Back to Top Skip to main content Skip to sub-navigation

Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is an analysis of how personally identifiable information (PII) is handled in DoD information systems or electronic collections. The PIA examines and evaluates protections for handling information to mitigate potential privacy risks. A PIA also analyzes and describes the following information about a system:

  • What information is being collected?
  • Why the information will be collected?
  • What is the intended use of the information?
  • With whom will the information be shared?
  • How will the information be secured?

The Defense Health Agency (DHA) PIA program coordinates the PIA process within DHA, in compliance with the E-Government (E-Gov) Act of 2002, Section 208, OMB M-03-22, and DoDI 5400.16.

The DHA PIA team assists information system owners and developers who collect, maintain and/or disseminate PII in demonstrating the incorporation of required protections throughout the entire life cycle of a system.

You also may be interested in...

DoD Directive 5400.11: Department of Defense Privacy Program


This Regulation is reissued under the authority of DoD Directive 5400.11, “DoD Privacy Program,” May 8, 2007. It provides guidance on section 552a of title 5 United States Code (U.S.C.), the Privacy Act of 1974, as amended, and prescribes uniform procedures for implementation of the DoD Privacy Program.

Examples of PII

Fact Sheet

Personally identifiable information (PII) is information that identifies, links, relates, or is unique to, or describes you. This also includes information which can be used to distinguish or trace your identity and any other personal information which is linked or linkable to you.

Recommended Content:

Privacy Act at DHA | Privacy Impact Assessments | HIPAA Compliance within the MHS | How HIPAA Protects You | Submit a Data Sharing Application | Breaches of PII and PHI | Freedom of Information Act | DHA Privacy Contract Language | Research Protections | Privacy Act and HIPAA Privacy Training

DoD Instruction 8500.01: Cybersecurity


This Instruction reissues and renames DoD Directive (DoDD) 8500.01E as a DoD Instruction (DoDI) pursuant to the authority in DoDD 5144.02 to establish a DoD cybersecurity program to protect and defend DoD information and information technology (IT).

DoDI 8510.01: Risk Management Framework (RMF) for DoD Information Technology (IT)


This Instruction reissues and renames DoD Instruction (DoDI) 8510.01 in accordance with the authority in DoD Directive (DoDD) 5144.02. It also establishes the RMF for DoD IT (referred to in this Instruction as “the RMF”), establishing associated cybersecurity policy, and assigning responsibilities for executing and maintaining the RMF.

Machine-Readable Policies Information Paper

Fact Sheet

This Information Paper provides an overview of the E-Government (E-Gov) Act of 2002 mandating the use of machine-readable privacy policies by Federal agencies on websites used by the public.

Recommended Content:

Privacy Impact Assessments

OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications


This Memorandum requires Federal agencies to take specific steps to protect individual privacy whenever they use third-party websites and applications to engage with the public.

  • Identification #: OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications
  • Date: 6/25/2010
  • Type: Memorandums
  • Topics: Privacy Impact Assessments

OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002


This Guidance provides information to Federal agencies on implementing the privacy provisions of the E-Government Act of 2002, which was signed by the President on December 17, 2002 and became effective on April 17, 2003.

OMB Circular A-130, Management of Federal Information Resources


This Circular (Transmittal Memorandum No. 4) establishes policy for the management of Federal information resources. The Office of Management and Budget (OMB) includes procedural and analytic guidelines for implementing specific aspects of these policies as appendices.

<< < 1 2 > >> 
Showing results 16 - 23 Page 2 of 2

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.