The Privacy Act

Privacy

The Privacy Act of 1974, as amended at 5 United States Code (U.S.C.) 552a, protects records that can be retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual is entitled access to his or her records and to request correction of these records as applicable.

The Privacy Act prohibits disclosure of these records without an individual's written consent unless one of the twelve disclosure exceptions enumerated in the Act applies. These records are held in Privacy Act Systems of Records (SOR). A notice of any such system is published in the Federal Register. These notices identify the legal authority for collecting and storing the records, individuals about whom records will be collected, what kinds of information will be collected, and the routine uses for the records.

As with the Freedom of Information Act (FOIA), the Privacy Act binds only Federal agencies, and covers only records in the possession and control of Federal agencies.

In addition to the Privacy Act, the Centers for Medicare & Medicaid Services (CMS) is required to follow the Department of Health and Human Services (DHHS) Privacy Act Regulations at 45 Code of Federal Regulations (C.F.R.) Part 5b.