U.S. Department of Health and Human Services
All Federal agencies must conduct a privacy impact assessment (PIA) for each system and monitor for changes, thereafter, for privacy impacts. A PIA:
Ensures that information handling conforms to applicable legal, regulatory, and policy requirements regarding privacy;
Determines the risks and effects of a system’s collection, maintenance, and dissemination of personally identifiable information (PII); and
Examines and evaluates protections and alternative processes for handling information to mitigate potential privacy risks.
Page 4 of 9
Implementation & Assessment Phase
Privacy Impact Assessment