Back to Top Skip to main content Skip to sub-navigation

Privacy Impact Assessments

A Privacy Impact Assessment (PIA) is an analysis of how personally identifiable information (PII) is handled in DoD information systems or electronic collections. The PIA examines and evaluates protections for handling information to mitigate potential privacy risks. A PIA also analyzes and describes the following information about a system:

  • What information is being collected?
  • Why the information will be collected?
  • What is the intended use of the information?
  • With whom will the information be shared?
  • How will the information be secured?

The Defense Health Agency (DHA) PIA program coordinates the PIA process within DHA, in compliance with the E-Government (E-Gov) Act of 2002, Section 208, OMB M-03-22, and DoDI 5400.16.

The DHA PIA team assists information system owners and developers who collect, maintain and/or disseminate PII in demonstrating the incorporation of required protections throughout the entire life cycle of a system.

You also may be interested in...

DoD Instruction 5400.16: DoD Privacy Impact Assessment (PIA) Guidance


This Instruction establishes policy and assigns responsibilities for completion and approval of PIAs in accordance with the guidance in DoD Instruction 5025.01 and the authority in DoD Directive 5144.1.

DoD Directive 5400.11: Department of Defense Privacy Program


This Regulation is reissued under the authority of DoD Directive 5400.11, “DoD Privacy Program,” May 8, 2007. It provides guidance on section 552a of title 5 United States Code (U.S.C.), the Privacy Act of 1974, as amended, and prescribes uniform procedures for implementation of the DoD Privacy Program.

DoD Instruction 8500.01: Cybersecurity


This Instruction reissues and renames DoD Directive (DoDD) 8500.01E as a DoD Instruction (DoDI) pursuant to the authority in DoDD 5144.02 to establish a DoD cybersecurity program to protect and defend DoD information and information technology (IT).

DoDI 8510.01: Risk Management Framework (RMF) for DoD Information Technology (IT)


This Instruction reissues and renames DoD Instruction (DoDI) 8510.01 in accordance with the authority in DoD Directive (DoDD) 5144.02. It also establishes the RMF for DoD IT (referred to in this Instruction as “the RMF”), establishing associated cybersecurity policy, and assigning responsibilities for executing and maintaining the RMF.

OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications


This Memorandum requires Federal agencies to take specific steps to protect individual privacy whenever they use third-party websites and applications to engage with the public.

  • Identification #: OMB Memorandum M-10-23, Guidance for Agency Use of Third-Party Websites and Applications
  • Date: 6/25/2010
  • Type: Memorandums
  • Topics: Privacy Impact Assessments

OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002


This Guidance provides information to Federal agencies on implementing the privacy provisions of the E-Government Act of 2002, which was signed by the President on December 17, 2002 and became effective on April 17, 2003.

OMB Circular A-130, Management of Federal Information Resources


This Circular (Transmittal Memorandum No. 4) establishes policy for the management of Federal information resources. The Office of Management and Budget (OMB) includes procedural and analytic guidelines for implementing specific aspects of these policies as appendices.

Showing results 1 - 7 Page 1 of 1

DHA Address: 7700 Arlington Boulevard | Suite 5101 | Falls Church, VA | 22042-5101

Some documents are presented in Portable Document Format (PDF). A PDF reader is required for viewing. Download a PDF Reader or learn more about PDFs.