGS
• CM-First Coast Service Options
• CM-Maximus
• CM-National Government Services
• CM-Noridian Administrative Services
• CM-Winconsin Physician Services
• CMS Analysis, Reporting, and Tracking System
• *CMS National Training Program Learning Management System
• CMS SharePoint
• *Cognos BI
• COMPASS WEB
• Consolidated Renal Operations in a Web-Enabled Environment
• Contractor Administrative Budget and Financial
• Contractor Reporting of Operational and Workload Data
• CO-OP Program Management System
• Drug Data Processing System
• Durable Medical Equipment Prosthetics, Orthotics and Supplies Bidding System
• DXC-VDC1
• Electronic Security System
• Eligibility Appeals Case Management System
• Eligibility Support Desktop Change Utility Tool
• Enterprise Electronic Change Information Management Portal
• Enterprise Identity Management
• Enterprise Privacy Policy Engine
• Enterprise User Administration
• Enterprise Website Supporting Tool
• Federally Facilitated Exchange Analysis Tools
• Federally Facilitated Marketplaces
• GovDelivery
• Health Care Cost Report Information System
• Health Insurance and Oversight System
• Health Insurance Casework System
• Health Plan Management System
• HIPPA Eligibility Transaction System
• Informatica BI
• Information Technology Security and Privacy - Computer Based Training
• Internet Services
• Local Coveage Backend Database
• Medicaid and Children's Health Insurance Program Budget and Expenditure System
• Marketplace Consumer Record
• Marketplace Lite
• Marketplace Outreach Data System
• Measure Authoring Tool
• Medicaid and CHIP Program System
• Medicare Administrative Issue Tracker and Reporting of Operations
• *Medicare Appeals System
• Medicare Exclusion Database
• Medicare Part D Coverage Gap Discount Program Direct Payment Process Portal
• MicroStrategy
• Multidimensional Insurance Data Analytics System
• National Benefit Integrity-Medicare Prescription Drug Integrity Contractor
• National Data Warehouse
• National Plan and Provider Enumeration System
• Next Generation Desktop-Medicare Beneficiary Portal
• Novitas Solutions Inc
• OCISO Systems Security Management
• Opportunity to Network and Engage
• Palmetto Government Benefit Administrator
• Part D Transaction Facilitator
• Payment Reconciliation System
• Premium Estimation Tool
• PRI Review System
• Public Website Shared Services
• Recovery Audit Contractor Regions 1 and 5
• *Registration for Technical Assistance Portal
• *Retiree Drug Subsidy System
• Risk Adjustment System-RAPS
• Scalable Login Systems
• Single Testing Contractor
• Small Business Health Options Program - Enrollment Plan
• Small Business Health Options Program - Premium Aggregation Service
• State Exchange Resource and Tracking System
• Survey and Certification Providing Data Quickly
• Unified Case Management System
• Virtual Audit Management System
• Warehouse Librarian
• Zoned Program Integrity Contractors - AdvanceMed
• Zoned Program Integrity Contractors - SGS
• Zoned Program Integrity Contractors Zone 4 - HealthIntegrity

Food & Drug Administration

• Administrative Applications
• Administrative Applications: Communications Applications
• Administrative Applications: Docket Repository
• Administrative Applications: EASE and Associated Applications
• Administrative Applications: Ethics Applications
• Administrative Applications: FACTRS and AC Online Nominee Submission
• Administrative Applications: FOIA-Related Applications
• Administrative Applications: Office of Health and Constituent Affairs (OHCA) Tracking System
• Administrative Applications: Office of International Programs Travel Applications
• Administrative Applications: Special and Permanent Employment
• Administrative Applications: Support Applications for the Offices of Orphan Products and Women's Health
• *CDER OGDweb
• CDRH High Performance Computing
• Center Tracking System
• Compliance Management System
• *CTP Age Calculator
• *CTP Retailer Education Community
• Drug Quality and Compliance Portal
• Electronic Submissions Gateway
• Employee Invention Report
• Enterprise Document Management Platform
• FDA CDER Continuing Education
• FDA CDER FDA Adverse Event Reporting System
• FDA CDER Sentinel
• *FDA CTP Electronic Submissions
• *FDA CVM Corporate Database Portal
• FDA NCTR Research Management System
• FDA OC Position Description Library
• Field Accomplishments and Compliance Tracking System
• Food Applications Regulatory Management
• Global Unique Device Identifier Database
• Mammography Program Reporting Information System
• OC Telecom System Inventory
• Pharmacovigilance Workflow Manager
• Recall Enterprise System
• Seafood HACCP
• SendSuite Live
• Shiny Server
• User Fees System

Health Resources & Services Administration

• *Adobe Connect
• *Assessing Client Factors Associated with Detectable Viral Load
• *BHW Management Informatiom System Solution
• *BHW National Practitioner Data Bank
• *CARES Provider Relief Fund Payment Portal
• C.W. Bill Young Cell Transplantation Program
• *DocSign
• *General Support Systems
• HRSA SalesForce
• Insure Kids Now
• OPA Compliance Tool
• vx Veterans Integrated System Technology Architecture

Indian Health Services

• Credentialing Software
• *IHS Secure Video and Web Conferencing
• Information Security Ticketing

National Institutes of Health

• *AtHoc
• Clinical Research Information System
• *COVID-19 Reporting Tool
• Electronic Research Administration
• Information Security Privacy Awareness Training
• *National Covid Cohort Collaborative (N3C)
• NLM Biomedical Terminology System

Office of Inspector General

• Audit Work System (TeamMate)
• Corporate Management System (CorpView)
• CyberRange
• Data Warehouse (OIGDW)
• Inspector General Support System (IGSS)
• Office Of Investigations General Support System (OIGSS)
• OIG Platform Services
• Snap Survey

Office of the Secretary

• Annual Report on Possible Research Misconduct System
• Business Intelligence Information System
• Comissioned Corps Business Process Management System
• Commissioned Corps Payroll
• Cost Allocation Management Information System
• Employee Eligibility System
• Enterprise Workflow Information Tracking System
• *Federal Records Enterprise Electronic Document
• FedHealth System
• FOIAXpress
• *Foreign National Management System
• GovSpace
• *Grant-Recipient Digital Dossier
• Grants.gov
• Health System Measurement Project
• HHS At-Risk Resiliency Interactive Map
• HHS Email as a Service
• HHS Foreign National Management System
• HHS Information Technology Infrastructure Operations Unified Communications System
• HIV.Gov
• Hosted Unified Communications
• HSMP and SPS Infrastructure as a Service
• Human Resources Employment Processing System
• iComplaints
• Identity Access Management System at HHS
• MedicalCounterMeasures.gov
• Minority Health Website
• Office of Disease Prevention and Health Promotion Web Sites System
• Office of Women's Health Websites
• Online Medical Evaluation Tool
• PACSNorth1
• PACSSouth1
• *Payment Management System
• Private Provider Network Client Portal System
• Response Management System
• Staff Portal Website
• Strategic Planning System
• Strategic Work Information and Folder Transfer
• Supply Chair Tracking Tool
• *Synthetic Healthcare Database for Research-Cloud
• Think Cultural Health
• ThreatConnect
• Tracking Accountability in Government Grants System DQDA
• Training Tracking Database
• TurnTheTideRx.org
• Worklife4you

Substance Abuse and Mental Health Services Administration

• Behavioral Health Services Information System
• BPM
• Burenorphine Waiver Notification System (BWNS)
• CABHI States and Communities Evaluation
• Center for the Application of Prevention Technologies
• Children's Mental Health Initiative (CMHI) National Evaluation
• Community Support Evaluation Data System
• *Coordinate Specialty Care Evaluation
• Disaster Technical Assistance Center
• DSI Project Management and Registration Systems
• DSI Web Systems
• Electronic Custody and Control Form
• National Registry of Evidence-based Programs and Practices and Websites
• National Survey on Drug Use and Health
• Now is the Time
• Prevention Management Reporting and Training System
• Program Evaluation for Prevention Contract
• Rapid HIV/Hepatitis Testing
• *SAMHDA Data Portal
• *SAMHSA Knowledge Network
• Services Accountability Improvement System
• Transformation Accountability System

To view PIAs published using the prior software, click on the name of the OpDiv listed below and then scroll through the document containing their PIAs:

• Administration for Children and Families Privacy Impact Assessments
• Agency for Healthcare Research and Quality Privacy Impact Assessments
• Administration on Aging Privacy Impact Assessments
• Centers for Disease Control & Prevention Privacy Impact Assessments
• Centers for Medicare & Medicaid Services Privacy Impact Assessments
• Food & Drug Administration Privacy Impact Assessments
• Health Resources & Services Administration Privacy Impact Assessments
• Indian Health Service Privacy Impact Assessments
• National Institutes of Health Privacy Impact Assessments
• Office of the Inspector General Privacy Impact Assessments
• Office of the Secretary Privacy Impact Assessments
• Substance Abuse and Mental Health Services Administration Privacy Impact Assessments

Third-Party Websites and Applications Privacy Impact Assessments

The Office of Management and Budget Memorandum 10-23, Guidance for Agency Use of Third-Party Websites and Applications, requires that agencies assess their uses of third-party Websites and applications to ensure that the uses protect privacy. The mechanism by which agencies perform this assessment is a privacy impact assessment (PIA). In accordance with HHS policy, operating divisions (OPDIVs) are responsible for completing and maintaining PIAs on all third-party Websites and applications in use. Upon completion of each assessment, agencies are required to make the PIAs publicly available.

To view the Third-Party Websites and Applications (TPWA) Privacy Impact Assessments for each individual OPDIV system, please refer to the links located below.

Agency for Healthcare Research and Quality

• AHRQ AddThis Service

Centers for Medicare & Medicaid Services

• *Adobe Ad Cloud
• AOL
• Bing
• Chartbeat
• *DocuSign – For the Eligibility Appeals Case Management System
• Enhanced Direct Enrollment Partner Websites
• Facebook
• Facebook Ads
• Google+
• GOOGLE ADVERTISING SERVICES ("DoubleClick, AdWords, AdMob")
• Google Analytics
• Google Analytics for Quality Payment Program
• Help On Demand
• *HULU
• Instagram Ad Solutions
• Instagram Social
• Integral Ad Science
• LinkedIn Advertising Services
• MediaMath
• MiQ Digital USA Inc.
• NewRelic
• NewRelic for Quality Payment Program
• *Optimizely
• Pandora Advertising
• *Qualtrics
• *Quantum Metric
• Resonate Networks ("Resonate")
• *Spotify
• *Tealium
• Tealium for Quality Payment Program
• *The Trade Desk
• Twitch Advertising
• Twitter
• Yahoo Gemini
• YouTube

Indian Health Services

• *Acquisition Management Reviews Survey
• *CDC Vaccine Administration Management System
• *COVID Incident Command Structure Surveys
• *Data Visualization Tool
• *Employee Satisfaction Survey 2017
• *HPV and Oral Health Survey
• *Human Resources Exit Surveys
• *IHS Acquisition Workforce Survey
• *IHS COVID-19 Vaccine Healthcare Personnel Survey
• *IHS Health Center Survey on Patient Safety
• *IHS Hospital Survey on Patient Safety
• IHS QIN-QIO SOW Feedback
• *Immunization Pharmacy Survey
• *Mashpee Community Survey
• *National Directors Awards RSVP Survey
• *National Pharmacy and Therapeutic Committee
• *Online Food Handlers Survey
• *Opioid Prescriber Habits Evaluation
• *OUIHP Confer Session Survey
• Patient Perception Survey Monkey
• *Pharmacy Batch Mail System
• *PrEP Providers' Perception Project
• *STD Prevention-CAC
• *STI Toolkit Needs Assessment
• *WebTMA
• *YRTC CEO Care Surveys

National Institutes of Health

• *Dryfta
• *NIH OD Disqus
• *NIH OD SoundCloud

Office of the Secretary

• *Agari-Enterprise Protect
• *Assistant Secretary for Preparedness and Response GitHub
• *Chronic Fqatigue Syndrome Advisory Committee
• *Dental Professional Advisory Committee Facebook Page
• *Eventbrite Office of HIV/AIDS and Infectious Disease Policy
• *GoToMeeting
• Office of the Assistant Secretary for Public Affairs Survey Monkey
• *Junior Officer Advisory Group Survey Monkey
• *OASH Pain Management Cvent
• *OS/Facebook/HealthFinder.gov
• *OS/Facebook/Office on Women's Health
• *Facebook updated by HIV.gov
• *OS/Flickr/HHSgov
• *OS/GitHub/HHS source code
• OS/Flickr/President's Council - Fitness.gov
• *OS/Twitter/ASPR Fusion (Public Health Emergency)
• *OS/Twitter/GirlsHealth
• OS/Twitter/HealthFinder
• *OS/Twitter/HealthyPeople
• OS/Twitter/President's Council - Fitness.gov
• OS/Youtube/USGovHHS
• *PartnersforGood (Twitter)
• Program Support Center FaceBook
• *SynAck
• *Therapist Professional Advisory Subcommittee Survey Monkey
• The Mighty IT Twitter
• *U.S. Public Health Service Scientist Professional Advisory Committee Program Support Center Twitter
• *YouTube updated by HIV.gov

Substance Abuse and Mental Health Services Administration

• Adoption of Behavioral Health Information Technologies Among Behavioral Health Providers Survey
• PAW
• PPW Youth Data
• SAMHSA Blog
• *SAMHSA Flickr TPWA
• SAMHSA YouTube TPWA
• *SBIRT Evaluation
• *STATE TA Tracker
• *Twitter SAMHSA account

To view the TPWA Privacy Impact Assessments completed using the prior software, please refer to the links located below.

• Agency for Healthcare Research and Quality Third-Party Websites and Applications Privacy Impact Assessments
• Food & Drug Administration Third-Party Websites and Applications Privacy Impact Assessments
• Health Resources & Services Administration Third-Party Websites and Applications Privacy Impact Assessments
• National Institutes of Health Third-Party Websites and Applications Privacy Impact Assessments
• Office of the Inspector General Third-Party Websites and Applications Privacy Impact Assessments
• Office of the Secretary Third-Party Websites and Applications Privacy Impact Assessments

"The PDFs noted with "*" are in the process of Section 508 review. If you need immediate assistance accessing the content, please submit a request to Office of Privacy and Information Management at [email protected]. Content will be updated pending the outcome of the Section 508 review."