Back to Top Skip to main content

Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is an analysis of how personally identifiable information (PII) is handled in DoD information systems or electronic collections. The PIA examines and evaluates protections for handling information to mitigate potential privacy risks. A PIA also analyzes and describes the following information about a system:

  • What information is being collected?
  • Why the information will be collected?
  • What is the intended use of the information?
  • With whom will the information be shared?
  • How will the information be secured?

The Defense Health Agency (DHA) PIA program coordinates the PIA process within DHA, in compliance with the E-Government (E-Gov) Act of 2002, Section 208, OMB M-03-22, and DoDI 5400.16.

The DHA PIA team assists information system owners and developers who collect, maintain and/or disseminate PII in demonstrating the incorporation of required protections throughout the entire life cycle of a system.

You also may be interested in...

Surgical Scheduling System

Form/Template
9/16/2016

PIA summary for Surgical Scheduling System.

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Zeiss FORUM

Form/Template
8/12/2016

Zeiss FORUM PIA summary

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Privacy Impact Assessment (PIA) Overview Information Paper

Fact Sheet
7/28/2016

This Information Paper provides an overview of Privacy Impact Assessment (PIA).

Recommended Content:

Privacy Impact Assessments

Department of Defense Consolidated Cancer Registry (CCR)

Form/Template
7/21/2016

Department of Defense Consolidated Cancer Registry (CCR) System PIA summary

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Military Health System Data Repository

Form/Template
6/23/2016

Military Health System (MHS) Data Repository (MDR) PIA

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Defense and Veterans Eye Injury and Vision Registry

Form/Template
6/22/2016

PIA for the Defense and Veterans Eye Injury and Vision Registry (DVEIVR)

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

Surgery Scheduling System (S3)

Form/Template
6/20/2016

PIA for the Surgery Scheduling System S3

Recommended Content:

Privacy and Civil Liberties | Privacy Impact Assessments

DHA Form 61, Privacy Threshold Analysis (PTA)

Form/Template
3/31/2016

The purpose of the PTA is to identify if a system contains personally identifiable information (PII); and determine whether a Privacy Impact Assessment (PIA) is required, whether a System of Records Notice (SORN) is required, and if any other privacy requirements apply to the information system.

Recommended Content:

Privacy Impact Assessments | Privacy and Civil Liberties

DHA PIA Desk Reference Guide

Form/Template
3/21/2016

The DHA PIA Guide addresses the common issues encountered during the completion of a PIA. This PIA Guide enhances the assessment process and helps the DHA Privacy and Civil Liberties Office efficiently conduct a PIA review to completion.

Recommended Content:

Privacy Impact Assessments

DoD Instruction 5400.16: DoD Privacy Impact Assessment (PIA) Guidance

Policy

This Instruction establishes policy and assigns responsibilities for completion and approval of PIAs in accordance with the guidance in DoD Instruction 5025.01 and the authority in DoD Directive 5144.1.

Military Health System (MHS) Privacy Impact Assessment (PIA) - Process Overview

Fact Sheet
4/16/2015

The Military Health System (MHS) Privacy Impact Assessment (PIA) Process Overview describes how to submit a PIA.

Recommended Content:

Privacy Impact Assessments

DoD Directive 5400.11: Department of Defense Privacy Program

Policy

This Regulation is reissued under the authority of DoD Directive 5400.11, “DoD Privacy Program,” May 8, 2007. It provides guidance on section 552a of title 5 United States Code (U.S.C.), the Privacy Act of 1974, as amended, and prescribes uniform procedures for implementation of the DoD Privacy Program.

Examples of PII

Fact Sheet
5/1/2014

Personally identifiable information (PII) is information that identifies, links, relates, or is unique to, or describes you. This also includes information which can be used to distinguish or trace your identity and any other personal information which is linked or linkable to you.

Recommended Content:

Privacy Act at DHA | Privacy Impact Assessments | HIPAA Compliance within the MHS | How HIPAA Protects You | Submit a Data Sharing Application | Breaches of PII and PHI | Freedom of Information Act | DHA Privacy Contract Language | Human Research Protections | Privacy Act and HIPAA Privacy Training

DoD Instruction 8500.01: Cybersecurity

Policy

This Instruction reissues and renames DoD Directive (DoDD) 8500.01E as a DoD Instruction (DoDI) pursuant to the authority in DoDD 5144.02 to establish a DoD cybersecurity program to protect and defend DoD information and information technology (IT).

DoDI 8510.01: Risk Management Framework (RMF) for DoD Information Technology (IT)

Policy

This Instruction reissues and renames DoD Instruction (DoDI) 8510.01 in accordance with the authority in DoD Directive (DoDD) 5144.02. It also establishes the RMF for DoD IT (referred to in this Instruction as “the RMF”), establishing associated cybersecurity policy, and assigning responsibilities for executing and maintaining the RMF.

<< < 1 2 > >> 
Showing results 1 - 15 Page 1 of 2

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing: Download a PDF Reader or learn more about PDFs.