ÃÛÑ¿´«Ã½

The NIH Privacy Program is responsible for mitigating and managing privacy breaches within NIH, and coordinates with IC Privacy Coordinators across NIH to prevent and manage situations where persons other than authorized users have access, or potential access, to personally identifiable information (PII).

Privacy Impact Assessments (PIAs)

Title II and III of the  requires agencies to assess the impact on privacy for systems that collect personally identifiable information (PII). The tool by which agencies perform this assessment is a privacy impact assessment (PIA). The Office of Management and Budget (OMB) guidance for implementing the privacy provisions of the E-Government Act is provided in . In addition to performing this assessment, agencies are required to make the PIA publicly available. A list of NIH PIAs that collect information on members of the public can be found on the .

Privacy Incidents and Breach Response

According to , agencies must have stringent breach notification and response policies. A breach involves the loss of control, compromise, unauthorized disclosure, or unauthorized acquisition of personally identifiable information (PII). Report any lost, stolen, or compromised NIH information or equipment within one hour of discovery to the NIH IT Service Desk:

• Phone Number: (301) 496-HELP (4357)

Privacy Act

The balances the Government’s need to maintain information about individuals with the rights of those individuals to be protected from unwarranted invasions of their privacy. Government agencies must handle personally identifiable information (PII) maintained in a system of records in accordance with the Privacy Act and provide individuals access to records about them upon request.

How to Make a Privacy Act Request

Individuals can request access to their records by filling out the or submitting a letter via mail with the same information. Send the request to:

NIH Privacy Act Officer
2023 ÃÛÑ¿´«Ã½
6705 Rockledge Dr
Suite 601
Bethesda, MD 20892

For email requests, send to the NIH Privacy Act Officer at privacy@mail.nih.gov with the subject line: "Privacy Act Request." DO NOT attach any documents or sensitive information to your email request. The NIH Privacy Act Officer will reach out using a secure method to obtain this information from you.

How to Submit a Privacy Act Request Appeal 

If your Privacy Act request is denied, you have the right to file an appeal. To appeal a denied request, submit a written request via mail to:

NIH Privacy Act Officer
2023 ÃÛÑ¿´«Ã½
6705 Rockledge Dr
Suite 601
Bethesda, MD 20892

For email appeals, send to the NIH Privacy Act Officer at privacy@mail.nih.gov with the subject line: "Privacy Act Appeal." DO NOT attach any documents or sensitive information to your email request. The NIH Privacy Act Officer will reach out using a secure method to obtain this information from you.

How to Submit a Privacy Complaint

To report a privacy violation or unfair practice, submit a written request via mail to:

NIH Privacy Act Officer
2023 ÃÛÑ¿´«Ã½
6705 Rockledge Dr
Suite 601
Bethesda, MD 20892

For email complaints, send to the NIH Privacy Act Officer at privacy@mail.nih.gov with the subject line: "Privacy Act Complaint." DO NOT attach any documents or sensitive information to your email request. The NIH Privacy Act Officer will reach out using a secure method to obtain this information from you.