Law Library | FPC.gov

<!DOCTYPE html> <html lang="en"> <head>  <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="robots" content="index,follow">  <meta name="HandheldFriendly" content="True"> <meta name="MobileOptimized" content="320"> <meta name="viewport" content="width=device-width, initial-scale=1.0">  <title>Law Library | FPC.gov</title> <meta property="siteurl" content="https://www.fpc.gov"> <meta property="og:image" content="https://www.fpc.gov/assets/img/FPCColorKnockout.jpg" /> <meta property="og:title" content="Law Library"> <meta name="description" content="The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf. The work of the Federal Privacy Council shall strengthen protections of people’s personal information and privacy rights across the Federal Government."> <meta property="og:description" content="The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf. The work of the Federal Privacy Council shall strengthen protections of people’s personal information and privacy rights across the Federal Government."> <meta name="twitter:card" content="summary" /> <meta name="twitter:site" content="@18F" /> <meta name="twitter:title" content="Law Library" /> <meta name="twitter:description" content="The Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf. The work of the Federal Privacy Council shall strengthen protections of people’s personal information and privacy rights across the Federal Government." /> <meta name="twitter:image" content="https://www.fpc.gov/assets/img/FPCColorKnockout.jpg" /> <meta property="og:type" content="article"> <link rel="canonical" href="https://www.fpc.gov/law-library/" /> <meta property="og:url" content="https://www.fpc.gov/law-library/" />   <link rel="shortcut icon" type="image/x-icon" href="/assets/img/favicon.ico" /> <link rel="icon" type="image/png" href="/assets/uswds/img/favicons/favicon.png">  <link rel="icon" type="image/png" sizes="192x192" href="/assets/uswds/img/favicons/favicon-192.png">  <link rel="apple-touch-icon-precomposed" href="/assets/uswds/img/favicons/favicon-57.png">  <link rel="apple-touch-icon-precomposed" sizes="72x72" href="/assets/uswds/img/favicons/favicon-72.png">  <link rel="apple-touch-icon-precomposed" sizes="114x114" href="/assets/uswds/img/favicons/favicon-114.png">  <link rel="apple-touch-icon-precomposed" sizes="144x144" href="/assets/uswds/img/favicons/favicon-144.png">  <link rel="stylesheet" type="text/css" href="/assets/css/index.css?1741629889353866212"> <link rel="stylesheet" type="text/css" href="/assets/css/main-page.css?1741629889353866212"> </head> <body> <div class="page-landing-page layout-demo "> <a class="usa-skipnav" href="#main-content">Skip to main content</a> <div class="usa-banner" aria-label="Official website of the United States government" > <div class="usa-accordion"> <header class="usa-banner__header"> <div class="usa-banner__inner"> <div class="grid-col-auto"> <img aria-hidden="true" class="usa-banner__header-flag" src="/assets/uswds/img/us_flag_small.png" alt="U.S. flag" /> </div> <div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"> <p class="usa-banner__header-text"> An official website of the United States government </p> <p class="usa-banner__header-action">Here’s how you know</p> </div> <button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default" > <span class="usa-banner__button-text">Here’s how you know</span> </button> </div> </header> <div class="usa-banner__content usa-accordion__content" id="gov-banner-default" hidden="" > <div class="grid-row grid-gap-lg"> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/assets/uswds/img/icon-dot-gov.svg" role="img" alt="Dot gov" aria-hidden="true" /> <div class="usa-media-block__body"> <p> <strong>Official websites use .gov</strong><br />A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> <div class="usa-banner__guidance tablet:grid-col-6"> <img class="usa-banner__icon usa-media-block__img" src="/assets/uswds/img/icon-https.svg" role="img" alt="Https" aria-hidden="true" /> <div class="usa-media-block__body"> <p> <strong>Secure .gov websites use HTTPS</strong><br />A <strong>lock</strong> ( <span class="icon-lock" ><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false" > <title id="banner-lock-title-default">Lock</title> <desc id="banner-lock-description-default">Locked padlock icon</desc> <path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z" /> </svg> </span >) or <strong>https://</strong> means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> <div class="usa-overlay"></div> </div> <header class="usa-header usa-header--extended" role="banner"> <div class="usa-navbar"> <div class="usa-logo" id="extended-logo"> <div class="usa-logo__text display-flex font-sans-sm line-height-sans-4 tablet:width-tablet"> <a href="/" title="FPC - Federal Privacy Council" class="display-inline-flex flex-row flex-align-center"> <img class="width-10" alt="logo: Federal Privacy Council (FPC)" src="/assets/img/logo-main.png"> <span class="margin-left-2 text-normal line-height-sans-6 margin-top-05"> <em>Protecting Privacy.<br>Promoting Trust in Government.</em> </span> </a> </div> </div> <button class="usa-menu-btn">Menu</button> </div> <nav role="navigation" class="usa-nav"> <div class="usa-nav__inner"> <button class="usa-nav__close"><img alt="close" src="/assets/img/close.svg"></button> <ul class="usa-nav__primary usa-accordion"> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary-nav-1"><span>About Our Council</span></button> <ul id="primary-nav-1" class="usa-nav__submenu"> <li class="usa-nav__submenu-item"> <a class="" href="/vision-and-purpose/">Vision & Purpose</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/council-members/">Council Members</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/council-members/#council-committees">Committees and Communities</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/council-members/#working-groups">Working Groups</a> </li> </ul> </li> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary-nav-2"><span>Federal Privacy Programs</span></button> <ul id="primary-nav-2" class="usa-nav__submenu"> <li class="usa-nav__submenu-item"> <a class="" href="/learn-about-federal-privacy-program/">Learn about Federal Privacy</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/elements-of-federal-privacy-program/">Elements of a Federal Privacy Program</a> </li> </ul> </li> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary-nav-3"><span>Resources</span></button> <ul id="primary-nav-3" class="usa-nav__submenu"> <li class="usa-nav__submenu-item"> <a class="" href="/law-library/">Law Library</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/resources/omb/">OMB Guidance</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/resources/SORNs/">Government-wide SORNs</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/resources/glossary/">Glossary</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/resources/fipps/">Fair Information Practice Principles</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="https://www.federalregister.gov/documents/search?conditions%5Bnotice_type%5D%5B%5D=sorn&conditions%5Btype%5D%5B%5D=NOTICE">Federal Register SORN Search Tool</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/assets/pdf/Privacy-Toolkit-1-13-2017.pdf">Toolkit for Recruiting, Hiring, and Retaining Privacy Professionals</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/assets/pdf/Collaboration Index for Security and Privacy Controls FINAL.pdf">Collaboration Index for Security and Privacy Controls</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/assets/pdf/FINAL Content Placed In Layout.pdf">Cross Walk Terminology Project</a> </li> <li class="usa-nav__submenu-item"> <a class="" href="/assets/pdf/Privacy for CDOs.pdf">Privacy for Chief Data Officers</a> </li> </ul> </li> <li class="usa-nav__primary-item"> <button class="usa-accordion__button usa-nav__link" aria-expanded="false" aria-controls="primary-nav-4"><span>Programs & Events</span></button> <ul id="primary-nav-4" class="usa-nav__submenu"> <li class="usa-nav__submenu-item"> <a class="" href="/programs-and-events/">Programs & Events</a> </li> <li class="usa-nav__submenu-item"> <span class="navheader">Data Privacy Week</span> </li> <li class="usa-nav__submenu-item"> <a class="margin-left-105" href="/data-privacy-week-2025">Data Privacy Week 2025</a> </li> <li class="usa-nav__submenu-item"> <a class="margin-left-105" href="/data-privacy-week-2024/">Data Privacy Week 2024</a> </li> <li class="usa-nav__submenu-item"> <a class="margin-left-105" href="/data-privacy-week-2023">Data Privacy Week 2023</a> </li> <li class="usa-nav__submenu-item"> <a class="margin-left-105" href="/data-privacy-week-2022/">Data Privacy Week 2022</a> </li> <li class="usa-nav__submenu-item"> <a class="margin-left-105" href="/data-privacy-day-2021/">Data Privacy Day 2021</a> </li> </ul> </li> </ul> <div class="usa-nav__secondary margin-bottom-1"> <ul class="usa-nav__secondary-links"> </ul> <form id="search_form" class="usa-search usa-search--small" action="https://search.usa.gov/search" accept-charset="UTF-8" method="get"> <input name="utf8" type="hidden" value="✓" /> <input name="affiliate" type="hidden" value="fpc_gov" /> <div role="search"> <label class="usa-sr-only" for="extended-search-field-small">Search small</label> <input class="usa-input usagov-search-autocomplete" id="extended-search-field-small" type="search" name="query" autocomplete="off"> <button class="usa-button" type="submit"> <img src="/assets/uswds/img/usa-icons-bg/search--white.svg" class="usa-search__submit-icon" alt="Search" /> <span class="usa-sr-only">Search</span> </button> </div> </form> </div> </div> </nav> </header> <section class="usa-section about margin-bottom-3"> <div class="usa-grid"> <div class="grid-container "> <div class="priority-tag-line"><h1 class="margin-0 font-ui-xl">Law Library</h1></div><br> </div> </div> </section> <section id="main-content" class="usa-section padding-top-2" > <div class="usa-grid"> <div class="grid-container font-sans-sm"> <div id=""> <section class="padding-top-0 law-library">   <div class="alpha-index" id="back-to-top"> <a class="" href="#A">A <span class="usa-sr-only"> Section</span></a> <a class="" href="#B">B <span class="usa-sr-only"> Section</span></a> <a class="" href="#C">C <span class="usa-sr-only"> Section</span></a> <a class="" href="#D">D <span class="usa-sr-only"> Section</span></a> <a class="" href="#E">E <span class="usa-sr-only"> Section</span></a> <a class="" href="#F">F <span class="usa-sr-only"> Section</span></a> <a class="" href="#G">G <span class="usa-sr-only"> Section</span></a> <a class="" href="#H">H <span class="usa-sr-only"> Section</span></a> <a class="" href="#I">I <span class="usa-sr-only"> Section</span></a> <a class="" href="#J">J <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">K <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">L <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">M <span class="usa-sr-only"> Section</span></a> <a class="" href="#N">N <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">O <span class="usa-sr-only"> Section</span></a> <a class="" href="#P">P <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">Q <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">R <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">S <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">T <span class="usa-sr-only"> Section</span></a> <a class="" href="#U">U <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">V <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">W <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">X <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">Y <span class="usa-sr-only"> Section</span></a> <a class="disabled" href="#">Z<span class="usa-sr-only"> Section</span></a> </div>  <p id="A" class="section_header">A</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Act to Regulate the Issue and Validity of Passports, And For Other Purposes, 1926 (as amended)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title22/pdf/USCODE-2015-title22-chap4-sec211a.pdf')" title="(opens New Window)">22 U.S.C. § 211a, Passports</A><p> <H3><STRONG>Overview</STRONG></H3> <P> This law provides that the U.S. Department of State is in charge of granting and issuing U.S. passports. <BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a825"> Helpful Tips </button> <div id="b-a825" class="usa-accordion__content"> Passport records may consist of applications submitted for the issuance of a passport or other records such as a Consular Report of Birth, a Certificate of Witness to Marriage, a Certificate of Loss of Nationality, or a Consular Report of Death. These records are protected by the Privacy Act of 1974, 5 U.S.C. § 552a. Passport records do not include evidence of travel such as entrance/exit stamps, visas, residence permits, etc. <I>Source:</I> <A HREF="https://travel.state.gov/content/passports/en/passports/services/obtain-copies-of-passport-records.html">Order Copies of Passport Records</A> Executive Order 11295 designates and empowers the Secretary of State to exercise, without the approval, ratification, or other action of the President, the authority to designate and prescribe for and on behalf of the United States rules governing the granting, issuing, and verifying of passports. <I>Source:</I> <A HREF="https://www.archives.gov/federal-register/codification/executive-order/11295.html">Executive Order 11295, Rules governing the granting, issuing, and verifying of United States passports</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a826"> Regulations </button> <div id="b-a826" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title22-vol1/pdf/CFR-2016-title22-vol1-part51.pdf">22 C.F.R. Part 51</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a827"> Executive Orders, Memoranda, and Directives </button> <div id="b-a827" class="usa-accordion__content"> <p> Rules Governing the Granting, Issuing, and Verifying of United States Passports, Exec. Order 11295 (31 FR. 10603, August 5, 1966) Available at: <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title22/pdf/USCODE-2015-title22-chap4-sec211a.pdf">22 U.S.C. § 211a</A>, Passports and for further information at the <A HREF="http://www.archives.gov/federal-register/codification/executive-order/11295.html">National Archives – Executive Orders</A> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a828"> Supplemental Material </button> <div id="b-a828" class="usa-accordion__content"> <P><STRONG>Department of State</STRONG></P> <UL> <LI><A HREF="https://fam.state.gov/FAM/07FAM/07FAM1310.html">Foreign Affairs Manual (FAM) Regulations on Passport Applications</A></LI> <LI><A HREF="https://fam.state.gov/FAM/07FAM/07FAM1300apT.html">Introduction to Passport Services</A></LI> <LI><A HREF="https://fam.state.gov/FAM/07FAM/07FAM1300apJ.html">Information Request Letters and Information Notices</A></LI> <LI><A HREF="https://fam.state.gov/FAM/07FAM/07FAM1300apF.html">Release of Information from Passport Files</A></LI> <LI><A HREF="https://fam.state.gov/FAM/07FAM/07FAM1300apF.html">Passport Amendments</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline:none;">Americans with Disabilities Act of 1990 (ADA) & Rehabilitation Act</H2> Americans with Disabilities Act (ADA)<BR> <p class="text-bold">Americans with Disabilities Act (ADA)<p> <p class="text-bold"><a href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap126.pdf">42 U.S.C. §§ 12101 <em>et seq</em></a><p> <p class="text-bold"><a href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap126-subchapI-sec12112.pdf">42 U.S.C. § 12112(d) Discrimination</a><p> <p class="text-bold">Rehabilitation Act (Rehab Act)<p> <p><strong><a href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title29/pdf/USCODE-2015-title29-chap16.pdf')" title="(opens New Window)">29 U.S.C. §§ 701 <em>et seq</em> (Chapter 16 Vocational Rehabilitation and Other Rehabilitation Services)</a></strong></p> <H3><strong>Overview</strong></H3> <p>The <a href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap126.pdf">ADA</a> prohibits discrimination and guarantees that people with disabilities have the same opportunities as everyone else to participate in the mainstream of American life — to enjoy employment opportunities, to purchase goods and services, and to participate in State and local government programs and services. Modeled after the Civil Rights Act of 1964, which prohibits discrimination on the basis of race, color, religion, sex, or national origin – and Section 504 of the Rehabilitation Act of 1973 — the ADA is an “equal opportunity” law for people with disabilities.</p> <p>The ADA, at <a href="https://www.gpo.gov/fdsys/pkg/USCODE-2011-title42/pdf/USCODE-2011-title42-chap126-subchapI-sec12112.pdf">42 U.S.C. § 12112(d), </a>generally prohibits medical examinations and inquiries of job applicants unless the inquiry is about the ability of the applicant to perform job related functions. The ADA <em>does</em> authorize medical examinations and inquiries by employers with regard to an employee’s request for reasonable accommodation for a disability. In both instances, there are confidentiality requirements that attach to the records and information gathered.</p> <p>The <a href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title29/pdf/USCODE-2015-title29-chap16.pdf">Rehabilitation Act of 1973 </a>(also known as the “Rehab Act”) prohibits discrimination on the basis of disability in programs run by federal agencies; programs that receive federal financial assistance; in federal employment; and in the employment practices of federal contractors. The standards for deciding if employment discrimination exists under the Rehab Act are the same as those used in Title I of the ADA.</p> <p>The Rehab Act, at 29 C.F.R. § 791(f) and §793(d), provides that these sections of the ADA apply equally to those entities subject to the Rehab Act.</p> <p>The Americans with Disabilities Act Amendments Act of 2008 (<a href="https://www.gpo.gov/fdsys/pkg/PLAW-110publ325/pdf/PLAW-110publ325.pdf">Public Law 110-325</a>) (ADAAA) further amended the definition of “individual with a disability” and amended sections 12101, 12102, 12111 to 12114, 12201 and 12210 of the ADA and section 705 of the Rehab Act. The ADAAA also enacted sections 12103 and 12205a and re-designated sections 12206 to 12213.</p> <p>Sources:<br> <a href="https://www.ada.gov/ada_intro.htm">Introduction to the ADA</a><br> <a href="https://www.disability.gov/rehabilitation-act-1973/">Rehabilitation Act of 1973 (disability.gov)</a><br> <a href="javascript:window.open('https://www.eeoc.gov/laws/statutes/ada.cfm')" title="(opens New Window)">Titles I and V of the Americans with Disabilities Act of 1990 (ADA) </a><br> <a href="javascript:window.open('https://www.eeoc.gov/laws/statutes/rehab.cfm')"title="(opens New Window)">The Rehabilitation Act of 1973 (EEOC)</a></p> <ul class="usa-accordion usa-accordion--bordered"> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a1"> Helpful Tips </button> <div id="b-a1" class="usa-accordion__content"> The ADA, at <A href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap126-subchapI-sec12112.pdf">42 U.S.C. § 12112(d), </A>generally prohibits medical examinations and inquiries of job applicants unless the inquiry is about the ability of the applicant to perform job related functions. The ADA <EM>does</EM> authorize medical examinations and inquiries by employers with regard to an employee’s request for reasonable accommodation for a disability.  In both instances, there are confidentiality requirements that attach to the records and information gathered. <p></p> The Equal Employment Opportunity Commission (EEOC) issues government-wide regulations for implementing the ADA at <A href="https://www.gpo.gov/fdsys/pkg/CFR-2015-title29-vol4/pdf/CFR-2015-title29-vol4-part1630.pdf">29 C.F.R. Part 1630</A>.  Except as otherwise provided in this part, this part does not apply a lesser standard than the standards applied under title V of the Rehabilitation Act of 1973 (<A href="https://www.gpo.gov/fdsys/pkg/USCODE-2010-title29/pdf/USCODE-2010-title29-chap16-subchapV.pdf">29 U.S.C. §§ 790-794a, as amended</A>), or the regulations issued by Federal agencies pursuant to that title. <A href="https://www.gpo.gov/fdsys/pkg/CFR-2015-title29-vol4/pdf/CFR-2015-title29-vol4-part1630.pdf">[29 C.F.R. § 1630.1(c)]</A> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a2"> Regulations </button> <div id="b-a2" class="usa-accordion__content"> <A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/CFR-2016-title29-vol4/pdf/CFR-2016-title29-vol4-part1630.pdf')" title="(opens New Window)">29 C.F.R. Part 1630</A> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a3"> Executive Orders, Memoranda, and Directives </button> <div id="b-a3" class="usa-accordion__content"> <A href="https://www.gpo.gov/fdsys/pkg/WCPD-2000-07-31/pdf/WCPD-2000-07-31-Pg1687.pdf">Executive Order No. 13164 – Requiring Federal Agencies to Establish Procedures to Facilitate the Provision of Reasonable Accommodation</A> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a4"> Supplemental Material </button> <div id="b-a4" class="usa-accordion__content"> <STRONG>Equal Employment Opportunity Commission</STRONG> <UL> <LI><A href="javascript:window.open('https://www.eeoc.gov/policy/docs/accommodation_procedures.html')" title="(opens New Window)">EEOC, Policy Guidance on Executive Order 13164: Establishing Procedures to Facilitate the Provision of Reasonable Accommodation  </A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/policy/docs/guidance-inquiries.html')" title="(opens New Window)">EEOC, Enforcement Guidance: Disability-Related Inquiries and Medical Examinations of Employees Under the Americans with Disabilities Act (ADA)  </A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/policy/docs/workcomp.html')" title="(opens New Window)">EEOC, Enforcement Guidance: Workers’ Compensation and the ADA</A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/policy/docs/psych.html')" title="(opens New Window)">EEOC, Enforcement Guidance on the Americans with Disabilities Act and Psychiatric Disabilities  </A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/facts/evacuation.html')" title="(opens New Window)">EEOC, Fact Sheet on Obtaining and Using Employee Medical Information as Part of Emergency Evacuation Procedures</A></LI> <LI><A href="javascript:window.open('https://www1.eeoc.gov/policy/docs/fmlaada.html')" title="(opens New Window)">EEOC, Fact Sheet, The Family and Medical Leave Act, the Americans with Disabilities Act, and Title VII of the Civil Rights Act of 1964 </A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/eeoc/publications/ada_mental_health_provider.cfm')" title="(opens New Window)">EEOC, The Mental Health Provider’s Role in a Client’s Request for a Reasonable Accommodation at Work</A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/laws/types/intellectual_disabilities.cfm')" title="(opens New Window)">EEOC, Questions & Answers about Persons with Intellectual Disabilities in the Workplace and the Americans with Disabilities Act (ADA)</A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/eeoc/publications/qa_domestic_violence.cfm') title=" (opens New Window)">EEOC, Questions and Answers: The Application of Title VII and the ADA to Applicants or Employees Who Experience Domestic or Dating Violence, Sexual Assault, or Stalking</A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/eeoc/publications/hiv_doctors.cfm')" title="(opens New Window)">EEOC, Helping Patients with HIV Infection Who Need Accommodations at Work</A></LI> </UL> </div> </li> </ul>  <H2 class="sub_section_header">Aviation and Transportation Security Act of 2001 </H2> <DIV class="content"> <p class="text-bold"><A href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title49/pdf/USCODE-2015-title49-subtitleI-chap1-sec114.pdf">49 U.S.C. § 114 Transportation Security Administration</A><p> <p class="text-bold"><A href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title49/pdf/USCODE-2015-title49-subtitleVII-partA-subpartiii-chap449-subchapI-sec44909.pdf">49 U.S.C. § 44909 Passenger Manifests</A><p> <p class="text-bold">See also: <A href="https://www.tsa.gov/sites/default/files/aviation_and_transportation_security_act_atsa_public_law_107_1771.pdf">Pub. Law 107-71</A><p> <H3>Overview</H3> <P>President Bush signed the Aviation and Transportation Security Act into law in November 2001, requiring screening conducted by federal officials, 100 percent checked baggage screening, expansion of the Federal Air Marshal Service and reinforced cockpit doors. The Transportation Security Administration (TSA) was created to oversee security in all modes of transportation.</P> <P>Source:<br><A href="https://www.tsa.gov/timeline">Transportation Security Timeline</A></P> </DIV> <ul class="usa-accordion usa-accordion--bordered"> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a5"> Regulations </button> <div id="b-a5" class="usa-accordion__content"> <P><A href="https://www.gpo.gov/fdsys/pkg/CFR-2016-title19-vol1/pdf/CFR-2016-title19-vol1-part122-subpartE.pdf">19 C.F.R. Part 122 Subpart E</A></P> <P><A href="https://www.gpo.gov/fdsys/pkg/CFR-2016-title19-vol1/pdf/CFR-2016-title19-vol1-part122-subpartE.pdf">49 C.F.R. § 1540.107 </A></P> <P><A href="https://www.gpo.gov/fdsys/pkg/CFR-2015-title49-vol9/pdf/CFR-2015-title49-vol9-part1560.pdf">49 C.F.R. Part 1560 </A></P> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a7"> Executive Orders, Memoranda, and Directives </button> <div id="b-a7" class="usa-accordion__content"> <P><A href="https://www.gpo.gov/fdsys/pkg/PPP-2003-book2/pdf/PPP-2003-book2-doc-pg1174.pdf">Directive on Integration and Use of Screening Information To Protect Against Terrorism, HSPD-6 (Sept. 16, 2003)</A></P> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a8"> Supplemental Material </button> <div id="b-a8" class="usa-accordion__content"> <P><STRONG>U.S. Department of Homeland Security</STRONG></P> <P><EM><STRONG>Transportation Security Administration</STRONG></EM></P> <P><A href="https://www.tsa.gov/travel">Travel Resources Page</A></P> <P><A href="https://www.dhs.gov/publication/passenger-name-record-privacy-policy">Passenger Name Record Privacy Policy</A></P> </div> </li> </ul> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="B"> <p class="section_header">B</p> <hr>  </div> <H2 class="sub_section_header" style="text-underline: none;">Bank Secrecy Act (BSA)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title31/pdf/USCODE-2015-title31-subtitleI-chap3-subchapI-sec310.pdf')" title="(opens New Window)">31 U.S.C. § 310</A></p> <h3><STRONG>Overview</STRONG></h3> <P>The Currency and Foreign Transactions Reporting Act of 1970 (which legislative framework is commonly referred to as the “Bank Secrecy Act” or “BSA”) requires U.S. financial institutions to assist U.S. government agencies to detect and prevent money laundering. Specifically, the Act requires financial institutions to keep records of cash purchases of negotiable instruments, file reports of cash transactions exceeding $10,000 (daily aggregate amount), and to report suspicious activity that might signify money laundering, tax evasion, or other criminal activities. It was passed by the Congress of the United States in 1970. The BSA is sometimes referred to as an anti-money laundering” law (“AML”) or jointly as “BSA/AML.” Several AML Acts, including provisions in Title III of the USA PATRIOT Act of 2001, have been enacted up to the present to amend the BSA. (See 31 USC 5311-5330 and 31 CFR Chapter X [formerly 31 CFR Part 103] )</P> <P><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title31/pdf/USCODE-2015-title31-subtitleI-chap3-subchapI-sec310.pdf')">Sec. 31 U.S.C. § 310 (c)(2) </A>requires the US Department of the Treasury, Financial Crimes Enforcement Network (FinCEN) to provide appropriate standards and guidelines for determining who is to be given access to the information maintained by FinCEN; what limits are to be imposed on the use of such information; and how information about activities or relationships which involve or are closely associated with the exercise of constitutional rights is to be screened out of the data maintenance system.</P> <P>When investigating potential money laundering or Bank Secrecy Act (BSA) violations, the key test (related statute test) is whether, under the facts and circumstances of the particular case, the money laundering and BSA provisions are considered related to the administration of the Internal Revenue laws.</P> <P>Source:<br><A href="javascript:window.open('https://www.fincen.gov/resources/statutes-regulations/fincens-mandate-congress')" title="(opens New Window)">FinCEN’s Mandate from Congress</A></P> </DIV> <ul class="usa-accordion usa-accordion--bordered"> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a9"> Helpful Tips </button> <div id="b-a9" class="usa-accordion__content"> <P><A href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title31/pdf/USCODE-2015-title31-subtitleI-chap3-subchapI-sec310.pdf">Sec. 31 U.S.C. § 310 (c)(2) </A>Requirements Relating to Maintenance and Use of Data Banks</P> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a10"> Regulations </button> <div id="b-a10" class="usa-accordion__content"> <P><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/CFR-2012-title31-vol3/pdf/CFR-2012-title31-vol3-subtitleB-chapX.pdf')" title="(opens New Window)">31 C.F.R. Chapter X-Financial Crimes Enforcement Network, Department of the Treasury</A></P> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a11"> Statutory Implementation Guidance </button> <div id="b-a11" class="usa-accordion__content"> <P><STRONG>US Department of the Treasury, Financial Crimes Enforcement Network (FinCEN)</STRONG></P> <P><A href="javascript:window.open('https://www.fincen.gov/sites/default/files/shared/FIN-2010-A014.pdf')" title="(opens New Window)">Advisory, Maintaining the Confidentiality of Suspicious Activity Reports</A></P> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a12"> Supplemental Material </button> <div id="b-a12" class="usa-accordion__content"> <P><STRONG>US Department of the Treasury</STRONG></P> <P><EM><STRONG>Financial Crimes Enforcement Network (FinCEN)</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('https://www.fincen.gov/resources/fincens-mandate-congress')" title="(opens New Window)">FinCEN’s Mandate from Congress</A></LI> <LI><A href="https://www.fincen.gov/sites/default/files/shared/ChapterXFAQ.pdf">Answers to Frequently Questions about 31 C.F.R. Chapter X</A></LI></UL> <P><EM><STRONG>Internal Revenue Service (IRS)</STRONG></EM></P> <UL> <LI><A>Bank Secrecy Act</A></LI></UL> </div> </li> </ul> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="C"> <p class="section_header">C</p> <hr>  </div> <H2 class="sub_section_header" style="text-underline: none;">Census (Title 13) </H2> <DIV class="content"> <h3><STRONG>Overview</STRONG></h3> <P> The Census Bureau is bound by Title 13 of the United States Code. These laws not only provide authority for the work it does, but also provide strong protection for the information it collects from individuals and businesses. People sworn to uphold Title 13 are legally required to maintain the confidentiality of respondent data. Every person with access to respondent data is sworn for life to protect your information and understands that the penalties for violating this law are applicable for a lifetime. <BR><BR> Sources: <BR> <A HREF="https://www.census.gov/history/www/reference/privacy_confidentiality/title_13_us_code.html#:~:text=Private%20information%20is%20never%20published,Security%20Numbers%2C%20and%20telephone%20numbers.">Title 13 – Protection of Confidential Information</A><BR> <A HREF="https://www.census.gov/about/policies/privacy/data_stewardship/oath_of_non-disclosure.html#:~:text=When%20hired%20to%20work%20for,affiliated%20with%20the%20Census%20Bureau.">Oath of Non-Disclosure</A> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a345"> Supplemental Material </button> <div id="b-a345" class="usa-accordion__content"> <A HREF="https://www.census.gov/about/policies/privacy.html">U.S. Census Bureau Data Protection</A> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Children’s Online Privacy Protection Act (COPPA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title15/pdf/USCODE-2015-title15-chap91.pdf')" title="(opens New Window)">15 U.S.C. §§ 6501-6505</A></p> <h3><STRONG>Overview</STRONG></h3> <p> COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age. <BR><BR> Source: <A HREF="https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule">Federal Trade Commission “Children’s Online Privacy Protection Rule (“COPPA”)</A> </P> </DIV>  <ul class="usa-accordion usa-accordion--bordered"> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a300"> Helpful Tips </button> <div id="b-a300" class="usa-accordion__content"> <A HREF="https://www.ftc.gov/tips-advice/business-center/guidance/complying-coppa-frequently-asked-questions">Complying with COPPA: Frequently Asked Questions </A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a301"> Regulations </button> <div id="b-a301" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title16-vol1/pdf/CFR-2016-title16-vol1-part312.pdf">16 C.F.R. § 312</A> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a302"> Executive Orders, Memoranda, and Directives </button> <div id="b-a302" class="usa-accordion__content"> <P><A href="javascript:window.open('https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03_22.pdf')" title="(opens New Window)">OMB Memorandum M-03-22, Memorandum for Heads of Executive Departments and Agencies (Sept. 2003) </A></P> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a303"> Supplemental Material </button> <div id="b-a303" class="usa-accordion__content"> <A href="javascript:window.open('https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule')" title="(opens New Window)">Federal Trade Commission “Children’s Online Privacy Protection Rule (“COPPA”)</A> </div> </li> </ul>  <H2 class="sub_section_header" style="text-underline: none;">Clinical Laboratory Improvement Amendments of 1988 (CLIA)</H2> <DIV class="content"> <p class="text-bold"> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap6A-subchapII-partF-subpart2-sec263a.pdf">42 U.S.C. § 263a</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The Clinical Laboratory Improvement Amendments of 1988 (CLIA) is an amendment to the Public Health Services Act in which Congress revised the federal program for certification and oversight of clinical laboratory testing. Two subsequent amendments were made after 1988. The law continues to be cited as CLIA ’88 as named in legislation. In general terms, the CLIA regulations establish quality standards for laboratory testing performed on specimens from humans, such as blood, body fluid and tissue, for the purpose of diagnosis, prevention, or treatment of disease, or assessment of health. The Centers for Medicare & Medicaid Services (CMS) regulates all laboratory testing (except research) performed on humans in the U.S. through CLIA. In total, CLIA covers approximately 254,000 laboratory entities. The Division of Laboratory Services, within the Survey and Certification Group, under the Center for Clinical Standards and Quality (CCSQ) has the responsibility for implementing the CLIA Program. <BR><BR> Sources:<BR> <A HREF="https://wwwn.cdc.gov/clia/Regulatory/default.aspx">CLIA: Laws and Regulations (CDC)</A><BR> <A HREF="https://www.cms.gov/Regulations-and-Guidance/Legislation/CLIA/index.html">Clinical Laboratory Improvements Act (CMS) </A><BR> </P> </DIV>  <ul class="usa-accordion usa-accordion--bordered"> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a310"> Helpful Tips </button> <div id="b-a310" class="usa-accordion__content"> CLIA regulations allow laboratories to give a patient, or a person designated by the patient, his or her “personal representative,” access to the patient’s completed test reports on the patient’s or patient’s personal representative’s request. To align with this requirement, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule also provides individuals (or their personal representatives) with the right to access test reports directly from laboratories subject to HIPAA (CLIA-certified or CLIA-exempt laboratories). While patients can also get access to their laboratory test reports from their doctors, they have the option to obtain their test reports directly from the laboratory while maintaining strong protections for patients’ privacy. The rules are issued jointly by three agencies within the U.S. Department of Health and Human Services: the Centers for Medicare & Medicaid Services (CMS), which is generally responsible for laboratory regulation under CLIA, the Centers for Disease Control and Prevention (CDC), which provides scientific and technical advice to CMS related to CLIA, and the Office for Civil Rights (OCR), which is responsible for enforcing the HIPAA Privacy Rule. <BR><BR> Sources:<BR> <A HREF="https://www.hhs.gov/hipaa/for-professionals/special-topics/clia/index.html">HHS Strengthens Patients’ Right to Access Lab Reports </A><BR> <A HREF="https://www.federalregister.gov/articles/2014/02/06/2014-02280/clia-program-and-hipaa-privacy-rule-patients-access-to-test-reports">CLIA Program and HIPAA Privacy Rule; Patients’ Access to Test Reports (79 FR 7289, February 6, 2014)</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a311"> Regulations </button> <div id="b-a311" class="usa-accordion__content"> <p></p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title42-vol5/pdf/CFR-2015-title42-vol5-part493.pdf">42 CFR Part 493</A><BR> <A HREF="45 CFR Part 164">45 CFR Part 164</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a312"> Supplemental Material </button> <div id="b-a312" class="usa-accordion__content"> <P><STRONG>U.S. Department of Health and Human Services</STRONG></P> <P><EM><STRONG>Centers for Medicare and Medicaid Services</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('https://www.cms.gov/Regulations-and-Guidance/Legislation/CLIA/index.html')" title="(opens New Window)">Clinical Laboratory Improvement Amendments (CLIA)</A></LI> <P><EM><STRONG>Centers for Disease Control and Prevention</STRONG></EM></P> <UL> <LI><A HREF="https://wwwn.cdc.gov/clia/">Clinical Laboratory Improvement Amendments (CLIA)</A></LI></UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Communications Assistance for Law Enforcement Act (CALEA)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title47/pdf/USCODE-2014-title47-chap9.pdf')" title="(opens New Window)">47 U.S.C. §§ 1001-1010</A></p> <h3><STRONG>Overview</STRONG></h3> In response to concerns that emerging technologies such as digital and wireless communications were making it increasingly difficult for law enforcement agencies to execute authorized surveillance, Congress enacted CALEA on October 25, 1994. CALEA requires a “telecommunications carrier,” as defined by the CALEA statute, to ensure that equipment, facilities, or services that allow a customer or subscriber to “originate, terminate, or direct communications,” enable law enforcement officials to conduct electronic surveillance pursuant to court order or other lawful authorization. CALEA is intended to preserve the ability of law enforcement agencies to conduct electronic surveillance by requiring that telecommunications carriers and manufacturers of telecommunications equipment design and modify their equipment, facilities, and services to ensure that they have the necessary surveillance capabilities as communications network technologies evolve. CALEA is limited to Telecommunications Carriers as defined by the Act and interpreted by the FCC. In addition, CALEA specifically exempts “Information Services”, which includes many Internet based communications service providers, electronic storage providers and electronic messaging services. <P> Source: <A HREF="https://www.fcc.gov/public-safety-and-homeland-security/policy-and-licensing-division/general/communications-assistance">Communications Assistance for Law Enforcement Act</A> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a320"> Regulations </button> <div id="b-a320" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title47-vol1/pdf/CFR-2015-title47-vol1-part1-subjectgroup-id453-subpartZ.pdf">47 C.F.R. §§ 1.20000 – 1.20008</A> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a321"> Supplemental Material </button> <div id="b-a321" class="usa-accordion__content"> <P><STRONG>U.S. Department of Justice</STRONG></P> <P><EM><STRONG>Federal Bureau of Investigation</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('https://ndcac.fbi.gov/calea/calea-faq')" title="(opens New Window)">Ask CALEA</A></LI> </UL> <P><EM><STRONG>Federal Communications Commission</STRONG></EM></P> <UL> <LI><A HREF="https://www.fcc.gov/public-safety-and-homeland-security/policy-and-licensing-division/general/communications-assistance">Communications Assistance for Law Enforcement Act</A></LI></UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Communications Act of 1934 </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title47/pdf/USCODE-2014-title47.pdf')" title="(opens New Window)">TITLE 47—TELECOMMUNICATIONS</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title47/pdf/USCODE-2014-title47-chap5-subchapII-partI-sec222.pdf">47 U.S.C. §§ et seq</A></H5> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title47/pdf/USCODE-2014-title47-chap5-subchapIII-partI-sec338.pdf">47 U.S.C. § 222, Privacy of Customer Information</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title47/pdf/USCODE-2014-title47-chap5-subchapV-A-partIV-sec551.pdf">47 U.S.C. § 338(i), Privacy Rights of Satellite Subscribers</A><BR> <A HREF="">47 U.S.C. § 551, Protection of Subscriber Privacy</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title47/pdf/USCODE-2014-title47-chap5-subchapVI-sec605.pdf">47 U.S.C. § 605, Unauthorized Publication or Use of Communications</A><BR> See also, <A HREF="https://transition.fcc.gov/Reports/1934new.pdf">The Communications Act of 1934</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> <A HREF="https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1288">The Communications Act of 1934 (the “Act”)</A> combined and organized federal regulation of telephone, telegraph, and radio communications. The Act created the Federal Communications Commission (FCC) to oversee and regulate these industries. The Act is updated periodically to add provisions governing new communications technologies, such as broadcast, cable and satellite television. The Act, as amended, is an expansive statue regulating U.S. telephone, telegraph, television, and radio communications. Its seven subchapters regulate virtually all aspects of the communications and broadcasting industry, including assignment of frequencies, rates and fees, standards, competition, terms of subscriber access, commercials, broadcasting in the public interest, government use of communications systems. The Act also provides for more detailed regulation and oversight via the establishment of the FCC. <BR><BR> Source: <A HREF="https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1288" aria-label="The Communications Act of 1934 on BJA website">The Communications Act of 1934</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a335"> Regulations </button> <div id="b-a335" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title47-vol3/pdf/CFR-2015-title47-vol3-part64-subpartU.pdf">47 C.F.R. Part 64 Subpart U – Customer Proprietary Network Information</A> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a336"> Statutory Implementation Guidance </button> <div id="b-a336" class="usa-accordion__content"> <P><STRONG>Federal Communications Commission (FCC)</STRONG></P> <p> <UL> <LI><A HREF="https://www.fcc.gov/document/fcc-releases-proposed-rules-protect-broadband-consumer-privacy">FCC Releases Proposed Rules to Protect Broadband Consumer Privacy, April 2016</A></LI> <LI><A HREF="https://www.fcc.gov/document/isps-should-take-reasonable-steps-protect-privacy ">ISPs Should Take Reasonable Steps to Protect Privacy, May 2015</A></LI> <LI><A HREF="https://apps.fcc.gov/edocs_public/attachmatch/FCC-13-89A1.pdf">Declaratory Ruling on Customer Proprietary Network Information in the Mobile Wireless Context, 2013</A></LI> <LI><A HREF="https://apps.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf">Report and Order Adopting Rules to Address “Pretexting” and Other Matters, 2007</A></LI> <LI><A HREF="https://apps.fcc.gov/edocs_public/attachmatch/FCC-02-214A1.pdf">Report and Order Adopting Implementing Rules, 2002</A></LI> </UL> <I>Note:</I> most FCC rules are adopted by a process known as “notice and comment” rule-making. Under that process, the FCC gives the public notice that it is considering adopting or modifying rules on a particular subject and seeks the public’s comment. The FCC considers the comments received in developing final rules. </P> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a337"> Supplemental Material </button> <div id="b-a337" class="usa-accordion__content"> <P><STRONG>Federal Communications Commission (FCC)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.fcc.gov/consumers/guides/protecting-your-privacy')" title="(opens New Window)">Protecting Your Privacy: Phone and Cable Records</A></LI> </UL> <P><STRONG>U.S. Department of Justice</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.justice.gov/usam/criminal-resource-manual-1066-interception-radio-communications-47-usc-605')" title="(opens New Window)">U.S. Attorneys’ Manual, 47 U.S.C. § 605</A></LI> </UL> <P><EM><STRONG>Office of Justice Programs, Bureau of Justice Assistance</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1288')" title="(opens New Window)">The Communications Act of 1934</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Consolidated Appropriations Act of 2005</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/PLAW-108publ447/pdf/PLAW-108publ447.pdf')" title="(opens New Window)">Public Law No. 108-447</A> (see division H, title V, section 522)</p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title5/pdf/USCODE-2015-title5-partI-chap5-subchapII-sec552a.pdf">Public Law No. 108-447</A> <h3><STRONG>Overview</STRONG></h3> <P> The Consolidated Appropriations Act of 2005 (the “Act”) requires that each agency, subject to the Act: <UL> <LI>shall have a Chief Privacy Officer to assume primary responsibility for privacy and data protection policy. (Sec. 522(a)) <LI>shall establish and implement comprehensive privacy and data protection procedures governing the agency’s collection, use, sharing, disclosure, transfer, storage and security of information in an identifiable form relating to the agency employees and the public. (Sec. 522(b))</LI> <LI>shall prepare a written report of its use of information in an identifiable form, along with its privacy and data protection policies and procedures and record it with the Inspector General of the agency to serve as a benchmark for the agency. (Sec. 552(c))</LI> <LI>[a]t least every 2 years . . . shall have performed an independent, third party review of the use of information in identifiable form as the privacy and data protection procedures of the agency. (Sec. 522(d))</LI> <LI>[u]pon completion of a review, the Inspector General of an agency shall submit to the head of that agency a detailed report on the review. (Sec. 522(e))</LI> </UL> </P> </DIV> <H2 class="sub_section_header" style="text-underline: none;">Confidentiality of Medical Quality Assurance Records</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title38/pdf/USCODE-2015-title38-partIV-chap57.pdf')" title="(opens New Window)">38 U.S.C. §§ 5701 – 5728</A></p> <h3><STRONG>Overview</STRONG></h3> <P> Records and documents created by the Department of Veterans Affairs (VA) as part of a medical quality-assurance program are confidential and privileged and may not be disclosed to any person or entity except as provided in 38 U.S.C. § 5705. </P> </DIV>  <ul class="usa-accordion usa-accordion--bordered"> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a325"> Helpful Tips </button> <div id="b-a325" class="usa-accordion__content"> The VA’s National Center for Patient Safety (NCPS) has developed an internal, confidential, non-punitive system— the Patient Safety Information System. This reporting and analysis system allows users to electronically document patient safety information from across the VA so that “lessons learned” can benefit the entire system. A combined total of more than 1,000,000 root cause analysis reports and safety reports have been entered into the reporting system since it was established. Confidentiality is a key reason for the system’s success. Because the Patient Safety Information System is part of a medical quality assurance program, the information within it is protected from disclosure under <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title38/pdf/USCODE-2015-title38-partIV-chap57-subchapI-sec5705.pdf">38 U.S.C. § 5705.</A> <BR><BR> Source: <A HREF="http://www.patientsafety.va.gov/media/reporting.asp">V.A. National Center for Patient Safety</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a326"> Regulations </button> <div id="b-a326" class="usa-accordion__content"> <p> Regulations Text <BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title38-vol1/pdf/CFR-2016-title38-vol1-part17.pdf">38 C.F.R. § 17.500-511</A><BR> </p> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Cybersecurity Information Sharing Act of 2015 (CISA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6.pdf')" title="(opens New Window)">6 U.S.C. §§ 149, 151, 1501-1510, 1521-1525, 1531-1533</A></p> <h3><STRONG>Overview</STRONG></h3> <P> On December 18, 2015, the President signed the Cybersecurity Act of 2015 (CISA) into law. Congress enacted CISA, Title I of the Cybersecurity Act, to direct the Department of Homeland Security (DHS)—in collaboration with other named agencies—to create a voluntary cybersecurity information sharing process that will protect participants from certain types of liability and encourage public and private entities to share cyber threat information in real-time while protecting the privacy and civil liberties of individuals. <BR><BR> Source: <A HREF="https://www.us-cert.gov/sites/default/files/ais_files/Privacy_and_Civil_Liberties_Guidelines_%28Sec%20105%28b%29%29.pdf">Privacy and Civil Liberties Final Guidelines: Cybersecurity Information Sharing Act of 2015"</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a330"> Executive Orders, Memoranda, and Directives </button> <div id="b-a330" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/FR-2015-02-20/pdf/2015-03714.pdf">Promoting Private Sector Cybersecurity Information Sharing, Exec. Order No. 13691, (80 FR 9349, Feb. 13, 2015)</A><BR><BR> <A HREF="https://www.federalregister.gov/articles/2013/02/19/2013-03915/improving-critical-infrastructure-cybersecurity">Improving Critical Infrastructure Cybersecurity, Exec. Order No. 13636 ( 78 FR 11737, February 12, 2013)</A><BR><BR> <A HREF="https://www.obamawhitehouse.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil">Critical Infrastructure Security and Resilience, Presidential Policy Directive/PPD-21 (Feb. 2013)</A><BR><BR> <A HREF="https://www.obamawhitehouse.gov/the-press-office/2016/07/26/presidential-policy-directive-united-states-cyber-incident">United States Cyber Incident Coordination, Presidential Policy Directive/PPD–41 (July 2016)</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a331"> Supplemental Material </button> <div id="b-a331" class="usa-accordion__content"> <P><STRONG>U.S. Department of Homeland Security</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.us-cert.gov/ais')" title="(opens New Window)">Cybersecurity Information Sharing Act of 2015, June 15, 2016.</A></LI> <LI><A href="https://www.us-cert.gov/ais">Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015, June 15, 2016.</A></LI> <LI><A href="https://www.us-cert.gov/ais">Guidance on Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government under the Cybersecurity Information Sharing Act of 2015, February 16, 2016.</A></LI> <LI><A href="https://www.us-cert.gov/ais">Final Procedures Related to the Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Government, June 15, 2016.</A></LI> </UL> </div> </li> </ul> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="D"> <p class="section_header">D</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Drug Abuse Prevention, Treatment, and Rehabilitation Act</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap6A-subchapIII-A-partD-sec290dd-2.pdf')" title="(opens New Window)">42 U.S.C § 290dd–2</A></p> <h3><STRONG>Overview</STRONG></h3> <P> Confidentiality of substance use disorder (alcohol and drug abuse) patient records is required under 42 U.S.C § 290dd–2 and <A HREF="https://www.federalregister.gov/select-citation/2016/02/09/42-CFR-2">42 C.F.R Part 2</A>. The statute and regulation require that records related to patient treatment of substance use disorders remain confidential subject to certain specific exceptions or patient consent to disclose such information. The statute extends to cover “any program or activity relating to substance abuse education, prevention, training, treatment, rehabilitation, or research, which is conducted, regulated, or directly or indirectly assisted by any department or agency of the United States.” <BR><BR> Source: <A HREF="http://www.samhsa.gov/about-us/who-we-are/laws-regulations/public-comments-confidentiality-regulations">Listening Session Comments on Substance Abuse Treatment Confidentiality Regulations</A> <BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a400"> Helpful Tips </button> <div id="b-a400" class="usa-accordion__content"> The Confidentiality of Alcohol and Drug Abuse Patient Records regulations, <A HREF="https://www.federalregister.gov/select-citation/2016/02/09/42-CFR-2">42 C.F.R. Part 2</A>, implement section 543 of the Public Health Service Act, 42 U.S.C. § 290dd-2, as amended by section 131 of the Alcohol, Drug Abuse and Mental Health Administration (ADAMHA) Reorganization Act, <A HREF="https://history.nih.gov/research/downloads/PL102-321.pdf">Public Law 102-321</A>. The regulations were promulgated as a final rule on July 1, 1975 (40 FR 27802). <BR><BR> The restrictions of these regulations upon the disclosure and use of drug abuse patient records were initially authorized by section 408 of the Drug Abuse Prevention, Treatment, and Rehabilitation Act. That section as amended was transferred by Public Law 98-24 to section 527 of the Public Health Service Act, which is codified at 42 U.S.C. § 290ee-3 (See <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2007-title42-vol1/pdf/CFR-2007-title42-vol1-sec2-1.pdf">42 C.F.R. § 2.1<</A>). <BR><BR> In addition, the restrictions of these regulations upon the disclosure and use of alcohol abuse patient records were initially authorized by section 333 of the Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment, and Rehabilitation Act of 1970 (42 U.S.C. § 4582). The section as amended was transferred by Public Law 98-24 to section 523 of the Public Health Service Act which is codified at 42 U.S.C. § 290dd-3. (See <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2007-title42-vol1/pdf/CFR-2007-title42-vol1-sec2-2.pdf">42 C.F.R. § 2.2</A>). </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a402"> Regulations </button> <div id="b-a402" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title42-vol1/pdf/CFR-2015-title42-vol1-part2.pdf">42 C.F.R. Part 2 Confidentiality of Alcohol and Drug Abuse Patient Records</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a403"> Supplemental Material </button> <div id="b-a403" class="usa-accordion__content"> <P><STRONG>U.S. Department of Health and Human Services</STRONG></P> <P><EM><STRONG>Substance Abuse and Mental Health Services Administration (SAMHSA)</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('http://www.samhsa.gov/about-us/who-we-are/laws/confidentiality-regulations-faqs')" title="(opens New Window)">Applying the Substance Abuse Confidentiality Regulations (2015)</A></LI> <LI><A href="http://www.samhsa.gov/sites/default/files/faqs-applying-confidentiality-regulations-to-hie.pdf">Frequently Asked Questions, Applying the Substance Abuse Confidentiality Regulations to Health Information Exchange (HIE) (2010)</A></LI></UL> </div> </li> </ul> </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="E"> <p class="section_header">E</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">E-Government Act of 2002 (Section 208) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title44/pdf/USCODE-2014-title44-chap35-subchapI-sec3501.pdf')" title="(opens New Window)">44 U.S.C. § 3501 note </A></p> See also, <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf">Public Law 107-347</A> <h3><STRONG>Overview</STRONG></h3> <P> The availability of information, from personal information to public information, is made all the easier today due to technological changes in computers, digitized networks, internet access, and the creation of new information products. The E-Government Act of 2002 recognized that these advances also have important ramifications for the protection of personal information contained in government records and systems. <BR><BR> Privacy Impact Assessments (“PIAs”) are required by Section 208 of the E-Government Act for all Federal government agencies that develop or procure new information technology involving the collection, maintenance, or dissemination of information in identifiable form or that make substantial changes to existing information technology that manages information in identifiable form. A PIA is an analysis of how information in identifiable form is collected, stored, protected, shared, and managed. The purpose of a PIA is to demonstrate that system owners and developers have incorporated privacy protections throughout the entire life cycle of a system. The Act requires an agency to make PIAs publicly available, except when an agency in its discretion determines publication of the PIA would raise security concerns, reveal classified (i.e., national security) information, or sensitive (e.g., potentially damaging to a nation interest, law enforcement effort or competitive business interest contained in the assessment) information. <BR><BR> Source: <A HREF="https://www.justice.gov/opcl/e-government-act-2002">E-government Act of 2002, Department of Justice</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">   <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a450"> Helpful Tips </button> <div id="b-a450" class="usa-accordion__content"> Several provisions of law were established in the <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf">E-Government Act of 2002 (Public Law 107-347)</A>, including the <A HREF="https://www.fpc.gov/federal-information-security-modernization-act-of-2014-fisma/">Federal Information Security Modernization Act of 2014 and the <A HREF="https://www.fpc.gov/title-v-confidential-information-protection-and-statistical-efficiency-act-of-2002-of-the-e-government-act-of-2002-cipsea/">Confidential Information Protection and Statistical Efficiency Act of 2002</A>. This page is specific to the privacy provisions of section 208 of the E-Government Act of 2002</A>, codified at <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2010-title44/pdf/USCODE-2010-title44-chap35-subchapI-sec3501.pdf">44 U.S.C. § 3501</A> note, which pertain to privacy impact assessments and privacy protections on agency websites. </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a451"> Statutory Implementation Guidance </button> <div id="b-a451" class="usa-accordion__content"> <P><STRONG>Office of Management and Budget</STRONG></P> <ul> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2003/m03_22.pdf">OMB Memorandum M-03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 (Sept. 2003)</A></LI> <LI><A HREF="https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2003/m03-18.pdf">OMB Memorandum M-03-18, Implementation Guidance for the E-Government Act of 2002 (Aug. 2003)</A></LI> </ul> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a452"> Executive Orders, Memoranda, and Directives </button> <div id="b-a452" class="usa-accordion__content"> <p> <A HREF="https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2005/m05-04.pdf">OMB Memorandum M-05-04, Policies for Federal Agency Public Websites (Dec. 2004)</A> </p> </div> </li> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Education Sciences Reform Act of 2002 (ESRA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title20/pdf/USCODE-2015-title20-chap76-subchapI.pdf')" title="(opens New Window)">20 U.S.C. §§ 9501-9584</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title20/pdf/USCODE-2015-title20-chap76-subchapI-partF-sec9573.pdf">20 U.S.C. § 9573 Confidentiality</A> <h3><STRONG>Overview</STRONG></h3> <P> <A HREF="https://ies.ed.gov/">Institute of Education Sciences (IES)</A>. The mission of IES is to provide rigorous evidence on which to ground education practice and policy. This is accomplished through the work of its <A HREF="https://www2.ed.gov/about/offices/list/ies/index.html">four centers</A>: the National Center for Education Evaluation, the National Center for Education Research, the National Center for Education Statistics, and the National Center for Special Education Research. <BR><BR> Section 208 of the <A HREF="https://www2.ed.gov/policy/rschstat/leg/PL107-279.pdf">Education Sciences Reform Act of 2002</A> states, “All collection, maintenance, use, and wide dissemination of data by the Institute, including each office, board, committee, and center of the Institute, shall conform with the requirements of section 552a of title 5, United States Code, the confidentiality standards of subsection (c) of this section, and sections 444 and 445 of the General Education Provisions Act (20 U.S.C. §§ 1232g, 1232h).” <BR><BR> Further that “the Director shall ensure that all individually identifiable information about students, their academic achievements, their families, and information with respect to individual schools, shall remain confidential in accordance with section 552a of title 5, United States Code, the confidentiality standards of subsection (c) of this section, and sections 444 and 445 of the General Education Provisions Act (20 U.S.C. §§ 1232g, 1232h).” <BR><BR> The prohibitions of <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title20/pdf/USCODE-2015-title20-chap76-subchapI-partF-sec9573.pdf">Section 9573 of Title 20</A> include: <UL> <LI>No person may use any individually identifiable information furnished…for any purpose other than a research, statistics, or evaluation purpose.</LI> <LI>No person may make any publication whereby the data furnished by any particular person…can be identified.</LI> <LI>No person may permit anyone other than the individuals authorized by the Director to examine the individual reports.</LI> </UL> </P> </DIV> <H2 class="sub_section_header" style="text-underline: none;">Electronic Communications Privacy Act of 1986 (ECPA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title18/pdf/USCODE-2015-title18-partI.pdf')" title="(opens New Window)">18 U.S.C. §§ 1367, 2521, 2701 – 2712</A>,<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title18/pdf/USCODE-2015-title18-partII.pdf">3117, 3121 – 3127</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title18/pdf/USCODE-2015-title18-partI-chap119.pdf">18 U.S.C. § 2510 – 2522 Wire and Electronic Communications Interception and Interception of Oral Communications (Wiretap Act)</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title18/pdf/USCODE-2015-title18-partI-chap121.pdf">18 U.S.C. §§ 2701-12. Stored Wire and Electronic Communications and Transactional Records Access (Stored Communications Act)</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title18/pdf/USCODE-2015-title18-partII-chap206.pdf">18 U.S.C. §§ 3121 – 3227 Pen Registers and Trap and Trace Devices</A><BR> See also: <A HREF="https://www.gpo.gov/fdsys/pkg/STATUTE-100/pdf/STATUTE-100-Pg1848.pdf">Public Law 99-508</A><BR> <h3><STRONG>Overview</STRONG></h3> <P>The Electronic Communications Privacy Act (ECPA) of 1986 created additional privacy protections for stored electronic communications and updated the Federal Wiretap Act to cover electronic communications as well as oral and wire communications. Title II of the ECPA established a comprehensive system of protections for stored communications codified at <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2011-title18/pdf/USCODE-2011-title18-partI-chap121-sec2701.pdf">18 U.S.C. §§ 2701-2712</A> which has come to be referred to as the Stored Communications Act (SCA). The ECPA, as amended, protects wire, oral, and electronic communications while those communications are being made, are in transit, and when they are stored on computers. The Act applies to email, telephone conversations, and data stored electronically <BR><BR> Source: <A HREF="https://it.ojp.gov/privacyliberty/authorities/statutes/1285">Justice Information Sharing, Electronic Communications Privacy Act of 1986</A> <BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a475"> Helpful Tips </button> <div id="b-a475" class="usa-accordion__content"> ECPA has three titles: <BR><BR> Title I of the ECPA, which is often referred to as the Wiretap Act, prohibits the intentional actual or attempted interception, use, disclosure, or ‘procure[ment] [of] any other person to intercept or endeavor to intercept any wire, oral, or electronic communication.” There are exceptions. Title I also prohibits the use of illegally obtained communications as evidence. [<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2011-title18/pdf/USCODE-2011-title18-partI-chap119-sec2515.pdf">18 U.S.C. § 2515</A>]. <BR><BR> Title II of the ECPA, which is called the Stored Communications Act (SCA), protects the privacy of the contents of files stored by service providers and of records held about the subscriber by service providers, such as subscriber name, billing records, or IP addresses. [<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2011-title18/pdf/USCODE-2011-title18-partI-chap121-sec2701.pdf">18 U.S.C. §§ 2701-12</A>]. <BR><BR> Title III of the ECPA, which addresses pen register and trap and trace devices, requires government entities to obtain a court order authorizing the installation and use of a pen register (a device that captures the dialed numbers and related information to which outgoing calls or communications are made by the subject) and/or a trap and trace (a device that captures the numbers and related information from which incoming calls and communications coming to the subject have originated). No actual communications are intercepted by a pen register or trap and trace. [<a href="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title18/pdf/USCODE-2015-title18-partII-chap206.pdf">18 U.S.C. §§ 3121 – 3227</A>] <BR><BR> Amendments. The ECPA was significantly amended by the <A HREF="https://www.fpc.gov/communications-assistance-for-law-enforcement-calea/">Communications Assistance to Law Enforcement Act (CALEA) in 1994</A>, the USA PATRIOT Act in 2001, the USA PATRIOT reauthorization acts in 2006, and the FISA Amendments Act of 2008. Other acts have made specific amendments of lesser significance. <BR><BR> Source: <A HREF="https://it.ojp.gov/privacyliberty/authorities/statutes/1285">Justice Information Sharing, Electronic Communications Privacy Act of 1986</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a480"> Supplemental Material </button> <div id="b-a480" class="usa-accordion__content"> <P><STRONG>U.S. Department of Justice</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.justice.gov/jmd/electronic-communications-privacy-act-1986-pl-99-508')" title="(opens New Window)">Electronic Communications Privacy Act of 1986 (Public Law 99-508)</A></LI> <LI><A href="">Computer Crimes and Intellectual Property Section (CCIPS), Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations, Chapter 3 (2009)</A></LI> </UL> <BR> <P><STRONG>U.S. Mission to the European Union</STRONG></P> <UL> <LI><A href="https://photos.state.gov/libraries/useu/231771/PDFs/Five%20Myths%20Regarding%20Privacy%20and%20Law%20Enforcement_October%209_2012_pdf.pdf">Five Myths Regarding Privacy and Law Enforcement Access to Personal Information in the European Union and the United States, October 2012</A></LI> </UL> <BR> <P><STRONG>Other Materials</STRONG></P> <UL> <LI><A href="https://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_5.1.14_final_print.pdf">Big Data: Seizing Opportunities, Preserving Values</A></LI> </UL> </div> </li> </ul> </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="F"> <p class="section_header">F</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Fair Credit Reporting Act (FCRA)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title15/pdf/USCODE-2015-title15-chap41-subchapIII.pdf')" title="(opens New Window)">15 U.S.C. § 1681</A></p> <h3><STRONG>Overview</STRONG></h3> <P> Overview The Fair Credit Reporting Act (FCRA) promotes the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. If your company meets the definition of a “consumer reporting agency” (CRA), if you furnish information to CRAs, or if you use that information for certain purposes, you may have obligations under the FCRA. <BR><BR> Source: <A HREF="https://www.ftc.gov/tips-advice/business-center/privacy-and-security/credit-reporting ">Federal Trade Commission, Credit Reporting</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">   <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a500"> Regulations </button> <div id="b-a500" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2012-title12-vol8/pdf/CFR-2012-title12-vol8-part1022.pdf">12 C.F.R. §1022</A> <BR><A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title16-vol1/pdf/CFR-2016-title16-vol1-part681.pdf">16 C.F.R. § 681</A> <BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title16-vol1/pdf/CFR-2016-title16-vol1-part682.pdf">16 C.F.R. § 682</A> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a501"> Statutory Implementation Guidance </button> <div id="b-a501" class="usa-accordion__content"> <P><STRONG>U.S. Chief Human Capital Officers Council (CHCO)</STRONG></P> <P><A href="javascript:window.open('https://www.chcoc.gov/content/governmentwide-guidance-ensure-fair-employment-opportunities-applicants-who-are-unemployed')" title="(opens New Window)">Governmentwide Guidance to Ensure Fair Employment Opportunities for Applicants Who Are Unemployed or Facing Financial Difficulty Through No Fault of Their Own</A> </P> <P><STRONG>Office of Personnel Management (OPM)</STRONG></P> <P><A href="javascript:window.open('https://chcoc.gov/sites/default/files/fin-15-01.pdf')" title="(opens New Window)">Notice No. 15-01: Reminder Regarding Requirements of the Fair Credit Reporting Act</A> <BR> <A href="javascript:window.open('https://www.opm.gov/investigations/background-investigations/federal-investigations-notices/1998/fin98-02/')'" title="(opens New Window)">Letter No. 98-02: Background Investigations</A> <BR> </P> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a502"> Supplemental Material </button> <div id="b-a502" class="usa-accordion__content"> <P><STRONG>Consumer Financial Protection Bureau (CFPB)</STRONG></P> <UL> <LI><A href="javascript:window.open('http://files.consumerfinance.gov/f/201309_cfpb_bulletin_furnishers.pdf')" title="(opens New Window)">CFPB Bulletin 2013-09: The FCRA’s requirement to investigate disputes and review “all relevant” information provided by consumer reporting agencies (CRAs) about the dispute</A></LI> <LI><A href="http://files.consumerfinance.gov/f/201402_cfpb_bulletin_fair-credit-reporting-act.pdf">CFPB Bulletin 2014-01: The FCRA’s requirement that furnishers conduct investigations of disputed information</A></LI> <LI><A href="http://files.consumerfinance.gov/f/201602_cfpb_supervisory-bulletin-furnisher-accuracy-obligations.pdf">CFPB Bulletin 2016-01: The FCRA’s requirement that furnishers establish and implement reasonable written policies and procedures regarding the accuracy and integrity of information furnished to all consumer reporting agencies</A></LI> </UL> <P><STRONG>Federal Trade Commission (FTC)</STRONG></P> <UL> <LI><A href="">Using Consumer Reports for Credit Decisions: What to Know About Adverse Action and Risk-Based Pricing Notices</A></LI> <LI><A href="">Using Consumer Reports: What Employers Need to Know</A></LI> <LI><A href="">Consumer Reports: What Information Furnishers Need to Know</A></LI> <LI><A href="">Disposing of Consumer Report Information? Rule Tells How</A></LI> <LI><A href="">Businesses Must Provide Victims and Law Enforcement with Transaction Records Relating to Identity Theft</A></LI> <LI><A href="">40 Years of Experience with the Fair Credit Reporting Act: an FTC Staff Report with Summary of Interpretations</A></LI> <LI><A href="">Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues</A></LI> <LI><A href="">Advisory Opinion to Pickett (07-10-98)</A></LI> <LI><A href="">Advisory Opinion to Copple (06-10-98)</A></LI> <LI><A href="">Advisory Opinion to Goeke (06-09-98)</A></LI> <P><EM><STRONG>National Credit Union Administration (NCUA)</STRONG></EM></P> <UL> <LI><A HREF="https://www.ncua.gov/Legal/OpinionLetters/OL2001-0603.pdf">Releasing Consumer Credit Information to Government Employers</A></LI></UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Family Educational Rights and Privacy Act (FERPA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title20/pdf/USCODE-2015-title20-chap31-subchapIII-part4-sec1232g.pdf')" title="(opens New Window)">20 U.S.C. § 1232g</A></p> <h3><STRONG>Overview</STRONG></h3> <P> FERPA protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. FERPA gives parents certain rights with respect to their children’s education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. <BR><BR> FERPA permits educational agencies and institutions, such as Local Education Agencies (LEA) and their constituent schools, to disclose PII from education records to State Education Agencies (SEA) and other State educational authorities without a parent’s prior consent under certain conditions. For a review of the exceptions to the general prior consent rule in FERPA, see 34 CFR § 99.31. The most common exception that relates to disclosure to a State educational authority is found in §§ 99.31(a)(3) and 99.35. The disclosure must be in connection with: <BR> <UL> <LI>An audit or evaluation of Federal or State supported education programs; or</LI> <LI>The enforcement of or compliance with Federal legal requirements relating to such programs.</LI> </ul> Information collected under this provision generally must be: <UL> <LI>Protected so that information is not disclosed to anyone other than the authorized representatives of the State educational authority (§ 99.35(b)(1)); and,</LI> <LI>Destroyed when no longer needed for the purposes listed above (§ 99.35(b)(2))</LI> </UL> <BR> <I> (Note: Federal entities, entities or individuals acting as the designated authorized representatives of the Attorney General, the Comptroller General, or the Secretary of Education, as well as other third parties receiving PII from education records without consent, generally must also protect the PII from unauthorized disclosure and comply with FERPA’s recordation provisions for any authorized re-disclosure, and may only use it in accordance with FERPA and for the specific purposes for which it was disclosed.) </I> <BR><BR> Sources: <BR> <A HREF="https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html">Law and Guidance: Family Educational Rights and Privacy Act (FERPA)</A> <BR> <A HREF="https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html">Family Educational Rights and Privacy Act (FERPA)</A> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a510"> Helpful Tips </button> <div id="b-a510" class="usa-accordion__content"> FERPA may also be known as Section 444 of the General Education Provisions Act. </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a511"> Regulations </button> <div id="b-a511" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2010-title34-vol1/pdf/CFR-2010-title34-vol1-part99.pdf">34 C.F.R. Part 99</A> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a520"> Supplemental Material </button> <div id="b-a520" class="usa-accordion__content"> <P><STRONG>U.S. Department of Education</STRONG></P> <UL> <LI><A href="">Family Policy Compliance Office</A></LI> <LI><A href="">Privacy Technical Assistance Center</A></LI></UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Federal Agency Data Mining Reporting Act of 2007 (FADMRA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title42/pdf/USCODE-2014-title42-chap21E.pdf')" title="(opens New Window)">42 U.S.C. § 2000ee-3</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The Federal Agency Data Mining Reporting Act of 2007 (FADMRA) is contained in section 803 of the <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-110publ53/html/PLAW-110publ53.htm">Implementing the Recommendations of the 9/11 Commission Act of 2007</A>. The FADMRA provides that the head of each department or agency of the Federal Government that is engaged in any “pattern-based” data mining activity shall submit a report to Congress on all such activities of the department or agency under the jurisdiction of that official. The report shall be produced in coordination with the privacy officer of that department or agency, if applicable, and shall be made available to the public, except for an annex as described in subparagraph (c). </P> </DIV> <H2 class="sub_section_header" style="text-underline: none;">Federal Policy for the Protection of Human Subjects (Common Rule)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap6A-subchapIII-partH-sec289.pdf')" title="(opens New Window)">42 U.S.C. § 289</A></H5> <h3><STRONG>Overview</STRONG></h3> <P> On July 12, 1974, the National Research Act (Pub. L. 93-348) was signed into law, thereby creating the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research (the “Commission”). The current U.S. system of protection for human research subjects is heavily influenced by the Belmont Report, written in 1979 by the Commission. <BR><BR> In 1985, Congress enacted 42 U.S.C. § 289, providing that “The Secretary of the U.S. Department of Health and Human Services (HHS) shall by regulation require that each entity which applies for a grant, contract, or cooperative agreement under this chapter for any project or program which involves the conduct of biomedical or behavioral research involving human subjects submit in or with its application for such grant, contract, or cooperative agreement assurances satisfactory to the Secretary that it has established (in accordance with regulations which the Secretary shall prescribe) a board (to be known as an ‘Institutional Review Board’) to review biomedical and behavioral research involving human subjects conducted at or supported by such entity in order to protect the rights of the human subjects of such research.” <BR><BR> The Federal Policy for the Protection of Human Subjects or the “Common Rule” was published in 1991 and codified in separate regulations by 15 Federal departments and agencies. The HHS regulations, 45 CFR part 46, include four subparts: subpart A, also known as the Federal Policy or the “Common Rule”; subpart B, additional protections for pregnant women, human fetuses, and neonates; subpart C, additional protections for prisoners; and subpart D, additional protections for children. A fifth subpart, subpart E, which concerns registration of Institutional Review Boards (IRBs) was added in 2009. For all participating departments and agencies, the Common Rule outlines the basic provisions for IRBs, informed consent, and Assurances of Compliance. Human subject research conducted or supported by each Federal department/agency is governed by the regulations of that department/agency. The head of that department/agency retains final judgment as to whether a particular activity it conducts or supports is covered by the Common Rule. If an institution seeks guidance on implementation of the Common Rule and other applicable Federal regulations, the institution should contact the department/agency conducting or supporting the research. <BR><BR> The HHS and fifteen other Federal departments and agencies have issued final revisions to the Federal Policy for the Protection of Human Subjects (the Common Rule). The Final Rule was published in the Federal Register on January 19, 2017. It implements new steps to better protect human subjects involved in research, while facilitating valuable research and reducing burden, delay, and ambiguity for investigators. <BR><BR> Sources: <BR> <A HREF="https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/">The Belmont Report</A><BR> <A HREF="https://www.hhs.gov/ohrp/regulations-and-policy/regulations/common-rule/index.html">Federal Policy for the Protection of Human Subjects (‘Common Rule’) </A><BR> <A HREF="https://www.hhs.gov/about/historical-highlights/index.html">HHS Historical Highlights</A><BR> <A HREF="https://www.hhs.gov/ohrp/regulations-and-policy/regulations/finalized-revisions-common-rule/index.html#">Final Revisions to the Common Rule</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a340"> Helpful Tips </button> <div id="b-a340" class="usa-accordion__content"> The following terms in the Common Rule outline the regulation’s applicability to privacy: <BR><BR> Section 102(f) of 45 CFR 46 defines “human subject” as “a living individual about whom an investigator (whether professional or student) conducting research obtains: <BR><BR> (1) Data through intervention or interaction with the individual, or<BR> (2) Identifiable private information.” <BR><BR> <I>Private information</I> includes information about behavior that occurs in a context in which an individual can reasonably expect that no observation or recording is taking place, and information which has been provided for specific purposes by an individual and which the individual can reasonably expect will not be made public (for example, a medical record). Private information must be individually identifiable (i.e., the identity of the subject is or may readily be ascertained by the investigator or associated with the information) in order for obtaining the information to constitute research involving human subjects. </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a341"> Regulations </button> <div id="b-a341" class="usa-accordion__content"> <p> <P><STRONG>U.S. Department of Health and Human Services</STRONG></P> <A HREF="http://www.ecfr.gov/cgi-bin/text-idx?SID=fe1cc58a928fb1b2e23b6d93ebe2c814&mc=true&tpl=/ecfrbrowse/Title45/45cfr46_main_02.tpl">45 C.F.R. Part 46<A> <BR> <I>See also, <A HREF="https://www.hhs.gov/ohrp/regulations-and-policy/regulations/45-cfr-46/index.html">Basic HHS Policy for Protection of Human Research Subjects et al</A></I> <BR><BR> Each agency that has implemented the Common Rule includes in its chapter of the Code of Federal Regulations section numbers and language that are identical to those of the HHS codification at 45 CFR part 46, subpart A. For the complete list and chapters of the CFR see: <A HREF="https://www.hhs.gov/ohrp/regulations-and-policy/regulations/common-rule/index.html">https://www.hhs.gov/ohrp/regulations-and-policy/regulations/common-rule/index.html</A>. </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a342"> Supplemental Material </button> <div id="b-a342" class="usa-accordion__content"> <P><STRONG>U.S. Department of Health and Human Services</STRONG></P> <P><EM><STRONG>Office for Human Research Protections (OHRP)</STRONG></EM></P> <UL> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/regulations/finalized-revisions-common-rule/index.html#">Final Revisions to the Common Rule</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/index.html">Human Subjects Research Guidance</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/decision-charts/index.html">Human Subjects Regulations Decision Charts</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/archived-materials/index.html">Regulations and Policy Archived Materials</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/regarding-application-of-45-cfr-46-to-national-health-registry/index.html">National Health Registry Activities and 45 CFR part 46</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/august-11-2011-letter-to-dr-anthony-asher/index.html">Regarding National Health Registries Activities, Letter from Ivor A. Pritchard, PhD, Senior Advisor to the Director of OHRP</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/guidance-on-genetic-information-nondiscrimination-act/index.html">Guidance on the Genetic Information Nondiscrimination Act: Implications for Investigators and Institutional Review Boards</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/research-involving-coded-private-information/index.html">Guidance on Research Using Coded Private Information or Specimens</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/certificates-of-confidentiality/index.html">Guidance on Certificates of Confidentiality</A></LI> <LI><A href="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/vulnerable-populations/index.html">Collected Guidance on Vulnerable Populations</A></LI> </UL> <P><EM><STRONG>Office for Protection from Research Risks (OPRR)</STRONG></EM></P> <UL> <LI><A HREF="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/issues-to-consider-in-use-of-stored-data-or-tissues/index.html">Issues to Consider in the Research Use of Stored Data or Tissues</A></LI> <LI><A HREF="https://www.hhs.gov/ohrp/regulations-and-policy/guidance/issues-to-consider-in-use-of-stored-data-or-tissues/index.html">Guidance on Protections for Human Subjects in the National Institute of General Medical Sciences Human Genetic Mutant Cell Repository</A></LI> </UL> <P><EM><STRONG>Food and Drug Administration (FDA)</STRONG></EM></P> <UL> <LI><A HREF="https://www.fda.gov/ScienceResearch/SpecialTopics/RunningClinicalTrials/default.htm">Clinical Trials and Human Subject Protection</A></LI></UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Federal Information Security Modernization Act of 2014 (FISMA)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title44/pdf/USCODE-2014-title44-chap35.pdf')" title="(opens New Window)">44 U.S.C. Chapter 35 (44 U.S.C. §§ 3551-3558)</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The Federal Information Security Modernization Act requires each agency to develop, document, and implement an agency-wide information security program that includes plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the agency. <BR><BR> Source: <A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf">OMB Circular No. A-130, Managing Information as a Strategic Resource (July 2016)</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a535"> Helpful Tips </button> <div id="b-a535" class="usa-accordion__content"> The Federal Information Security Modernization Act of 2014 (FISMA) was codified in the E-Government Act of 2002 as the Federal Information Security Management Act of 2002 (44 U.S.C. § 3501 note), and was reauthorized in 2014 (Pub. L. 113-283). The statute pertains to information security, which is defined as “the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: a) integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; b) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and c) availability, which means ensuring timely and reliable access to and use of information.” <BR> Source: <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title44/pdf/USCODE-2015-title44-chap35-subchapII-sec3552.pdf">44 U.S.C. § 3552(b)(3)</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a536"> Executive Orders, Memoranda, and Directives </button> <div id="b-a536" class="usa-accordion__content"> <p> <P><STRONG>Office of Management and Budget</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf')" title="(opens New Window)">OMB Circular No. A-130, Managing Information as a Strategic Resource (July 2016)</A></LI> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a537"> Supplemental Material </button> <div id="b-a537" class="usa-accordion__content"> <P><STRONG>Office of Management and Budget (OMB)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2017/m-17-05.pdf')" title="(opens New Window)">OMB Memorandum M-17-05, Fiscal Year 2016 – 2017 Guidance on the Federal Information Security and Privacy Management Requirements (Nov. 2016)</A></LI> <LI><A href="https://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/final_fy14_fisma_report_02_27_2015.pdf">Annual Report to Congress, Federal Information Security Management Act (Feb. 2015)</A></LI></UL> <P><STRONG>U.S. Department of Commerce</STRONG></P> <P><EM><STRONG>National Institute of Standards and Technology (NIST)</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('http://csrc.nist.gov/groups/SMA/fisma/')" title="(opens New Window)">Computer Security Division, Computer Security Resource Center, Federal Information Security Management Act (FISMA) Implementation Project</A></LI> <P><STRONG>U.S. Department of Homeland Security</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.dhs.gov/sites/default/files/publications/FY16%20SAOP%20FISMA_0.pdf')" title="(opens New Window)">FY 2016 Senior Agency Official for Privacy Federal Information Security Modernization Act of 2014 Reporting Metrics</A></LI> <LI><A href="https://www.dhs.gov/fisma">Federal Information Security Modernization Act (FISMA) of 2014 information page</A></LI></UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Federal Records Act of 1950 (FRA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title44/pdf/USCODE-2014-title44-chap31.pdf')" title="(opens New Window)">44 U.S.C. Chapter 31 et seq</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The FRA provides that “the head of each Federal agency shall make and preserve records containing adequate and proper documentation of the organization, functions, policies, decisions, procedures, and essential transactions of the agency and designed to furnish the information necessary to protect the legal and financial rights of the Government and of persons directly affected by the agency’s activities.” [<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2008-title44/pdf/USCODE-2008-title44-chap31-sec3101.pdf">44 U.S.C. § 3101</A>] <BR><BR> The implementation of the FRA is overseen by the Archivist of the United States, who heads the National Archives and Records Administration (NARA). The Archivist provides “guidance and assistance to Federal agencies with respect to ensuring adequate and proper documentation of the policies and transactions of the Federal Government and ensuring proper records disposition.” [<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2011-title44/pdf/USCODE-2011-title44-chap29-sec2904.pdf">44 U.S.C. § 2904</A>] </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a540"> Regulations </button> <div id="b-a540" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2011-title36-vol3/pdf/CFR-2011-title36-vol3-chapXII-subchapB.pdf">36 C.F.R. Chapter XII Subchapter B Records Management </A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2011-title36-vol3/pdf/CFR-2011-title36-vol3-part1236.pdf">36 C.F.R. Part 1236 Electronic Records Management </A><BR> </p> </div> </li> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Food and Drug Administration Safety and Innovation Act (FDASIA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title21/pdf/USCODE-2015-title21-chap9-subchapI.pdf')" title="(opens New Window)">21 U.S.C. §§ 301 et seq</A></p> <I>See also: </I><A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-112publ144/pdf/PLAW-112publ144.pdf">Food and Drug Administration Safety and Innovation Act (Public Law No. 112-144)</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> FDASIA, which amended the Federal Food, Drug, and Cosmetic Act and was signed into law on July 9, 2012, expands the authorities of the U.S. Food and Drug Administration (FDA) and strengthens the agency’s ability to safeguard and advance public health by: <UL> <LI>Giving the authority to collect user fees from industry to fund reviews of innovator drugs, medical devices, generic drugs, and biosimilar biological products;</LI> <LI>Promoting innovation to speed patient access to safe and effective products;</LI> <LI>Increasing stakeholder involvement in FDA processes; and</LI></LI> <LI>Enhancing the safety of the drug supply chain.</LI> </UL> Section 618 of FDASIA directed the Secretary of Health and Human Services, acting through the Commissioner of the FDA, and in consultation with the Office of the National Coordinator for Health Information Technology and the Chairman of the Federal Communications Commission, to develop a report that contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework for health IT, including medical mobile applications, that promotes innovation, protects patient safety, and avoids regulatory duplication. <BR><BR> Sources: <BR> <A HREF="https://www.fda.gov/regulatory-information/selected-amendments-fdc-act/food-and-drug-administration-safety-and-innovation-act-fdasia">Regulatory Information: Food and Drug Administration Safety and Innovation Act (FDASIA)</A><BR> <A HREF="https://www.fda.gov/regulatory-information/selected-amendments-fdc-act/food-and-drug-administration-safety-and-innovation-act-fdasia">Health IT Legislation: FDASIA</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a560"> Helpful Tips </button> <div id="b-a560" class="usa-accordion__content"> Section 618 of FDASIA imposed a one-time requirement that the U.S. Department of Health and Human Services (HHS) issue “a report that contains a proposed strategy and recommendations on an appropriate, risk-based regulatory framework pertaining to health information technology, including mobile medical applications, that promotes innovation, protects patient safety, and avoids regulatory duplication.” The Office of Law Revision Counsel of the United States House of Representatives chose not to include this provision in the United States Code. The report was issued in April 2014. <BR><BR> Source: Food and Drug Administration Safety and Innovation Act (<A HREF="https://www.congress.gov/112/plaws/publ144/PLAW-112publ144.pdf">Public Law No. 112-144</A>) </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a561"> Supplemental Material </button> <div id="b-a561" class="usa-accordion__content"> <P><STRONG>Food and Drug Administration, Federal Communications Commission, Office of the National Coordinator for Health Information Technology</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.healthit.gov/sites/default/files/fdasia_healthitreport_final.pdf')" title="(opens New Window)">FDASIA Health IT Report Proposed Risk Based Regulatory Framework, April 2014</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Foreign Intelligence Surveillance Act of 1978 and Amendments (FISA)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36.pdf')" title="(opens New Window)">50 U.S.C. 1801 et seq</A></p> <I>See also:</I> <A HREF="https://www.gpo.gov/fdsys/pkg/STATUTE-92/pdf/STATUTE-92-Pg1783.pdf">Public Law 95-511</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> FISA authorizes electronic surveillance and other activities to obtain foreign intelligence information. FISA has been amended repeatedly since 1978, including the FISA Amendments Act (FAA) of 2008 containing Section 702 (reflected in Title VII below) and most recently by the USA FREEDOM Act of 2015 (reflected in the various titles below). <A HREF="https://www.dni.gov/index.php/who-we-are/organizations/ogc/ogc-related-menus/ogc-related-content/ic-legal-reference-book">The titles of FISA are</A>: <UL> <LI>Title I – Electronic Surveillance within the United States for Foreign Intelligence Purposes</LI> <LI>Title II – Conforming Amendments</LI> <LI>Title III – Physical Searches within the United States for Foreign Intelligence Purposes</LI> <LI>Title IV – Pen Registers and Trap and Trace Surveillance Devices for Foreign Intelligence Purposes</LI> <LI>Title V – Access to Certain Business Records for Foreign Intelligence Purposes</LI> <LI>Title VI – Reporting Requirement</LI> <LI>Title VII – Additional Procedures Regarding Certain Persons Outside the United States</LI> <LI>Title VIII – Protection of Person Assisting the Government</LI> </UL> Source: <BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a566-helpful"> Helpful Tips </button> <div id="b-a566-helpful" class="usa-accordion__content"> <UL> <LI>Sec. 101. Definition. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapI-sec1801.pdf">50 U.S.C. § 1801</A>)</LI> <LI>Sec. 102. Electronic surveillance authorization without court order; <LI>Sec. 301. Definitions. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapII-sec1821.pdf">50 U.S.C. § 1821</A>)</LI> <LI>Sec. 302. Authorization of physical searches for foreign intelligence purposes. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapII-sec1822.pdf">50 U.S.C. § 1822</A>)</LI> <LI>Sec. 303. Application for order. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapII-sec1823.pdf">50 U.S.C. § 1823</A>)</LI> <LI>Sec. 304. Issuance of order. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapII-sec1824.pdf">50 U.S.C. § 1824</A>)</LI> <LI>Sec. 305. Use of information. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapII-sec1825.pdf">50 U.S.C. § 1825</A>)</LI> <LI>Sec. 401. Definitions. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapIII-sec1841.pdf">50 U.S.C. § 1841</A>)</LI> <LI>Sec. 402. Pen registers and trap and trace devices for foreign intelligence and international terrorism investigations. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapIII-sec1842.pdf">50 U.S.C. § 1842</A>)</LI> <LI>Sec. 501. Access to certain business records for foreign intelligence and international terrorism investigations. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapIV-sec1861.pdf">50 U.S.C. § 1861</A>)</LI> <LI>Sec. 601. Semiannual report of the Attorney General. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapV-sec1871.pdf">50 U.S.C. § 1871</A>)</LI> <LI>Sec. 602. Declassification of Signification Decisions, Orders, and Opinions. (<A HREF="http://uscode.house.gov/browse.xhtml">50 U.S.C. § 1872</A>)</LI> <LI>Sec. 603. Annual Reports. (<A HREF="http://uscode.house.gov/browse.xhtml">50 U.S.C. § 1873</A>)</LI> <LI>Sec. 702. Procedures for targeting certain persons outside the United States other than United States persons. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapVI-sec1881a.pdf">50 U.S.C. § 1881a</A>)</LI> <LI>Sec. 703. Certain acquisitions inside the United States targeting United States persons outside the United States. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapVI-sec1881b.pdf">50 U.S.C. § 1881b</A>)</LI> <LI>Sec. 704. Other acquisitions targeting United States persons outside the United States. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapVI-sec1881c.pdf">50 U.S.C. § 1881c</A>)</LI> <LI>Sec. 705. Joint applications and concurrent authorizations. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapVI-sec1881d.pdf">50 U.S.C. § 1881d</A>)</LI> <LI>Sec. 706. Use of information acquired under this subchapter. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapVI-sec1881e.pdf">50 U.S.C. § 1881e</A>)</LI> </UL> </div> </li> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Freedom of Information Act (FOIA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title5/pdf/USCODE-2015-title5-partI-chap5-subchapII-sec552.pdf')" title="(opens New Window)">5 U.S.C. § 552</A></p> <I>See also: </I><A HREF="https://www.congress.gov/114/bills/s337/BILLS-114s337enr.xml">Full Text of the FOIA Improvement Act of 2016 (Public Law No. 114-185)</A><BR> <I>See also: </I><A HREF="https://www.justice.gov/oip/freedom-information-act-5-usc-552">U.S. Department of Justice Freedom of Information Act </A><BR> <h3><STRONG>Overview</STRONG></h3> <P> Since 1967, the <A HREF="https://www.foia.gov/about.html">Freedom of Information Act (FOIA)</A> has provided the public the right to request access to records from any federal agency. It is often described as the law that keeps citizens in the know about their government. Federal agencies are required to disclose any information requested under the FOIA unless it falls under one of nine exemptions which protect interests such as personal privacy, national security, and law enforcement. </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a570"> Statutory Implementation Guidance </button> <div id="b-a570" class="usa-accordion__content"> <P><STRONG>U.S. Department of Justice</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.justice.gov/oip/doj-guide-freedom-information-act-0')" title="(opens New Window)">Department of Justice Guide to the Freedom of Information Act</A></LI> </UL> </P> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a572"> Supplemental Material </button> <div id="b-a572" class="usa-accordion__content"> <P><STRONG>U.S. Department of Justice</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.justice.gov/oip')" title="(opens New Window)">Office of Information Policy (OIP)<A></LI> <LI><A href="https://www.foia.gov/index.html">FOIA.gov </A></LI></UL> </div> </li> </li> </ul> </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="G"> <p class="section_header">G</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Genetic Information Nondiscrimination Act of 2008 (GINA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap7-subchapXI-partC-sec1320d-9.pdf')" title="(opens New Window)">42 U.S.C. § 1320d-9, Application of HIPAA Regulations to Genetic Information</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap126-subchapI-sec12112.pdf">42 U.S.C. § 12112(d)(3), Employment Entrance Examination</A><BR> <I>See also:</I> <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-110publ233/pdf/PLAW-110publ233.pdf">Public Law 110-233</A> <h3><STRONG>Overview</STRONG></h3> <P> The Genetic Information Nondiscrimination Act (GINA) was signed into law on May 21, 2008. GINA protects individuals against discrimination based on their genetic information in health coverage and in employment. GINA is divided into two sections, or Titles. <BR><BR> Title I of GINA includes provisions that generally prohibit group health plans and health insurance issuers from discriminating based on genetic information. These provisions amend the Employee Retirement Income Security Act (ERISA), administered by the Department of Labor; the Public Health Service Act (PHS Act), administered by the Department of Health and Human Services (HHS); and the Internal Revenue Code (the Code), administered by the Department of Treasury (the Treasury) and the Internal Revenue Service (IRS). The Department of Labor has jurisdiction with respect to employment-based group health plans. HHS in conjunction with the States administers these provisions with respect to health insurance issuers. The Treasury and IRS administer these provisions with respect to employers. Title I of GINA also includes individual insurance market provisions under the PHS Act and privacy and confidentiality provisions under the Social Security Act, which are both within the jurisdiction of HHS. <BR><BR> With respect to privacy, statutory amendments were implemented under the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”)</A> in January 2013 to modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of GINA. Specifically, the HIPAA Privacy Rule prohibits health plans from using or disclosing genetic information for underwriting purposes. The modifications also clarify that genetic information is health information and prohibit the use and disclosure of genetic information by covered health plans for eligibility determinations, premium computations, applications of any pre-existing condition exclusions, and any other activities related to the creation, renewal, or replacement of a contract of health insurance or health benefits. <BR><BR> Title II of GINA prohibits the use of genetic information in making employment decisions in any aspect of employment, including hiring, firing, pay, job assignments, promotions, layoffs, training, fringe benefits, or any other term or condition of employment. It is enforced by the Equal Employment Opportunity Commission (EEOC). <BR><BR> Source: <BR> <A HREF="https://www.dol.gov/sites/default/files/ebsa/about-ebsa/our-activities/resource-center/faqs/faq-GINA.pdf">Frequently Asked Questions Regarding the Genetic Information Nondiscrimination Act </A><BR> <A HREF="https://www.eeoc.gov/eeoc/newsroom/wysk/gina_nondiscrimination_act.cfm">What You Should Know: Questions and Answers about the Genetic Information Nondiscrimination Act (GINA) and Employment</A><BR> <A HREF="https://www.hhs.gov/hipaa/for-professionals/special-topics/genetic-information/index.html">Health Information Privacy: Genetic Information</A><BR> </P> </DIV> <div class="usa-accordion"> <button class="usa-accordion__button" aria-expanded="false" aria-controls="g-01"> Helpful Tips </button> </h2> <div id="g-01" class="usa-accordion__content usa-prose"> Sections 101(d), 102(f)(4), 103(d)(7), 104(b) and 201(4) define genetic information, with regard to any individual, as information about— <BR><BR> <LI>such individual’s genetic tests,</LI> <LI>the genetic tests of family members of such an individual, and</LI> <LI>the manifestation of a disease or disorder in family members of such an individual.</LI> The term “genetic information” does not include information about the sex or age of any individual. <BR><BR> This definition was incorporated into the Employee Retirement Income Security Act (ERISA) at <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title29/pdf/USCODE-2015-title29-chap18-subchapI-subtitleB-part7-subpartC-sec1191b.pdf">29 U.S.C. § 1191b(d))</A>; the Public Health Service Act at <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title42/pdf/USCODE-2014-title42-chap6A-subchapXXV-partC-sec300gg-91.pdf">42 U.S.C. § 300gg–91(d)</A>); the Internal Revenue Code, <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title26/pdf/USCODE-2015-title26-subtitleK-chap100-subchapC-sec9832.pdf">26 U.S.C. § 9832</A>; and the Social Security Act at <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title42/pdf/USCODE-2014-title42-chap7-subchapXVIII-partE-sec1395ss.pdf">42 U.S.C.§ 1395ss</A> (Certification of Medicare supplemental health insurance policies). <BR><BR> Section 105 in Title I of GINA, at <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title42/pdf/USCODE-2014-title42-chap7-subchapXI-partC-sec1320d-9.pdf">42 U.S.C. § 1320d–9</A>, provides for the privacy and confidentiality of genetic information within the context of the Social Security Act, through application of the HIPAA Privacy Rule to genetic information. <BR><BR> Section 206 in Title II of GINA provides for the confidentiality of genetic information in an employment setting, through the application of standards set forth in the <A HREF="https://www.fpc.gov/americans-with-disabilities-act-of-1990-rehabilitation-act-of-1973-ada-and-rehab-act/">Americans with Disabilities Act (ADA)</A>. It states that “An employer, employment agency, labor organization, or joint labor-management committee shall be considered to be in compliance with the maintenance of information requirements of this subsection with respect to genetic information subject to this subsection that is maintained with and treated as a confidential medical record under section 102(d)(3)(B) of the Americans With Disabilities Act (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2011-title42/pdf/USCODE-2011-title42-chap126-subchapI-sec12112.pdf">42 U.S.C. § 12112(d)(3)(B)</A>).” </div> <button class="usa-accordion__button" aria-expanded="false" aria-controls="g-02"> Regulations </button> </h2> <div id="g-02" class="usa-accordion__content usa-prose"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2012-title26-vol17/pdf/CFR-2012-title26-vol17-sec54-9802-1.pdf">26 C.F.R. § 54.9802-1</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2008-title29-vol4/pdf/CFR-2008-title29-vol4-sec1630-14.pdf">29 C.F.R. § 1630.14</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf">44 C.F.R. Parts 160 and 164</A><BR> </p> </div> <button class="usa-accordion__button" aria-expanded="false" aria-controls="g-03"> Supplemental Material </button> </h2> <div id="g-03" class="usa-accordion__content usa-prose"> <P><STRONG>U.S. Department of Labor </STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.dol.gov/sites/default/files/ebsa/about-ebsa/our-activities/resource-center/faqs/faq-GINA.pdf')" title="(opens New Window)">Frequently Asked Questions Regarding the Genetic Information Nondiscrimination Act</A></LI></UL> <P><STRONG>U.S. Department of Health and Human Services (HHS)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.genome.gov/Pages/PolicyEthics/GeneticDiscrimination/GINAInfoDoc.pdf')" title="(opens New Window)">“’GINA’: The Genetic Information Nondiscrimination Act of 2008, Information for Researchers and Health Care Professionals</A></LI> </UL> <P><EM><STRONG>Office for Human Research Protections (OHRP)</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('https://www.hhs.gov/ohrp/regulations-and-policy/guidance/guidance-on-genetic-information-nondiscrimination-act/index.html')" title="(opens New Window)">Guidance on the Genetic Information Nondiscrimination Act: Implications for Investigators and Institutional Review Boards (Mar. 24, 2009)</A></LI> </UL> <P><STRONG>U.S. Equal Employment Opportunity Commission (EEOC)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.eeoc.gov/eeoc/newsroom/wysk/gina_nondiscrimination_act.cfm')" title="(opens New Window)">What You Should Know: Questions and Answers about the Genetic Information Nondiscrimination Act (GINA) and Employment</A></LI> <LI><A href="https://www.eeoc.gov/laws/mous/eeoc-doj-ada-gina.cfm">Memorandum of Understanding Between the U.S. EEOC and the U.S. Department Of Justice – Civil Rights Division Regarding ADA and GINA Employment Discrimination Charges Against State and Local Governments (July 23, 2015)</A></LI> <LI><A href="javascript:window.open('https://www.eeoc.gov/laws/regulations/qanda-gina-wellness-final-rule.cfm')" title="(opens New Window)">Final Rule on Employer Wellness Programs and the Genetic Information Nondiscrimination Act (May 17, 2016)</A></LI> </UL> <P><STRONG>U.S. Congressional Research Service</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.genome.gov/Pages/PolicyEthics/GeneticDiscrimination/CRS_GINA_and_ACA.pdf')" title="(opens New Window)">The Genetic Information Nondiscrimination Act of 2008 and the Patient Protection and Affordable Care Act of 2010: Overview and Legal Analysis of Potential Interactions (Dec. 21, 2011)</A></LI> </UL> </div> </div>       </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="H"> <p class="section_header">H</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap6A-subchapXXVIII.pdf')" title="(opens New Window)">42 U.S.C. §§ 300jj et seq</A> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap156.pdf">42 U.S.C. §§ 17901 et seq</A> </p> See also: <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-111publ5/pdf/PLAW-111publ5.pdf">American Recovery and Reinvestment Act of 2009 (Public Law 111-5, §§ 13001-13424, §§ 4001 – 4201)</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 provides the U.S. Department of Health and Human Services (HHS) with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange. The HITECH Act amends Sections 3004 and 3005 of the Public Health Service Act to describe the processes for evaluation, adoption, and implementation of endorsed standards, implementation specifications, and certification criteria for health IT. Sections 13400-13411 of HITECH describe HHS’s work to improve privacy and security provisions for electronic exchange and use of health information, and sections 4001-4201 of HITECH establish the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs to provide incentive payments for eligible professionals, hospitals, and critical access hospitals as they adopt, implement, upgrade, or demonstrate meaningful use of certified EHR technology. <BR><BR> Sources: <BR> <A HREF="https://www.healthit.gov/policy-researchers-implementers/health-it-legislation">Health IT Legislation and Regulations</A><BR> <A HREF="https://www.healthit.gov/hitac/committees/health-information-technology-advisory-committee-hitac">Select Portions of the HITECH Act and Relationship to ONC Work </A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a600"> Helpful Tips </button> <div id="b-a600" class="usa-accordion__content"> HITECH was enacted as part of the American Recovery and Reinvestment Act of 2009 and was signed into law on February 17, 2009. <BR><BR> The HHS Office for Civil Rights implemented important privacy and security provisions of HITECH, which lays out new and specific obligations for covered entities in the event of a data breach that include notifications to individual data subjects and in some instances, to the media. Please see the entry for the Health Insurance Portability and Accountability Act (HIPAA) for more complete information regarding privacy and security provisions for electronic exchange and use of health information. <BR><BR> HITECH established a process for the evaluation, adoption, and implementation of endorsed standards, implementation specifications, and certification criteria for health IT, and created an Office of the National Coordinator for Health Information Technology (ONC) within HHS to oversee this process, assisted by two advisory committees. The National Institute for Standards and Technology (NIST) conducts pilot testing for new technical standards. The resulting certification criteria regulations ensure all health IT presented for certification possess the relevant privacy and security capabilities. <BR><BR> HITECH also established the Medicare and Medicaid EHR Incentive Programs, which encourage health care organizations to adopt EHRs through a staged approach. Each stage contains core requirements in the final regulations that providers must meet, including privacy and security requirements. <BR><BR> Sources: <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title45-vol1/pdf/CFR-2015-title45-vol1-part170.pdf">45 C.F.R. Part 170</A>, <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title42-vol2/pdf/CFR-2015-title42-vol2-part412.pdf">42 C.F.R. Part 412</A>, <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title42-vol5/pdf/CFR-2015-title42-vol5-part495.pdf">42 C.F.R. Part 495</A> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title45-vol1/pdf/CFR-2015-title45-vol1-part160.pdf">45 C.F.R. Part 160</A>, and <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title45-vol1/pdf/CFR-2015-title45-vol1-part164.pdf">45 C.F.R. Part 164</A>. </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a601"> Regulations </button> <div id="b-a601" class="usa-accordion__content"> <p> <P><STRONG>2015 Edition Health Information Technology Certification Criteria – Final Rule</STRONG></P> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title45-vol1/pdf/CFR-2015-title45-vol1-part170.pdf">45 C.F.R. Part 170</A><BR> <P><STRONG>Medicare and Medicaid Programs; Electronic Health Record Incentive Program – Stage 3 and Modifications to Meaningful Use in 2015 through 2017; Final Rules with Comment Period</STRONG></P> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title42-vol2/pdf/CFR-2015-title42-vol2-part412.pdf">42 C.F.R. Part 412</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title42-vol5/pdf/CFR-2015-title42-vol5-part495.pdf">42 C.F.R. Part 495</A><BR> <P><STRONG>General Administrative Requirements</STRONG></P> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title45-vol1/pdf/CFR-2015-title45-vol1-part160.pdf">45 C.F.R. Part 160</A><BR> <P><STRONG>Security and Privacy</STRONG></P> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title45-vol1/pdf/CFR-2015-title45-vol1-part164.pdf">45 C.F.R. Part 160</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a602"> Supplemental Material </button> <div id="b-a602" class="usa-accordion__content"> <P><STRONG>U.S. Department of Health and Human Services</STRONG></P> <P><EM><STRONG>Office of Civil Rights</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html')" title="(opens New Window)">Combined Regulation Text of All Rules</A></LI> </UL> <P><EM><STRONG>Office of the National Coordinator for Health Information Technology</STRONG></EM></P> <UL> <LI><A HREF="https://www.healthit.gov/topic/laws-regulation-and-policy/health-it-regulation-resources">ONC Regulations Resources</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Health Insurance Portability and Accountability Act of 1996 (HIPAA Breach Notification Rule)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap156-subchapIII-partA-sec17932.pdf')" title="(opens New Window)">42 U.S.C. § 17932</A></p> <I>See also: </I><A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-111publ5/pdf/PLAW-111publ5.pdf">Health Information Technology for Economic and Clinical Health (HITECH) Act (Public Law 111-5, Div. A, title XIII, § 13402)</A><BR> <I>See also: </I><A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2011-title45-vol1/pdf/CFR-2011-title45-vol1-part164-subpartD.pdf">45 C.F.R. §§ 164.400-414 (Subpart D)</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> Section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act (the “Act”) requires HIPAA covered entities to provide notification to affected individuals and to the Secretary of the U.S. Department of Health and Human Services (HHS) following the discovery of a breach of unsecured protected health information. In some cases, the Act requires covered entities also to provide notification to the media of breaches. In the case of a breach of unsecured protected health information at or by a business associate of a covered entity, the Act requires the business associate to notify the covered entity of the breach. Finally, the Act requires the Secretary to post on an HHS Web site a list of covered entities that experience breaches of unsecured protected health information involving more than 500 individuals. <BR><BR> The HIPAA Breach Notification Rule, 45 C.F.R. §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of HITECH and the Genetic Information Nondiscrimination Act (GINA). <BR><BR> Source: <A HREF="https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html">Health Information Privacy: Breach Notification Rule</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a603"> Helpful Tips </button> <div id="b-a603" class="usa-accordion__content"> The U.S. Department of Health and Human Services added a new subpart D to part 164 of title 45 of the Code of Federal Regulations (CFR) to implement the breach notification provisions of section 13402 of the HITECH Act. In developing the interim final rule, the Department consulted closely with the Federal Trade Commission (FTC), which administers similar breach notification requirements on vendors of personal health records (PHRs) and their third party service providers under section 13407 of the HITECH Act. The interim final rule and FTC’s Health Breach Notification Rule (74 FR 42962, published August 25, 2009) made clear that entities operating as HIPAA covered entities and business associates are subject to HHS’, and not the FTC’s, breach notification rule. Second, to address those limited cases where an entity may be subject to both HHS’ and the FTC’s rules, such as a vendor that offers PHRs to customers of a HIPAA covered entity as a business associate and also offers PHRs directly to the public, both sets of regulations were harmonized by including the same or similar language, within the constraints of the statutory language. The HHS rule was finalized in 2013. <BR><BR> Source: <A HREF="Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (78 FR 5566, January 25, 2013)">Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (78 FR 5566, January 25, 2013)</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a604"> Supplemental Material </button> <div id="b-a604" class="usa-accordion__content"> <P><STRONG>U.S. Department of Health and Human Services</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.hhs.gov/hipaa/for-professionals/breach-notification/laws-regulations/index.html')" title="(opens New Window)">HIPAA Breach Notification Regulation History</A></LI> <LI><A href="https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html">Summary of the HIPAA Breach Notification Rule</A></LI> <LI><A href="https://www.hhs.gov/hipaa/for-professionals/breach-notification/guidance/index.html">Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individual</A></LI></UL> <P><STRONG>U.S. Department of Defense, Defense Health Agency (DHA) Privacy and Civil Liberties Office</STRONG></P> <UL> <LI><A href="javascript:window.open('https://health.mil/Military-Health-Topics/Privacy-and-Civil-Liberties/HIPAA-Compliance-within-the-MHS')" title="(opens New Window)">HIPAA Compliance within the Military Health Systems</A></LI> </UL> <P><STRONG>U.S. Federal Trade Commission (FTC)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.ftc.gov/tips-advice/business-center/guidance/complying-ftcs-health-breach-notification-rule')" title="(opens New Window)">Complying with the FTC’s Health Breach Notification Rule</A></LI> <LI><A href="https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-apps-interactive-tool">Mobile Health Apps Interactive Tool</A></LI></UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Health Insurance Portability and Accountability Act of 1996 (HIPAA Privacy Rule)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf')" title="(opens New Window)">Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191)</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2011-title45-vol1/pdf/CFR-2011-title45-vol1-part160-subpartA.pdf" aria-label="CFR-2011-title45-vol1-part160-subpartA">45 C.F.R. Part 160</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2011-title45-vol1/pdf/CFR-2011-title45-vol1-part164.pdf">45 C.F.R. Part 164 Subparts A and E</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> The HIPAA Privacy Rule, adopted by the U.S. Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections. <BR><BR> Sources: <BR> <A HREF="https://www.hhs.gov/hipaa/for-professionals/privacy/index.html">Health Information Privacy: The HIPAA Privacy Rule</A><BR> <A HREF="https://aspe.hhs.gov/report/health-insurance-portability-and-accountability-act-1996">The Health Insurance Portability and Accountability Act of 1996</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a620"> Helpful Tips </button> <div id="b-a620" class="usa-accordion__content"> The complete suite of HIPAA Administrative Simplification Regulations can be found at 45 C.F.R. Part 160, Part 162, and Part 164, and includes: <BR> <UL> <LI>Transactions and Code Set Standards</LI> <LI>Identifier Standards</LI> <LI>Privacy Rule</LI> <LI>Security Rule</LI> <LI>Enforcement Rule</LI> <LI>Breach Notification Rule</LI> </UL> Source: <A HREF="https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-text/index.html">Health Information Privacy, Complete Text of All Rules</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a621"> Supplemental Material </button> <div id="b-a621" class="usa-accordion__content"> <P><STRONG>U.S. Department of Veterans Affairs, Office of General Counsel</STRONG></P> <UL> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/privacy/index.html">The HIPAA Privacy Rule</A></LI> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html">Summary of the HIPAA Privacy Rule</A></LI> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/index.html">HIPAA Guidance Materials</A></LI> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/special-topics/index.html">Special Topics in Health Information Privacy</A></LI> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/faq">HIPAA FAQs for Professionals</A></LI> <LI><A HREF="https://www.cdc.gov/mmwr/preview/mmwrhtml/m2e411a1.htm">HIPAA Privacy Rule and Public Health; Guidance from CDC and the U.S. Department of Health and Human Services</A></LI> <LI><A HREF="https://privacyruleandresearch.nih.gov/">HHS National Institutes of Health (NIH), HIPAA Privacy Rule, Information for Researchers</A></LI> </UL> <P><STRONG>U.S. Department of Defense, Defense Health Agency (DHA) Privacy and Civil Liberties Office</STRONG></P> <UL> <LI><A href="javascript:window.open('http://www.va.gov/ogc/hipaa.asp')" title="(opens New Window)">HIPAA Information</A></LI> </UL> <P><STRONG>U.S. Department of Defense, Defense Health Agency (DHA) Privacy and Civil Liberties Office</STRONG></P> <UL> <LI><A href="javascript:window.open('https://health.mil/Military-Health-Topics/Privacy-and-Civil-Liberties/HIPAA-Compliance-within-the-MHS')" title="(opens New Window)">HIPAA Compliance within the Military Health Systems</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Health Insurance Portability and Accountability Act of 1996 (HIPAA Security Rule)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf')" title="(opens New Window)">Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191)</A></p> <I>See also: </I><A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title45-vol1/pdf/CFR-2015-title45-vol1-part160.pdf">45 C.F.R. Part 160</A><BR> <I>See also: </I><A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title45-vol1/pdf/CFR-2015-title45-vol1-part164.pdf">45 C.F.R. §§ 164.102-106 and §§ 164.302-318</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> The HIPAA Security Rule, adopted by the U.S. Department of Health and Human Services (HHS) pursuant to the Health Insurance Portability and Accountability Act of 1996 establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information. <BR><BR> Sources: <BR> <A HREF="https://www.hhs.gov/hipaa/for-professionals/security/index.html">Health Information Privacy, The Security Rule </A><BR> <A HREF="https://aspe.hhs.gov/report/health-insurance-portability-and-accountability-act-1996">Health Information Portability and Accountability Act of 1996</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a622"> Helpful Tips </button> <div id="b-a622" class="usa-accordion__content"> The complete suite of HIPAA Administrative Simplification Regulations can be found at 45 C.F.R. Part 160, Part 162, and Part 164, and includes: <BR><BR> <UL> <LI>Transactions and Code Set Standards</LI> <LI>Identifier Standards</LI> <LI>Privacy Rule</LI> <LI>Security Rule</LI> <LI>Enforcement Rule</LI> <LI>Breach Notification Rule</LI> </UL> Source: Health Information Privacy, Combined Text of All Rules <BR><BR> The Administrative Simplification provisions of HIPAA, Title II required the Secretary of HHS to publish national standards for the security of electronic protected health information (e-PHI), electronic exchange, and the privacy and security of health information. The Security Standards for the Protection of Electronic Protected Health Information (the Security Rule) establish a national set of security standards for protecting certain health information that is held or transferred in electronic form. The Security Rule operationalizes the protections contained in the Privacy Rule by addressing the technical and non-technical safeguards that organizations called “covered entities” must put in place to secure individuals’ “electronic protected health information” (e-PHI). The text of the final regulation can be found at 45 C.F.R. Part 160 and Part 164, Subparts A and C. </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a623"> Supplemental Material </button> <div id="b-a623" class="usa-accordion__content"> <P><STRONG>U.S. Department of Health and Human Services (HHS)</STRONG></P> <UL> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/security/index.html">The Security Rule</A></LI> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html">Summary of the HIPAA Security Rule</A></LI> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html">Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules</A></LI> <LI><A HREF="https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html">Security Rule Guidance Material</A></LI> <LI><A HREF="https://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/rafinalintro.html">Final Guidance on Risk Analysis</A></LI> <LI><A HREF="https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/remoteuse.pdf">Remote Use</A></LI> <LI><A HREF="https://www.healthit.gov/providers-professionals/your-mobile-device-and-health-information-privacy-and-security">Your Mobile Device and Health Information Privacy and Security</A></LI> <LI><A HREF="https://www.cdc.gov/cancer/npcr/tools/security/requirements.htm">HHS, Centers for Disease Control and Prevention (CDC), National Program of Cancer Registries, Data Security Guidelines for Cancer Registries</A></LI> <LI><A HREF="https://www.nlm.nih.gov/hsrinfo/electronic_health_record.html">National Institutes of Health (NIH), Health Services Research Information Central (HSRIC), Privacy/Security and Research with Electronic Health Records</A></LI> </UL> <P><STRONG>U.S. Department of Veterans Affairs (VA)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://mobile.va.gov/content/data-security')" title="(opens New Window)">VA Mobile, Data Security</A></LI> </UL> <P><STRONG>U.S. Department of Defense, Defense Health Agency (DHA) Privacy and Civil Liberties Office</STRONG></P> <UL> <LI><A href="javascript:window.open('https://health.mil/Military-Health-Topics/Privacy-and-Civil-Liberties/HIPAA-Compliance-within-the-MHS')" title="(opens New Window)">HIPAA Compliance within the Military Health Systems</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Homeland Security Act of 2002</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1.pdf')" title="(opens New Window)">6 USC § 101 et seq</A></p> <i>See also: </i> <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-107publ296/pdf/PLAW-107publ296.pdf">Pub. Law 107-296</A> and the <A HREF="https://www.dni.gov/index.php/who-we-are/organizations/ogc/ogc-related-menus/ogc-related-content/ic-legal-reference-book">Office of the Director of National Intelligence Legal Reference Book</A> <BR> <h3><STRONG>Overview</STRONG></h3> <P> The Homeland Security Act of 2002 charges the Department of Homeland Security (DHS) Chief Privacy Officer with primary responsibility for ensuring that privacy considerations and protections are integrated into all DHS programs, policies, and procedures. The Chief Privacy Officer serves as the principal advisor to the DHS Secretary on privacy policy. <BR><BR> The activities of the Privacy Office serve to build privacy into departmental programs. <BR><BR> Sources: <BR> <A HREF="https://www.dhs.gov/sites/default/files/publications/FINAL-PRIV-Section%20803%20FY16%20Semiannaul%20Report%2007%2006%2016.pdf">Department of Homeland Security, Privacy Office, “Fiscal Year 2016 Semiannual Report to Congress: For the period October 1, 2015 – March 31, 2016,” July 6, 2016</A><BR> <A HREF="https://www.dhs.gov/chief-privacy-officers-authorities-and-responsibilities/">DHS, Authorities and Responsibilities of the Chief Privacy Officer</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered"> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a640"> Helpful Tips </button> <div id="b-a640" class="usa-accordion__content"> More information can be found in the following resources: <UL> <LI>Sec. 222. Privacy Officer. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2002-title6/pdf/USCODE-2002-title6-chap1-subchapII-partC-sec142.pdf">6 U.S.C. § 142</A>)</LI> <LI>Sec. 1004. Information Security and Privacy Advisory Board. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title15/pdf/USCODE-2015-title15-chap7-sec278g-4.pdf">15 U.S.C. § 278g-4</A>)</LI> <LI>Sec. 1601. Retention of security sensitive information authority at Department of Transportation. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title49/pdf/USCODE-2014-title49-subtitleVII-partA-subparti-chap401-sec40119.pdf">49 U.S.C. § 40119</A>)</LI> </UL> Subsequent amendments, <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-110publ53/pdf/PLAW-110publ53.pdf">Pub.L. 110-53, Implementing Recommendations of the 9/11 Commission Act of 2007</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a641"> Executive Orders, Memoranda, and Directives </button> <div id="b-a641" class="usa-accordion__content"> <p> <UL> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2008-08-04/pdf/E8-17940.pdf">United States Intelligence Activities, Exec. Order No. 12333 (46 FR 59941, Dec. 08, 1981), amended by Exec. Order 13284 (68 FR 4057, Jan. 28, 2003), Exec. Order 13355 (69 FR 53593, Sept. 1, 2004), and Exec. Order 13470 (73 FR 45325, Aug. 4, 2008)</A></LI> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2005-10-27/pdf/05-21571.pdf">Further Strengthening the Sharing of Terrorism Information to Protect Americans, Exec. Order No. 13388 (70 FR 62023, Oct. 27, 2005)</A></LI> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf">OMB Memorandum M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sept. 2016)</A></LI> </UL> </p> </div> </li> </ul> </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="I"> <p class="section_header">I</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Immigration and Nationality Act of 1952 (INA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title8/pdf/USCODE-2015-title8-chap12-subchapI-sec1101.pdf')" title="(opens New Window)">8 U.S.C. §§ 1101 et seq</A></p> <I>See also: </I><A HREF="https://www.uscis.gov/ilink/docView/SLB/HTML/SLB/act.html">Immigration and Nationality Act (U.S. Citizenship and Immigration Services)</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> The Immigration and Nationality Act, or INA, was created in 1952. The Act has been amended many times over the years, but is still the basic body of immigration law. The INA is divided into titles, chapters, and sections. Although it stands alone as a body of law, the Act is also contained in the United States Code (U.S.C.). When browsing the INA or other statutes you will often see reference to the U.S. Code citation. For example, Section 208 of the INA deals with asylum, and is also contained in 8 U.S.C. 1158. Although it is correct to refer to a specific section by either its INA citation or its U.S. Code citation, the INA citation is more commonly used. <BR><BR> Source: <A HREF="https://www.uscis.gov/laws/immigration-and-nationality-act">Immigration and Nationality Act</A> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered"> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a700"> Helpful Tips </button> <div id="b-a700" class="usa-accordion__content"> Enforcement of the INA, including protection of confidentiality and privacy, involves multiple agencies, including but not limited to the U.S. Department of State, Customs and Border Protection, U.S. Citizenship and Immigration Services, U.S. Immigration and Customs Enforcement, and the U.S. Department of Labor. </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a701"> Regulations </button> <div id="b-a701" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title8-vol1/pdf/CFR-2016-title8-vol1.pdf">8 C.F.R. et seq</A><BR> 22 C.F.R. et seq (<A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title22-vol1/pdf/CFR-2016-title22-vol1.pdf">Vol. 1 (Parts 1-299)</A> and <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title22-vol2/pdf/CFR-2016-title22-vol2.pdf">Vol 2. (Parts 300-1799)</A>) </p> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a703"> Executive Orders, Memoranda, and Directives </button> <div id="b-a703" class="usa-accordion__content"> <p> <UL> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2011-08-09/pdf/2011-20395.pdf">Suspension of Entry as Immigrants and Nonimmigrants of Persons Who Participate in Serious Human Rights and Humanitarian Law Violations and Other Abuses, Proclamation No. 8697 (76 FR 49275, Aug. 4, 2011) </A></LI> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2011-07-27/pdf/2011-19155.pdf">Suspension of Entry of Aliens Subject to United Nations Security Council Travel Bans and International Emergency Economic Powers Act Sanctions, Proclamation No. 8693 (76 FR 44751, July 25, 2011)</A></LI> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/PPP-2003-book2/pdf/PPP-2003-book2-doc-pg1174.pdf">Directive on Integration and Use of Screening Information To Protect Against Terrorism, HSPD-6 (Sept. 16, 2003)</A></LI> </UL> </p> </div> </li> <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a702"> Supplemental Material </button> <div id="b-a702" class="usa-accordion__content"> <P><STRONG>Department of State </STRONG></P> <UL> <LI><A href="javascript:window.open('https://fam.state.gov/FAM/09FAM/09FAM060106.html')" title="(opens New Window)">Foreign Affairs Manual (FAM) Provisions at 9 FAM 601.6, Maintaining Visa Files, Records and Information</A></LI> <LI><A href="https://travel.state.gov/content/travel/en/us-visas/visa-information-resources/frequently-asked-questions/about-basics.html#:~:text=A%20visa%20allows%20a%20foreign,Admissions%20on%20the%20CBP%20website.">About Visas – The Basics</A></LI> </UL> <P><STRONG>Department of Homeland Security</STRONG></P> <UL> <LI><A HREF="https://www.dhs.gov/violence-against-women-act">Violence Against Women Act (VAWA) Confidentiality Provisions at DHS</A></LI> </UL> <P><EM><STRONG>U.S. Citizenship and Immigration Services (USCIS)</STRONG></EM></P> <UL> <LI><A href="">•Policy Manual, Vol. 1, Chap. 5, General Policies and Procedures, Part A., Customer Service, Privacy and Confidentiality in Customer Service</A></LI> <I>Tip: The USCIS Policy Manual is the agency’s centralized online repository for USCIS’s immigration policies</I> <LI><A href="https://www.uscis.gov/e-verify/about-program/our-commitment-privacy">E-Verify – Our Commitment to Privacy, U.S. Citizenship and Immigration Services (USCIS)</A></LI> </UL> <P><EM><STRONG>Customs and Border Patrol</STRONG></EM></P> <UL> <LI><A HREF="https://www.cbp.gov/list-page/frequently-asked-questions-privacy">Frequently Asked Questions: Privacy (CBP)</A></LI> </UL> <P><EM><STRONG>U.S. Immigration and Customs Enforcement</STRONG></EM></P> <UL> <LI><A href="javascript:window.open('https://www.ice.gov/management-administration/igp#wcm-survey-target-id')" title="(opens New Window)">Office of Information Governance and Privacy (ICE)</A></LI> </UL> <P><STRONG>Department of Labor</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.dol.gov/general/topic/discrimination/immdisc')" title="(opens New Window)">Popular Topics: Immigration</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Implementing Recommendations of the 9/11 Commission Act of 2007</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/PLAW-110publ53/pdf/PLAW-110publ53.pdf')" title="(opens New Window)">6 U.S.C. 101 et seq</A></p> <I>See also:</I> <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-110publ53/pdf/PLAW-110publ53.pdf">Pub. Law 110-153 and</A> <A HREF="https://www.dni.gov/index.php/who-we-are/organizations/ogc/ogc-related-menus/ogc-related-content/ic-legal-reference-book">the Office of the Director of National Intelligence Legal Reference Guide</A> <BR> <h3><STRONG>Overview</STRONG></h3> </B></STRONG> </B></STRONG> </B></STRONG> <P> <A HREF="https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1283">This Act</A> amended section 1016 of Intelligence Reform and Terrorism Prevention Act (IRTPA) and amended the Homeland Security Act of 2002 to expand and further refine the scope of the Information Sharing Environment (ISE). </B></STRONG></B></STRONG> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a710"> Helpful Tips </button> <div id="b-a710" class="usa-accordion__content"> More information can be found in the following resources: <UL> <LI>Sec. 504. Information sharing. <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1-subchapVIII-partI-sec485.pdf">(6 U.S.C. § 485)</A></LI> <LI>Sec. 511. Department of Homeland Security State, Local, and Regional Fusion Center Initiative. <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1-subchapII-partA.pdf">(6 U.S.C. § 121 et seq)</A></LI> <LI>Sec. 801. Modification of authorities relating to Privacy and Civil Liberties Oversight Board. <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1-subchapII-partA.pdf">(5 U.S.C. § 601 note)</A></LI> <LI>Sec. 802. Department Privacy Officer. <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1-subchapII-partC-sec142.pdf">(6 U.S.C. § 142)</A></LI> <LI>Sec. 803. Privacy and Civil Liberties Officers. <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title42/pdf/USCODE-2014-title42-chap21E-sec2000ee-1.pdf">(42 U.S.C. § 2000ee-1)</A></LI> <LI>Sec. 804. Federal Agency Data Mining Reporting Act of 2007. <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title42/pdf/USCODE-2014-title42-chap21E-sec2000ee-3.pdf">(42 U.S.C. § 2000ee-3)</A></LI> <LI>Sec. 1606. Appeal and redress process for passengers wrongly delayed or prohibited from boarding a flight. <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title49/pdf/USCODE-2014-title49-subtitleVII-partA-subpartiii-chap449-subchapI-sec44926.pdf">(49 U.S.C. § 44926)</A></LI> </UL> </div> </li> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Individuals with Disabilities Education Act (IDEA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title20/pdf/USCODE-2015-title20-chap33.pdf')" title="(opens New Window)">20 U.S.C. §§ 1400 et seq</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title20/pdf/USCODE-2015-title20-chap33-subchapII-sec1417.pdf">20 U.S.C. § 1417(c), Confidentiality</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> IDEA is a law ensuring services to children with disabilities throughout the nation. IDEA governs how states and public agencies provide early intervention, special education and related services to more than 6.5 million eligible infants, toddlers, children and youth with disabilities. Infants and toddlers with disabilities (from birth through age 2) and their families receive early intervention services under IDEA Part C. Children and youth (from age 3 through age 21) receive special education and related services under IDEA Part B. Parts B & C require that the Secretary of the U.S. Department of Education shall take appropriate action, in accordance with section 444 of the General Education Provisions Act (GEPA), to ensure the confidentiality of any personally identifiable data, information, and records collected or maintained by the Secretary and by State educational agencies (SEA) and local educational agencies (LEA). <BR><BR> Source: <BR> <A HREF="http://idea.ed.gov/explore/home">Building the Legacy: IDEA 2004</A><BR> <A HREF="http://ptac.ed.gov/sites/default/files/IDEA%20FERPA%20Confidentiality%20Provisions%20Comparison%20Chart%2006.06.14.pdf">IDEA and FERPA Confidentiality Provisions </A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a715"> Regulations </button> <div id="b-a715" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title34-vol2/pdf/CFR-2015-title34-vol2-part300.pdf">Part B: 34 C.F.R. Part 300</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2015-title34-vol2/pdf/CFR-2015-title34-vol2-part303.pdf">Part C: 34 C.F.R. Part 303</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a716"> Supplemental Material </button> <div id="b-a716" class="usa-accordion__content"> <P><STRONG>U.S. Department of Education</STRONG></P> <UL> <LI><A href="javascript:window.open('http://ptac.ed.gov/sites/default/files/IDEA%20FERPA%20Confidentiality%20Provisions%20Comparison%20Chart%2006.06.14.pdf')" title="(opens New Window)">IDEA and FERPA Confidentiality Provisions</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/PLAW-108publ458/pdf/PLAW-108publ458.pdf')" title="(opens New Window)">Pub. L. 108-458</A></p> <A HREF="https://www.dni.gov/index.php/who-we-are/organizations/ogc/ogc-related-menus/ogc-related-content/ic-legal-reference-book">Office of the Director of National Intelligence Legal Reference Book </A><BR> <h3><STRONG>Overview</STRONG></h3> <P> <A HREF="https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1282">IRTPA</A> addresses many different facets of information gathering and the intelligence community. IRPTA’s eight titles reflect its broad scope: <UL> <LI>Title I – Reform of the Intelligence Community</A></LI> <LI>Title II – Federal Bureau of Investigation</A></LI> <LI>Title III – Security Clearances</A></LI> <LI>Title IV – Transportation Security</A></LI> <LI>Title V – Border Protection, Immigration, and Visa Matters</A></LI> <LI>Title VI – Terrorism Prevention</A></LI> <LI>Title VII – Implementation of 9/11 Commission Recommendations</A></LI> <LI>Title VIII – Other Matters, including a requirement that the Department of Homeland Security ensure that the civil rights and civil liberties of persons are not diminished by efforts, activities, and programs aimed at securing the homeland. </UL> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a730"> Helpful Tips </button> <div id="b-a730" class="usa-accordion__content"> More information can be found in the following resources: <UL> <LI>Sec. 1011. Reorganization and improvement of management of intelligence community. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap44-subchapI.pdf">50 U.S.C. § 3021 et seq</A>)</LI> <LI>Sec. 103D. Civil Liberties Protection Officer. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap44-subchapI-sec3029.pdf">50 U.S.C. § 3029</A>)</LI> <LI>Sec. 1016. Information sharing. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1-subchapVIII-partI-sec485.pdf">6 U.S.C. § 485</A>)</LI> <LI>Sec. 1061. Privacy and Civil Liberties Oversight Board. (<A HREF="https://www.pclob.gov/library/42USC2000ee-PCLOB_Enabling_Statute.pdf">42 U.S.C. § 2000ee et seq</A>)</LI> <LI>Sec. 1062. Sense of Congress on Designation of Privacy and Civil Liberties Officers. (<A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-108publ458/pdf/PLAW-108publ458.pdf">Pub.L. 108-458</A>)</LI> <LI>Sec. 4012. Advanced airline passenger prescreening. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title49/pdf/USCODE-2014-title49-subtitleVII-partA-subpartiii-chap449-subchapI-sec44903.pdf">49 U.S.C. § 44903(j)(2)</A>)</LI> <LI>Sec. 6002. Additional semiannual reporting requirements under the Foreign Intelligence Surveillance Act of 1978. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap36-subchapV.pdf">50 U.S.C. § 1871</A>)</LI> <LI>Sec. 7212. Driver’s licenses and personal identification cards. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title49/pdf/USCODE-2014-title49-subtitleVI-partA-chap303-sec30301.pdf">49 U.S.C. § 30301 note</A>)</LI> <LI>Sec. 8302. Mission of Department of Homeland Security. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1-subchapI-sec111.pdf">6 U.S.C. § 111(b)(1)</A>)</LI> <LI>Sec. 8303. Officer for Civil Rights and Civil Liberties. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1-subchapVII-sec345.pdf">6 U.S.C. § 345(a)</A>)</LI> <LI>Sec. 8304. Protection of civil rights and civil liberties by Office of Inspector General. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title5/pdf/USCODE-2015-title5-app-inspector.pdf">5 U.S.C. App. Inspector General Act of 1978</A>)</LI> <LI>Sec. 8305. Privacy officer. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title6/pdf/USCODE-2015-title6-chap1-subchapII-partC-sec142.pdf">6 U.S.C. § 142</A>)</LI> </UL> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a731"> Executive Orders, Memoranda, and Directives </button> <div id="b-a731" class="usa-accordion__content"> <p> <UL> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2008-08-04/pdf/E8-17940.pdf">United States Intelligence Activities, Exec. Order No. 12333 (46 FR 59941, Dec. 08, 1981), amended by Exec. Order 13284 (68 FR 4057, Jan. 28, 2003), Exec. Order 13355 (69 FR 53593, Sept. 1, 2004), and Exec. Order 13470 (73 FR 45325, Aug. 4, 2008)</A></LI> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2005-10-27/pdf/05-21571.pdf">Further Strengthening the Sharing of Terrorism Information to Protect Americans, Exec. Order No. 13388 (70 FR 62023, Oct. 27, 2005)</A></LI> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf">OMB Memorandum M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sept. 2016) </A></LI> </UL> </p> </div> </li> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Internal Revenue Code (Tax Code)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title26/pdf/USCODE-2015-title26.pdf')" title="(opens New Window)">26 U.S.C. §§ et al</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title26/pdf/USCODE-2015-title26-subtitleF-chap61-subchapB-sec6103.pdf">26 U.S.C. § 6103 Confidentiality and disclosure of returns and return information</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title26/pdf/USCODE-2015-title26-subtitleF-chap68-subchapB-partI-sec6713.pdf">26 U.S.C. § 6713 Disclosure or use of information by preparers of returns</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title26/pdf/USCODE-2015-title26-subtitleF-chap75-subchapA-partI-sec7213.pdf">26 U.S.C. § 7213 Unauthorized disclosure of information</A><BR> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title26/pdf/USCODE-2015-title26-subtitleF-chap75-subchapA-partI-sec7213A.pdf">26 U.S.C. § 7213a Unauthorized inspection of returns or return information</A><BR> <I>See also: </I><A HREF="https://www.irs.gov/privacy-disclosure/tax-code-regulations-and-official-guidance">Internal Revenue Service Laws and Regulations</A> <h3><STRONG>Overview</STRONG></h3> <P> Taxpayers have the right to expect that any Internal Revenue System (IRS) inquiry, examination, or enforcement action will comply with the law and be no more intrusive than necessary, and will respect all due process rights, including search and seizure protections and will provide, where applicable, a collection due process hearing. <BR><BR> Taxpayers have the right to expect that any information they provide to the IRS will not be disclosed unless authorized by the taxpayer or by law. Taxpayers have the right to expect appropriate action will be taken against government officers and employees, tax return preparers, and others who wrongfully use or disclose taxpayer return information. <BR><BR> Source: <A HREF="https://www.irs.gov/pub/irs-pdf/p1.pdf">Your Rights as a Taxpayer</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a740"> Helpful Tips </button> <div id="b-a740" class="usa-accordion__content"> The Internal Revenue Code § 6103(h)(1) provides that returns and return information shall, without written request, be open to inspection by or disclosure to officers and employees of the Department of the Treasury whose official duties require such inspection or disclosure for tax administration purposes. The Internal Revenue Code § 6103(b)(4) provides that the term “tax administration” means the administration, management, conduct, direction, and supervision of the execution and application of the internal revenue laws or related statutes (or equivalent laws and statutes of a state) and tax conventions to which the United States is a party. <BR><BR> Internal Revenue Code § 6713 imposes a civil penalty of $250 on any person who is engaged in the business of preparing, or providing services in connection with the preparation of returns of tax, or any person who for compensation prepares a return for another person, and who “Discloses any information furnished to him for, or in connection with, the preparation of any such return, or Uses any such information for any purpose other than to prepare, or assist in preparing, any such return. Imposition of the penalty under [this section] does not require that the disclosure be knowing or reckless as it does under Internal Revenue Code § 7216.” 26 U.S.C. §7216 is a criminal provision enacted by the U.S. Congress in 1971 that prohibits preparers of tax returns from knowingly or recklessly disclosing or using tax return information. A convicted preparer may be fined not more than $1,000 or imprisoned not more than one year or both, for each violation. <BR><BR> Returns and return information may be used or disclosed to initiate or conduct a money laundering investigation if the investigation is considered for tax administration purposes according to 26 U.S.C. § 6103(b)(4). When investigating potential money laundering or Bank Secrecy Act (BSA) violations, the key test (related statute test) is whether, under the facts and circumstances of the particular case, the money laundering and Bank Secrecy Act provisions are considered related to the administration of the Internal Revenue laws. Data collected by IRS personnel pursuant to their enforcement responsibilities under the BSA in a “pure” Title 31 investigation are not return information under section 6103. In a “pure” Title 31 investigation, i.e., where no Title 26 related statute determination has been made, the information is subject to the disclosure rules found at 31 U.S.C. § 5319 et seq. When Title 31 has been determined to be a statute related to tax administration for Section 6103 purposes, the entirety of the information is covered by Section 6103 because it was received by the Secretary for the purpose of determining some individual’s liability or potential liability under the Code. <BR><BR> Sources:<BR> <A HREF="https://www.irs.gov/businesses/small-businesses-self-employed/bank-secrecy-act?_ga=1.236557633.1917067459.1472670897">IRS: Bank Secrecy Act</A><BR> <A HREF="https://www.irs.gov/irm/part4/irm_04-026-014.html">IRS: Bank Secrecy Act – Disclosure</A><BR> In 1997, the <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-105publ35/pdf/PLAW-105publ35.pdf">Taxpayer Browsing Protection Act</A> “amend[ed] the Internal Revenue Code of 1986 to prevent the unauthorized inspection of tax returns or tax return information</A><BR> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a741"> Regulations </button> <div id="b-a741" class="usa-accordion__content"> <p> <BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title26-vol20/pdf/CFR-2016-title26-vol20-part301.pdf">26 C.F.R. § 301.7216.1 See pages 556 – 558</A><BR> <A HREF="https://www.irs.gov/privacy-disclosure/tax-code-regulations-and-official-guidance">See also Internal Revenue Service Laws and Regulations</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a742"> Statutory Implementation Guidance </button> <div id="b-a742" class="usa-accordion__content"> <P><STRONG>U.S. Department of Treasury</STRONG></P> <P><A href="javascript:window.open('https://www.irs.gov/pub/irs-utl/revised_circular_230_6_-_2014.pdf')" title="(opens New Window)">Treasury Department Circular 230 (Revised 6-2014), Rules Governing Practice Before the Internal Revenue Service</A><BR> <P><STRONG><em>Internal Revenue Service (IRS)</em></STRONG></P> <A href="javascript:window.open('https://www.irs.gov/irb/2007-26_IRB/ar13.html')" title="(opens New Window)">Internal Revenue Procedure 2007-40, Internal Revenue Bulletin: 2007-26, Rev. Proc. 2007-40, June 25, 2007</A><BR> </P> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a743"> Supplemental Material </button> <div id="b-a743" class="usa-accordion__content"> <P><STRONG>U.S. Department of Treasury, Internal Revenue Service (IRS)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.irs.gov/pub/irs-pdf/p4639.pdf')" title="(opens New Window)">Disclosure & Privacy Law Reference Guide</A></LI> <LI><A href="https://www.irs.gov/tax-professionals/section-7216-frequently-asked-questions?_ga=1.29946495.1917067459.1472670897">Section 7216 Frequently Asked Questions</A></LI> <LI><A href="https://www.irs.gov/businesses/small-businesses-self-employed/bank-secrecy-act?_ga=1.236557633.1917067459.1472670897">Bank Secrecy Act</A></LI> </UL> </div> </LI> </li> </ul> </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div> <div id="J"> <p class="section_header">J</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Justice System Improvement Act of 1979</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap46.pdf')" title="(opens New Window)">42 U.S.C. § 3701 et seq</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap46-subchapVIII-sec3789g.pdf">42 U.S.C. § 3789(g) Confidentiality of information</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> As a Federal statistical agency that collects, analyzes, publishes, and disseminates a wide array of information on crime, criminal offenders, victims of crime, and the operation of justice systems at all levels of government, the Bureau of Justice Statistics (BJS) has taken aggressive measures to protect the privacy and confidentiality of individuals from whom they obtain information. BJS has procedures in place to ensure that information collected by BJS that is identifiable to a private person may only be used and/or revealed for the statistical or research-related purpose for which it is obtained. BJS has procedures in place to ensure that copies of such information shall not, without the consent of the person to whom the information pertains, be revealed to others who are not involved in the collection and analysis of the information. <BR><BR> Source: <A HREF="https://www.bjs.gov/content/dataquality/guidelines.cfm#guide1">Bureau of Justice Statistics Data Quality Guidelines</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a810"> Regulations </button> <div id="b-a810" class="usa-accordion__content"> <p> <BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2004-title28-vol1/pdf/CFR-2004-title28-vol1-part22.pdf">28 C.F.R. § 22</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a811"> Supplemental Material </button> <div id="b-a811" class="usa-accordion__content"> <UL> <LI><A href="javascript:window.open('https://www.bjs.gov/content/pub/pdf/BJS_Data_Protection_Guidelines.pdf')" title="(opens New Window)">BJS Data Protection Guidelines</A></LI> <LI><A href="https://www.bjs.gov/content/hscr.cfm">BJS Human Subjects/Confidentiality Requirements</A></LI> </UL> </div> </li> </ul> </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div>  <div id="N"> <p class="section_header">N</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">National Security Act of 1947</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap44.pdf')" title="(opens New Window)">50 U.S.C. § 3001 et seq</A></p> <A HREF="https://www.dni.gov/index.php/ic-legal-reference-book/national-security-act-of-1947">National Security Act of 1947</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> In the aftermath of World War II, the National Security Act provided a major reorganization of the U.S. defense and intelligence agencies. As amended, the Act provides “a comprehensive program for the future security of the United States” through the integration of the policies and procedures of U.S. military, intelligence, and national security agencies, and the coordination of national security policy. <BR><BR> Source: <A HREF="https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1280">National Security Act </A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a815"> Helpful Tips </button> <div id="b-a815" class="usa-accordion__content"> Sec. 103D. Civil Liberties Protection Officer. (<A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title50/pdf/USCODE-2014-title50-chap44-subchapI-sec3029.pdf">50 U.S.C. § 3029</A>) </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a816"> Executive Orders, Memoranda, and Directives </button> <div id="b-a816" class="usa-accordion__content"> <p> <UL> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2008-08-04/pdf/E8-17940.pdf">United States Intelligence Activities, Exec. Order No. 12333, Fed. Reg. Vol. 46, No. 59941 (Dec. 04, 1981), amended by Exec. Order </A></LI> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2005-10-27/pdf/05-21571.pdf">Further Strengthening the Sharing of Terrorism Information to Protect Americans, Exec. Order No. 13388, Fed. Reg. Vol. 70, No. 207 (Oct. 25, 2005)</A></LI> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf">OMB Memorandum M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sept. 2016)</A></LI> </UL> </p> </div> </li> </li> </ul> </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div>  <div id="P"> <p class="section_header">P</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Paperwork Reduction Act of 1995 (PRA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title44/pdf/USCODE-2014-title44-chap35.pdf')" title="(opens New Window)">44 U.S.C. Chapter 35 et seq</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The Paperwork Reduction Act (PRA), signed into law in 1980 and reauthorized in 1995, provides the statutory framework for the Federal government’s collection, use, and dissemination of information. The goals of the PRA include (1) minimizing paperwork and reporting burdens on the American public and (2) ensuring the maximum possible utility from the information that is collected. <BR><BR> In support of these goals, the PRA requires Federal agencies to take specific steps before requiring or requesting information from the public. These steps include (1) seeking public comment on proposed information collections and (2) submitting proposed collections for review and approval by the Office of Management and Budget (OMB). Within OMB, the Office of Information and Regulatory Affairs (OIRA) carries out the information collection review. <BR><BR> One of the purposes of the Paperwork Reduction Act is to “ensure that the creation, collection, maintenance, use, dissemination, and disposition of information by or for the Federal Government is consistent with applicable laws, including laws relating to (A) privacy and confidentiality, including section 552a of title 5; (B) security of information, including section 11332 of title 40; and (C) access to information, including section 552 of title 5.” 44 U.S.C. § 3501(8). <BR><BR> Source: <A HREF="https://www.reginfo.gov/public/jsp/Utilities/faq.jsp">Office of Information and Regulatory Affairs – Regulations and the Rule Making Process</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a840"> Helpful Tips </button> <div id="b-a840" class="usa-accordion__content"> The Paperwork Reduction Act was signed into law in 1980, reauthorized in 1995, and subsequently amended. </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a841"> Regulations </button> <div id="b-a841" class="usa-accordion__content"> <p> <BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title5-vol3/pdf/CFR-2016-title5-vol3-part1320.pdf">5 C.F.R. § 1320 </A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a842"> Executive Orders, Memoranda, and Directives </button> <div id="b-a842" class="usa-accordion__content"> <STRONG>Office of Management and Budget</STRONG> <UL> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf">OMB Circular No. A-130, Managing Information as a Strategic Resource (July 2016)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/inforeg/pra_flexibilities_memo_7_22_16_finalI.pdf">Flexibilities under the Paperwork Reduction Act for Compliance with Information Collection Requirements (July 2016)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/inforeg/memos/2015/behavioral-science-insights-and-federal-forms.pdf">Behavioral Science Insights and Federal Forms (Sept. 2015)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/inforeg/memos/2014/web-based-interactive-technologies-data-search-tools-calculators-paperwork-reduction-act.pdf">Web-based Interactive Technologies: Data Search Tools, Calculators, and the Paperwork Reduction Act (Sept. 2014)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/inforeg/memos/testing-and-simplifying-federal-forms.pdf">Testing and Simplifying Federal Forms (Aug. 2012)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/inforeg/memos/reducing-reporting-and-paperwork-burdens.pdf">Reducing Reporting and Paperwork Burdens (June 2012) </A></LI> <LI><A HREF="https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2011/m11-26.pdf">OMB Memorandum M-11-26, New Fast-Track Process for Collecting Service Delivery Feedback Under the Paperwork Reduction Act (June 2011)</A></LI> <LI><A HREF="https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2011/m11-07.pdf">OMB Memorandum M-11-07, Facilitating Scientific Research by Streamlining the Paperwork Reduction Act Process (Dec. 2010)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/inforeg/PRA_Gen_ICRs_5-28-2010.pdf">Paperwork Reduction Act – Generic Clearances (May 2010) </A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/inforeg/PRAPrimer_04072010.pdf">Information Collection under the Paperwork Reduction Act (Apr. 2010)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/inforeg/SocialMediaGuidance_04072010.pdf">Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act (Apr. 2010)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/statpolicy/standards_stat_surveys.pdf">Standards and Guidelines for Statistical Surveys (Sept. 2006) </A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/pmc_survey_guidance_2006.pdf">Guidance on Agency Survey and Statistical Information Collections (Jan. 2006)</A></LI> </UL> </div> </li> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Patient Safety and Quality Improvement Act of 2005 (PSQIA)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap6A-subchapVII-partC.pdf')" title="(opens New Window)">42 U.S.C. § 299b-21 – b-26 </A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-109publ41/pdf/PLAW-109publ41.pdf">Patient Safety and Quality Improvement Act of 2005 (Public Law 109-41).</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> The Patient Safety and Quality Improvement Act of 2005 (PSQIA) establishes a voluntary reporting system designed to enhance the data available to assess and resolve patient safety and health care quality issues. To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information, called patient safety work product. PSQIA authorizes the U.S. Department of Health and Human Services (HHS) to impose civil money penalties for violations of patient safety confidentiality. PSQIA also authorizes the Agency for Healthcare Research and Quality (AHRQ) to list patient safety organizations (PSOs). PSOs are the external experts that collect and review patient safety information. <BR><BR> Source: <A HREF="https://www.hhs.gov/hipaa/for-professionals/patient-safety/statute-and-rule/index.html">Health Information Privacy: Patient Safety and Quality Improvement Act of 2005 Statute and Rule</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a845"> Helpful Tips </button> <div id="b-a845" class="usa-accordion__content"> The PSQIA amends the Public Health Service Act (42 U.S.C. 299 et. seq.; Public Law No. 109-41) by inserting sections 921 through 926, <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap6A-subchapVII-partC.pdf">42 U.S.C. § 299b-21 through 299b-26</A>. The Patient Safety Rule implements select provisions of PSQIA. <BR><BR> Subpart C of the Patient Safety Rule establishes the confidentiality provisions and disclosure permissions for patient safety work product and the enforcement procedures for violations of confidentiality pursuant to section 922 of the statute. The U.S. Department of Health and Human Services, Office for Civil Rights enforces these confidentiality protections. <BR><BR> AHRQ lists patient safety organizations pursuant to section 924 of PSQIA and has responsibility for common formats and network of patient safety databases pursuant to section 923. <BR><BR> <I>Source:</I><A HREF="https://www.hhs.gov/hipaa/for-professionals/patient-safety/patient-safety-quality-improvement-act-2005/index.html">Health Information Privacy: Patient Safety and Quality Act of 2005 </A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a846"> Regulations </button> <div id="b-a846" class="usa-accordion__content"> <p> <A HREF="https://www.gpo.gov/fdsys/pkg/FR-2008-11-21/pdf/E8-27475.pdf">42 C.F.R. Part 3</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a847"> Implementation Guidance </button> <div id="b-a847" class="usa-accordion__content"> <P><STRONG>U.S. Department of Health and Human Services</STRONG></P> Office for Civil Rights <P><A href="javascript:window.open('javascript:window.open('https://www.gpo.gov/fdsys/pkg/FR-2016-05-24/pdf/2016-12312.pdf')" title="(opens New Window)">HHS Guidance Regarding Patient Safety Work Product and Providers’ External Obligations (May 2016)</A><BR> <A href="javascript:window.open('https://www.hhs.gov/sites/default/files/PSQIAFDA2guidance.pdf')" title="(opens New Window)">Guidance Regarding Patient Safety Organizations’ Reporting Obligations to the FDA (December 2010)</A><BR> </P> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a848"> Supplemental Material </button> <div id="b-a848" class="usa-accordion__content"> <P><STRONG>U.S. Department of Health and Human Services</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.hhs.gov/hipaa/for-professionals/patient-safety/index.html')" title="(opens New Window)">Understanding Patient Safety Confidentiality</A></LI> <LI><A href="https://www.hhs.gov/hipaa/for-professionals/patient-safety/guidance/index.html">Guidance for Patient Safety Rule</A></LI> </UL> </div> </li> </ul> <H2 id="privacy_act_of_1974" class="sub_section_header" style="text-underline: none;">Privacy Act of 1974 (Privacy Act)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title5/pdf/USCODE-2015-title5-partI-chap5-subchapII-sec552a.pdf')" title="(opens New Window)">5 U.S.C. § 552a</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The Privacy Act of 1974, 5 U.S.C. § 552a, establishes a code of fair information practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual. <BR><BR> The Privacy Act requires U.S. Government agencies give public notice of their systems of records by publication in the Federal Register. The Privacy Act prohibits the disclosure of a record about an individual from a system of records absent the written consent of the individual, unless the disclosure is pursuant to one of twelve statutory exceptions. The Act also provides individuals with a means by which to seek access to and amendment of their records, and sets forth various agency record-keeping requirements. <BR><BR> Source: <A HREF="https://www.justice.gov/opcl/privacy-act-1974">U.S. Department of Justice – Privacy Act of 1974</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a859"> Helpful Tips </button> <div id="b-a859" class="usa-accordion__content"> The Computer Matching and Privacy Protection Act of 1988 (Pub. Law 100-503), amended the Privacy Act to include provisions governing computer-matching activities – those provisions have been incorporated into the Privacy Act. <BR><BR> Section 7 of Public Law 93-579, regarding Social Security numbers was originally part of the Privacy Act, but was not codified; it may be found at §552a in the note section. Similarly, Sections 6 and 9 of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988, may also be found at §552a in the note section. </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a860"> Statutory Implementation Guidance </button> <div id="b-a860" class="usa-accordion__content"> <P><STRONG>Office of Management and Budget</STRONG></P> <UL> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A108/omb_circular_a-108.pdf">OMB Circular A-108, Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act (December 12, 2016)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/computer_amendments1991.pdf">Computer Matching and Privacy Protection Amendments of 1990 and the Privacy Act of 1974 )(56 FR 18599, April 23, 1991)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/inforeg/final_guidance_pl100-503.pdf">Final guidance Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988 (54 FR 25818, June 19, 1989)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/guidance_privacy_act.pdf">Guidance on Privacy Act Implications of “Call Detail” Programs (52 FR 12290, April 20, 1987) </A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/implementation1974.pdf">Implementation of the Privacy Act of 1974, Supplementary Guidance (40 FR 5674, November 21, 1975)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/implementation_guidelines.pdf">Privacy Act Implementation, Guidelines and Responsibilities (OMB) (40 FR 28948, July 9, 1975)</A></LI> </UL> </P> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a861"> Executive Orders, Memoranda, and Directives </button> <div id="b-a861" class="usa-accordion__content"> <p> <UL> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf">OMB Circular A-130, Managing Federal Information as a Strategic Resource (July 2016)</A></LI> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf">OMB Memorandum M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sept. 2016)</A></LI> <LI><A HREF="https://www.obamawhitehouse.gov/omb/memoranda_m01-05">OMB Memorandum M-01-05, Guidance on Inter-Agency Sharing of Personal Data – Protecting Personal Privacy (Dec. 2000)</A></LI> </UL> <B>OMB Memorandum for Privacy Act Officers of Departments and Agencies</B> <UL><LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/spotila62100.pdf">Status of Biennial Reporting Requirements under the Privacy Act and the Computer Matching and Privacy Protection Act (June 21, 2000) </A></LI></UL> <BR> <B>OMB Memorandum for Agency Chief Information Officers</B> <UL><LI><A HREF="https://www.obamawhitehouse.gov/omb/inforeg_datacall/">Biennial Privacy Act and Computer Matching Reports (June 1998)</A></LI></UL> <BR> <B>OMB Memorandum for the Chief Information Officers</B> <UL><LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/katzen_prwora.pdf">Privacy Act Responsibilities for Implementing the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 (November 3, 1997) </A></LI></UL> <BR> <B>OMB Memorandum for the Senior Agency Officials for Information Resources Management</B> <UL><LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/guidance1985.pdf">•Privacy Act Guidance — Update (May 24, 1985) </A></LI></UL> <BR> <B>OMB Memorandum M-83-11, Guidelines on the Relationship Between the Privacy Act of 1974 and the Debt Collection Act of 1982</B> <UL><LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/assets/omb/inforeg/guidance1983.pdf">Privacy Act Guidance — Update (May 24, 1985) </A></LI></UL> <BR> <B>OMB Memorandum to the Heads of Executive Departments and Establishments</B> <UL><LI><A HREF="https://www.obamawhitehouse.gov/sites/default/files/omb/inforeg/lynn1975.pdf">Congressional Inquiries which Entail Access to Personal Information Subject to the Privacy Act (October 3, 1975) </A></LI></UL> <BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a862"> Supplemental Material </button> <div id="b-a862" class="usa-accordion__content"> <A HREF="https://www.justice.gov/opcl/overview-privacy-act-1974-2015-edition">Overview of the Privacy Act of 1974, U.S. Department of Justice </A> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Protection of Pupil Rights Amendment (PPRA) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title20/pdf/USCODE-2015-title20-chap31-subchapIII-part4-sec1232h.pdf')" title="(opens New Window)">20 U.S.C. § 1232h</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The PPRA applies to the programs and activities of a State educational agency (SEA), local educational agency (LEA), or other recipient of funds under any program funded by the U.S. Department of Education. It governs the administration to students of a survey, analysis, or evaluation that concerns one or more of the following eight protected areas: <UL> <LI>political affiliations or beliefs of the student or the student’s parent;</LI> <LI>mental or psychological problems of the student or the student’s family;</LI> <LI>sex behavior or attitudes;</LI> <LI>illegal, anti-social, self-incriminating, or demeaning behavior;</LI> <LI>critical appraisals of other individuals with whom respondents have close family relationships;</LI> <LI>legally recognized privileged or analogous relationships, such as those of lawyers, physicians, and ministers; </LI> <LI>religious practices, affiliations, or beliefs of the student or student’s parent; or,</LI> <LI>income (other than that required by law to determine eligibility for participation in a program or for receiving financial assistance under such program).</LI> </UL> <BR> PPRA also concerns marketing surveys and other areas of student privacy, parental access to information, and the administration of certain physical examinations to minors. The rights under PPRA transfer from the parents to a student who is 18 years old or an emancipated minor under State law. <BR><BR> Source: <A HREF="https://studentprivacy.ed.gov/faq/what-protection-pupil-rights-amendment-ppra">Family Policy Compliance Office: Protection of Pupil Rights Amendment (PPRA)</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a890"> Helpful Tips </button> <div id="b-a890" class="usa-accordion__content"> PPRA may also be known as Section 445 of the General Education Provisions Act. <BR> Source: <A HREF="https://oese.ed.gov/gepa/#:~:text=Section%20427%20of%20the%20General%20Education%20Provisions%20Act%20(GEPA)%20requires,the%20Federally%2Dassisted%20program%20by">U.S. Department of Education: General Education Provisions Act</A> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a891"> Regulations </button> <div id="b-a891" class="usa-accordion__content"> <p> <BR> <A HREF="https://www.gpo.gov/fdsys/pkg/CFR-2016-title34-vol1/pdf/CFR-2016-title34-vol1-part98.pdf">34 C.F.R. Part 98</A><BR> </p> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a892"> Supplemental Material </button> <div id="b-a892" class="usa-accordion__content"> <UL> <LI><A HREF="https://www.ed.gov/category/keyword/family-policy-compliance-office-fpco">Department of Education’s Family Policy Compliance Office</A></LI> <LI><A HREF="https://studentprivacy.ed.gov/">Department of Education’s Privacy Technical Assistance Center</A></LI> <LI><A HREF="https://studentprivacy.ed.gov/resources/protecting-student-privacy-while-using-online-educational-services-requirements-and-best">Protecting Student Privacy While Using Online Educational Services: Requirements and Best Practices</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Public Health Service Act (Certificates of Confidentiality)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap6A.pdf')" title="(opens New Window)" aria-label="USCODE-2015-title42-chap6A">42 U.S.C. Ch. 6A</A></p> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2015-title42/pdf/USCODE-2015-title42-chap6A-subchapII-partA-sec241.pdf">42 U.S.C. § 241(d) Protection of privacy of individuals who are research subjects</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> Under section 301(d) of the Public Health Service Act (42 U.S.C. § 241(d)), the Secretary of the U.S. Department of Health and Human Services may authorize persons engaged in biomedical, behavioral, clinical, or other research to protect the privacy of individuals who are the subjects of that research. This authority has been delegated to the National Institutes of Health (NIH). Persons authorized by the NIH to protect the privacy of research subjects may not be compelled in any Federal, State, or local civil, criminal, administrative, legislative, or other proceedings to identify them by name or other identifying characteristic. <BR><BR> Source: <A HREF="https://humansubjects.nih.gov/coc/background">Certificates of Confidentiality Background</A><BR> </P> </DIV> <H2 class="sub_section_header" style="text-underline: none;">Public Health Service Act (Confidentiality of Health Statistics) </H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/USCODE-2014-title42/pdf/USCODE-2014-title42-chap6A.pdf')" title="(opens New Window)">42 U.S.C. Ch. 6A</A></p> <I>See also:</I> <A HREF="https://www.gpo.gov/fdsys/pkg/USCODE-2014-title42/pdf/USCODE-2014-title42-chap6A-subchapII-partA-sec242m.pdf">42 U.S.C. § 242m(d)</A><BR> <I>See also:</I> <A HREF="https://www.cdc.gov/rdc/Data/b4/section308.pdf">Section 308(d) of the Public Health Service Act</A><BR> <h3><STRONG>Overview</STRONG></h3> <P> The Public Health Service Act, 42 U.S.C. Ch. 6A, provision regarding the confidentiality of health statistics prohibits the National Center for Health Statistics (NCHS) from using any personal information for any purpose other than what was described to survey participants and from sharing that information with anyone not clearly mentioned to them. This provision enables NCHS to assure respondents strict confidentiality. <BR><BR> Source: <A HREF="https://www.cdc.gov/nchs/about/policy/confidentiality.htm">How NCHS Protects Your Privacy</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a905"> Supplemental Material </button> <div id="b-a905" class="usa-accordion__content"> <UL> <LI><A HREF="https://www.cdc.gov/nchs/about/policy/confidentiality.htm">How NCHS Protects Your Privacy: Confidentiality and Security of Information Collected by The National Center for Health Statistics</A></LI> <LI><A HREF="https://www.cdc.gov/nchs/data/misc/staffmanual2004.pdf">NCHS Staff Manual on Confidentiality</A></LI> </UL> </div> </li> </ul> </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div>  <div id="U"> <p class="section_header">U</p> <hr> <H2 class="sub_section_header" style="text-underline: none;">Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015 (USA FREEDOM Act)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/PLAW-114publ23/pdf/PLAW-114publ23.pdf')" title="(opens New Window)">Pub.L. 114-23, 129 Stat. 268</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The ‘‘Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2015’’ or the ‘‘USA FREEDOM Act of 2015’’ was enacted “to reform the authorities of the Federal Government to require the production of certain business records [e.g., call detail records], conduct electronic surveillance, use pen registers and trap and trace devices, and use other forms of information gathering for foreign intelligence, counterterrorism, and criminal purposes, and for other purposes.” <BR><BR> Source: <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-114publ23/pdf/PLAW-114publ23.pdf">Pub.L. 114-23, 129 Stat. 268</A><BR> </P> </DIV> <ul class="usa-accordion usa-accordion--bordered">  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a575"> Helpful Tips </button> <div id="b-a575" class="usa-accordion__content"> <A HREF="https://www.congress.gov/bill/114th-congress/house-bill/2048/text">The USA FREEDOM Act</A> was enacted June 2, 2015, amending the Foreign Intelligence Surveillance Act of 1978 (FISA). <BR><BR> <UL> <LI>TITLE I—FISA Business Records Reforms</LI> <LI>TITLE II— FISA Pen Register and Trap and Trace Device Reform</LI> <LI>TITLE III— FISA Acquisitions Targeting Persons outside the United States</LI> <LI>TITLE IV— Foreign Intelligence Court Reforms</LI> <LI>TITLE V— National Security Letter Reform</LI> <LI>TITLE VI— FISA Transparency and Reporting Requirements</LI> <LI>TITLE VII— Enhanced National Security Provisions</LI> <LI>TITLE VIII— Safety of Maritime Navigation and Nuclear Terrorism Conventions Implementation</LI> </UL> </div> </li>  <li> <button class="usa-accordion__button" aria-expanded="false" aria-controls="b-a576"> Supplemental Material </button> <div id="b-a576" class="usa-accordion__content"> <P><STRONG>Loretta E. Lynch, Attorney General of the United States</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.nsa.gov/about/civil-liberties/reports/assets/files/UFA_SMPs_Nov_2015.pdf')" title="(opens New Window)">“Minimization Procedures Used by the National Security Agency in connection with the Production of Call Detail Records Pursuant to Section 501 of the Foreign Intelligence Surveillance Act, as amended,” November 24, 2015</A></LI> </UL> <P><STRONG>National Security Agency (NSA) Civil Liberties and Privacy Office</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.nsa.gov/about/civil-liberties/reports/assets/files/UFA_Civil_Liberties_and_Privacy_Report.pdf')" title="(opens New Window)">Transparency Report: The USA FREEDOM Act Business Records FISA Implementation, January 15, 2016 </A></LI> </UL> <P><STRONG>Privacy and Civil Liberties Oversight Board (PCLOB)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.pclob.gov/library/Recommendations_Assessment_Report_20160205.pdf')" title="(opens New Window)">Recommendations Assessment Report, February 5, 2016</A></LI> </UL> <P><STRONG>U.S. Department of Justice, Federal Bureau of Investigation (FBI)</STRONG></P> <UL> <LI><A href="javascript:window.open('https://www.fbi.gov/file-repository/nsl-ndp-procedures.pdf')" title="(opens New Window)">Termination Procedures for National Security Letter Nondisclosure Requirement, November 24, 2015</A></LI> </UL> <P><STRONG>Director of the Administrative Office of the U.S. Courts</STRONG></P> <UL> <LI><A href="javascript:window.open('http://www.uscourts.gov/statistics-reports/analysis-reports/directors-report-foreign-intelligence-surveillance-courts')" title="(opens New Window)">•Report of the Director of the Administrative Office of the U.S. Courts on Activities of the Foreign Intelligence Surveillance Courts for 2015</A></LI> </UL> </div> </li> </ul> <H2 class="sub_section_header" style="text-underline: none;">Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)</H2> <DIV class="content"> <p class="text-bold"><A href="javascript:window.open('https://www.gpo.gov/fdsys/pkg/PLAW-107publ56/pdf/PLAW-107publ56.pdf')" title="(opens New Window)">Public Law 107-56</A></p> <h3><STRONG>Overview</STRONG></h3> <P> The USA PATRIOT Act was enacted in response to the attacks of September 11, 2001, and became law less than two months after those attacks. <A HREF="https://www.gpo.gov/fdsys/pkg/PLAW-107publ56/pdf/PLAW-107publ56.pdf">The Act</A> comprises ten categories, called “titles.” <UL> <LI>TITLE I—Enhancing Domestic Security against Terrorism</LI> <LI>TITLE II—Enhanced Surveillance Procedures</LI> <LI>TITLE III—International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001</LI> <LI>TITLE IV— Protecting the Border</LI> <LI>TITLE V— Removing Obstacles to Investigating Terrorism</LI> <LI>TITLE VI— Providing for Victims of Terrorism, Public Safety Officers, and their Families</LI> <LI>TITLE VII— Increased Information Sharing for Critical Infrastructure Protection</LI> <LI>TITLE VIII— Strengthening the Criminal Laws against Terrorism</LI> <LI>TITLE IX— Improved Intelligence</LI> <LI>TITLE X— Miscellaneous</LI> </UL> Source: <A HREF="https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1281">Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001</A> </P> </DIV> <div class="usa-accordion"> <button class="usa-accordion__button" aria-expanded="false" aria-controls="a1"> Helpful Tips </button> </h2> <div id="a1" class="usa-accordion__content usa-prose"> The USA PATRIOT Act modified many major U.S. intelligence, communications, and privacy laws, including: The Electronic Communications Privacy Act (EPCA ), which modifies Title III of the Omnibus Crime Control and Safe Streets Act (the Wiretap Act ); the Foreign Intelligence Surveillance Act of 1978 (FISA); and the Communications Act of 1934. The USA PATRIOT Act has been reauthorized and amended several times since its initial enactment. <BR><BR> <UL> The USA PATRIOT Improvement and Reauthorization Act of 2005, Pub. L. No. 109-177 The reauthorizing legislation made permanent 14 of the 16 sunsetted USA PATRIOT Act provisions and placed four-year sunsets on the other two—the authority to conduct “roving” surveillance under the Foreign Intelligence Surveillance Act (FISA) and the authority to request production of business records under FISA (USA PATRIOT Act sections 206 and 215, respectively). </UL> <BR> Among the 14 USA PATRIOT Act provisions made permanent are: <UL> <LI>Facilitating enhanced information-sharing and coordination between national security and law enforcement personnel.</LI> <LI>Adding certain chemical weapons offenses, international terrorism, nuclear and weapons of mass destruction threats, and computer espionage offenses to the list of wiretap predicates.</LI> <LI>Allowing Internet Service Providers to disclose customer records voluntarily to the government in emergencies involving an immediate risk of death or serious physical injury.</LI> <LI>Permitting victims of computer trespass (hacking) crimes to request law enforcement assistance in monitoring trespassers on their computers.</LI> </UL> Source: <A HREF="https://www.justice.gov/archive/opa/pr/2006/March/06_opa_113.html">Fact Sheet: USA Patriot Act Improvement And Reauthorization Act of 2005 (Department of Justice)</A> <BR> <UL> <LI> The USA PATRIOT Act Additional Reauthorization Amendments Act of 2006, Pub. L. No. 109-178, was written to clarify that individuals who receive FISA orders can challenge nondisclosure requirements; that individuals who receive national security letters are not required to disclose the name of their attorney; and that libraries are not wire or electronic communication service providers unless they provide specific services. </LI> </UL> Source: S. 2271, 112th Congress, Second Session <BR> <UL> <LI> The PATRIOT Sunsets Extension Act of 2011, Pub. L. No. 112-14, amended the USA PATRIOT Improvement and Reauthorization Act of 2005 to extend until June 1, 2015, provisions concerning roving electronic surveillance orders, requests for the production of business records and other tangible things; and amended the Intelligence Reform and Terrorism Prevention Act of 2004 to extend until June 1, 2015, a provision revising the definition of an “agent of a foreign power” to include any non-U.S. person who engages in international terrorism or preparatory activities (the “lone wolf” provision). </LI> </UL> Source: Justice Information Sharing, USA PATRIOT Act <BR> <UL> <LI> On June 2, 2015, Congress passed and the President signed the USA FREEDOM Act of 2015, Pub. L. No. 114-23. The Act reauthorized several important national security authorities; banned bulk collection under Section 215 of the USA PATRIOT Act, under the pen register and trap and trace provisions found in Title IV of Foreign Intelligence Surveillance Act (FISA), or pursuant to National Security Letters; adopted the new legal mechanism proposed by the President regarding the targeted production of telephony metadata; made significant modifications to proceedings before the FISC; and built on the U.S. Government’s unprecedented transparency about intelligence activities. </LI> </UL> Source: Transition to New Telephone Metadata Program (ODNI) </div> <button class="usa-accordion__button" aria-expanded="false" aria-controls="a2"> Executive Orders, Memoranda, and Directives </button> </h2> <div id="a2" class="usa-accordion__content usa-prose"> <UL> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2008-08-04/pdf/E8-17940.pdf">United States Intelligence Activities, Exec. Order No. 12333 (46 FR 59941, Dec. 08, 1981), amended by Exec. Order 13284 (68 FR 4057, Jan. 28, 2003), Exec. Order 13355 (69 FR 53593, Sept. 1, 2004), and Exec. Order 13470 (73 FR 45325, Aug. 4, 2008)</A></LI> <LI><A HREF="https://www.gpo.gov/fdsys/pkg/FR-2005-10-27/pdf/05-21571.pdf">Further Strengthening the Sharing of Terrorism Information to Protect Americans, Exec. Order No. 13388 (70 FR 62023, Oct. 27, 2005)</A></LI> <LI><A HREF="https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/memoranda/2016/m_16_24_0.pdf">OMB Memorandum M-16-24, Role and Designation of Senior Agency Officials for Privacy (Sept. 2016)</A></LI> </UL> </div> </div>      </div> <div align="right" style="border:1px solid #FFFFFF;"> <BR><A HREF="#back-to-top">Back to top</A> </div>    </section> </div> </div> </div> </section> <footer class="usa-footer usa-footer--big"> <div class="grid-container usa-footer__return-to-top"> <div class="grid-row flex-align-start flex-justify"> <a href="#" class="usa-button usa-button--outline border-0" style="text-decoration: none;">Return to top</a>  </div> </div> <div class="usa-footer__primary-section padding-y-5"> <div class="grid-container"> <div class="grid-row grid-gap"> <div class="tablet:grid-col-12"> <nav class="usa-footer__nav" aria-label="Footer navigation"> <div class="grid-row grid-gap-4"> <div class="mobile-lg:grid-col-6 desktop:grid-col-4"> <section class="usa-footer__primary-content"> <ul class="usa-list usa-list--unstyled padding-y-2"> <li class="usa-footer__secondary-link"><a href="https://www.cio.gov">Federal <abbr title="Chief Information Officers">CIO</abbr> Council</a></li> <li class="usa-footer__secondary-link"><a href="https://www.performance.gov/pic/" ><abbr title="Performance Improvement Council">Perf. Improvement Council</abbr></a></li> <li class="usa-footer__secondary-link"><a href="https://www.cdo.gov">Federal <abbr title="Chief Data Officer">CDO</abbr> Council</a></li> <li class="usa-footer__secondary-link"><a href="https://www.evaluation.gov/">Evaluation Officer Council</a></li> </ul> </section> </div> <div class="mobile-lg:grid-col-6 desktop:grid-col-4"> <section class="usa-footer__primary-content"> <ul class="usa-list usa-list--unstyled padding-y-2"> <li class="usa-footer__secondary-link"><a href="https://www.cfo.gov">Federal <abbr title="Chief Financial Officers">CFO</abbr> Council</a></li> <li class="usa-footer__secondary-link"><a href="https://www.chcoc.gov/">Federal <abbr title="Chief Human Capital Officers">CHCO</abbr> Council</a></li> <li class="usa-footer__secondary-link"><a href="https://www.acquisition.gov/cao-home">Federal <abbr title="Chief Acquisition Officers">CAO</abbr> Council</a></li> </ul> </section> </div> <div class="mobile-lg:grid-col-6 desktop:grid-col-4"> <section class="usa-footer__primary-content"> <ul class="usa-list usa-list--unstyled padding-y-2"> <li class="usa-footer__secondary-link"><a href="/privacy-policy/">Privacy Statement</a></li> <li class="usa-footer__secondary-link"><a href="/accessibility-policy/">Accessibility Policy</a></li> <li class="usa-footer__secondary-link"><a href="mailto:privacy.council@gsa.gov">Contact Us</a></li> <li class="usa-footer__secondary-link"><a href="/about-this-site/">About this Site</a></li> </ul> </section> </div> </div> </nav> </div> </div> </div> </div> <div id="ogp-identifier" class="usa-identifier"> <section class="usa-identifier__section usa-identifier__section--masthead" aria-label="Agency identifier," > <div class="usa-identifier__container"> <div class="usa-identifier__logos"> <a href="https://www.whitehouse.gov/omb/" class="usa-identifier__logo"> <img class="usa-identifier__logo-img" src="/assets/img/logo-omb.png" alt="Office of Management and Budget Logo"> </a> </div> <div class="usa-identifier__identity" aria-label="Agency description"> <p class="usa-identifier__identity-domain">FPC.gov</p> <p class="usa-identifier__identity-disclaimer"> An Official website of the Federal Government</a> </p> </div> </div> </section> <nav class="usa-identifier__section usa-identifier__section--required-links" aria-label="Important links,," > <div class="usa-identifier__container"> <ul class="usa-identifier__required-links-list"> <li class="usa-identifier__required-links-item"> <a href="https://www.whitehouse.gov/omb/" class="usa-identifier__required-link usa-link">About OMB</a> </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/website-information/accessibility-statement" class="usa-identifier__required-link usa-link">Accessibility support</a> </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/reference/freedom-of-information-act-foia" class="usa-identifier__required-link usa-link">FOIA requests</a> </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/reference/civil-rights-programs/the-no-fear-act" class="usa-identifier__required-link usa-link">No FEAR Act data</a> </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsaig.gov/" class="usa-identifier__required-link usa-link">Office of the Inspector General</a> </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/reference/reports/budget-and-performance" class="usa-identifier__required-link usa-link">Performance reports</a> </li> <li class="usa-identifier__required-links-item"> <a href="https://www.gsa.gov/website-information/website-policies" class="usa-identifier__required-link usa-link">Privacy policy</a> </li> </ul> </div> </nav> <section class="usa-identifier__section usa-identifier__section--usagov" aria-label="U.S. government information and services,," > <div class="usa-identifier__container"> <div class="usa-identifier__usagov-description"> Looking for U.S. government information and services? </div> <a href="https://www.usa.gov/" class="usa-link">Visit USA.gov</a> </div> </section> </div> </footer> <script src="/assets/js/jquery.min.js"></script>  <script id="_fed_an_ua_tag" src="https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=GSA" ></script> <script src="/assets/js/uswds.min.js?1741629889353866212"></script> <script src="/assets/js/app.js?1741629889353866212"></script> </body> </html>

CINXE.COM

Law Library | FPC.gov