Loading...

Attention A T users. To access the menus on this page please perform the following steps. 1. Please switch auto forms mode to off. 2. Hit enter to expand a main menu option (Health, Benefits, etc). 3. To enter and activate the submenu links, hit the down arrow. You will now be able to tab or arrow up or down through the submenu options to access/activate the submenu links.

VA Privacy Service

Menu
 

Compliance

Privacy compliance at VA comprises many individual components such as policy and procedural updates, which ensure VA is conforming to all applicable privacy laws. VA Privacy Service administers programs in accordance with the Privacy Act of 1974, E-Government Act of 2002, Health Insurance Portability and Accountability Act (HIPAA) and NIST 800-53, Revision 4, Security and Privacy Controls for Information Systems and Organizations.

VA uses Privacy Impact Assessments, Computer Matching Agreements, and System of Records Notices as part of its compliance process.

Privacy Impact Assessments

Section 208 of the E-Government Act of 2002 requires Privacy Impact Assessments (PIAs) from all federal government agencies that develop or procure new information technology involving the collection, maintenance or dissemination of information in identifiable form. This is also true of agencies making substantial changes to existing information technology that manages information in identifiable form.

A PIA is an analysis of how information in identifiable form is collected, stored, protected, shared and managed. Its purpose is to demonstrate that system owners and developers have incorporated privacy protections throughout the entire life cycle of a system. The E-Government Act of 2002 requires agencies to make PIAs publicly available except when an agency in its discretion determines publication of the PIA would raise security concerns, like revealing classified (i.e., national security) information, or sensitive information (e.g., potentially damaging to a national interest, law enforcement effort or competitive business interest contained in the assessment).