U.S. flag An official website of the United States government
  1. Home
  2. Regulatory Information
  3. Freedom of Information
  4. Privacy Act
  1. Freedom of Information

FDA is pleased to provide the following materials regarding the Agency's privacy program.

How to Make a Privacy Act Request
Privacy Program Resources
Privacy Impact Assessments (PIAs)
Privacy Act Records & Applicable System of Records Notices (SORNs)
FDA Systems Containing Privacy Act Records & Applicable System of Records Notices (SORNs)
FDA Privacy Act Systems of Records Notices (SORNs)
Department of Health and Human Services (HHS) SORNs
Rescinded FDA SORNs
Government-Wide SORNs
FDA Exempt Systems

 

How to Make a Privacy Act Request

Please see the FDA's Privacy Regulations for a detailed description on how to submit a Privacy Act Request.

Privacy Program Resources

FDA Privacy Act Systems of Records Notices (SORNs)

Government-Wide SORNs

Department of Health and Human Services (HHS) SORNs

Privacy Impact Assessments (PIAs)

A PIA is a decision-making tool used to identify and mitigate privacy risks at the beginning of and throughout the development life cycle of a program or system. It helps the public understand what personally identifiable Information (PII) the Department is collecting, why it is being collected, and how it will be used, shared, accessed, secured and stored.

Approved PIAS are published on the HHS Privacy Impact Assessment.

Approved Third-Party Website and Applications PIAs are published on the HHS Privacy Impact Assessment.

Privacy Act Records & Applicable System of Records Notices (SORNs)

Privacy Act Systems of Records Notices (SORNs) describe government records subject to the Privacy Act, relevant use and disclosure practices, and record access and amendment procedures. The Privacy Act requires agencies to publish SORNs in the Federal Register and make them available online. SORNs specific to FDA records that are subject to the Privacy Act are listed below.

FDA also maintains Privacy Act records covered by SORNs published by the Department of Health and Human Services (HHS) or other federal agencies and which are, respectively, HHS-wide and/or government-wide in scope. These SORNs address information collection activities that are common within HHS and across government (e.g., human resources records, for which publication of individual agency SORNs would be duplicative). SORNs for HHS systems are available online at http://www.hhs.gov/foia/privacy/sorns.html. Likewise, SORNs published by agencies outside HHS and which apply to records across the federal government are available line at http://dpclo.defense.gov/Privacy/SORNsIndex/GovernmentWideNotices.aspx. HHS-wide and government-wide SORNs that apply to FDA records are listed below.

In a June 27, 2014 Federal Register Notice FDA added certain standard “routine uses” to the Agency’s remaining SORNs. These added routine uses provide for appropriate disclosures of records to contract employees, to recordkeeping authorities, to law enforcement authorities when a record indicates a violation of law, to the U.S. Department of Justice in the course of obtaining Freedom of Information Act guidance, and to relevant offices and organizations in the course of responding to security breaches. These routine uses are described in more detail in the June 27, 2014 Notice available online at http://www.gpo.gov/fdsys/pkg/FR-2014-06-27/pdf/2014-15022.pdf.

FDA Systems Containing Privacy Act Records & Applicable System of Records Notices (SORNs)

The following FDA systems contain Privacy Act records. The list cites the FDA, HHS and/or Government-wide SORNs that apply to each system. Those SORNs are listed in another section below which links to the full content of each SORN.

CBER
  • CBER Regulatory Management Integrated Quality System. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • CBER Regulatory Management User Identity and Access Management. SORN OPM/GOVT-1, General Personnel Records, OPM
 
CDER
  • CDER Regulatory Review: Clinical Information System (CIS). SORN 09-10-0010, Bioresearch Monitoring Information System, HHS/FDA.
CDRH
  • CDRH Pathlore Learning Management System (LMS). SORN OPM/GOVT-1, General Personnel Records, OPM.
 
CTP
  • CTP Call Center System. SORNs OPM/GOVT-1, General Personnel Records, OPM and OPM/GOVT-2, Employee Performance File System Records.
  • CTP Stakeholder Relationship Management System (SRMS). SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC and 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
  • CTP Exchange Lab. SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
  • CTP FOIAXPress. SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals.
OC
  • OC AdminApps: Communications Applications – Correspondence. SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
  • OC AdminApps: Communications Applications – Records and Case Management. SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
  • OC AdminApps: EASE and Associated Applications – Enterprise Administrative Support Environment (EASE). SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps: EASE and Associated Applications – eArrive. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps: EASE and Associated Applications – eDepart. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps: EASE and Associated Applications – Security. SORN OPM/GOVT-1, General Personnel Records, OPM and SORN 09-90-0777, Facility and Resource Access Control Records, HHS.
  • OC AdminApps: Ethics Applications – Ethics. SORN 09-90-0008, Conflict of Interest Records, HHS/OS/ASPER and SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps: FDA Advisory Committee Tracking and Reporting Systems (FACTRS). SORN 09-90-0059, Federal Advisory Committee Membership Files, HHS/OS/ASPER.
  • OC AdminApps: Freedom of Information Related Systems – Freedom of Information (FOI). SORN 09-90-0058, Tracking Records and Case Files for FOIA and Privacy Act Requests and Appeals.
  • OC AdminApps: Freedom of Information Related Systems – FOI Invoicing. SORN 09-40-0012, Debt Management and Collection System, HHS/PSC/FMS and SORN 09-90-0024, HHS Financial Management System Records.
  • OC AdminApps: Master PIA – Awards. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps: Office of International Programs Travel Applications - International Travel Management. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC AdminApps: Special and Permanent Employment – Career Profiles. SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM.
  • OC AdminApps: Special and Permanent Employment – Traineeship. SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM.
  • OC AdminApps: Special and Permanent Employment – OCC Applicant Reviewer. SORN OPM/GOVT-5, Recruiting, Examining, and Placement Records, OPM.
  • OC Automated External Defibrillation (AED) Rescue One Program Manager. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC Compliance Training System. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • OC Consolidated Infrastructure (CI) - Enterprise Identification and Authentication (EIA). SORN 09-90-0777, Facility and Resource Access Control Records, HHS.
  • OC CI Physical and Personnel Security System (PPSS). SORN 09-10-0018, Employee Identification Card Information Records, HHS/FDA/OC and SORN 09-90-0777, Facility and Resource Access Control Records, HHS.
  • OC CI - Unified Communication Services (UCS). SORN 09-90-1901, HHS Correspondence, Customer Service, and Contact List Records.
  • OC Employee Invention Report. SORN 09-90-0067, Invention, Patent, and Licensing Documents Related to Inventions By Public Health Service Employees, Grantees, Fellowship Recipients, and Contractors.
  • OC EntelliTrak (OEEO). SORN 09-90-0009, Discrimination Complaints Records, HHS/OS/ASPER.
  • OC iComplaints. SORN 09-90-0009, Discrimination Complaints Records, HHS/OS/ASPER and SORN EEOC/GOVT-1, Equal Employment Opportunity in the Federal Government Complaint and Appeal Records, EEOC.
  • OC ServiceNow. SORNs OPM/GOVT-1, General Personnel Records; 09-90-0024, Financial Transactions of HHS Accounting and Finance Office; and 09-90-0777, Facility and Resource Access Control Records.
  • OC User Fees System. SORN 09-10-0021, FDA User Fee System, HHS/FDA.
ORA
  • ORA Office of Criminal Investigations (OCI) Automated Investigative Management System (AIMS) – Administrative records system. SORN OPM/GOVT-1, General Personnel Records, OPM.
  • ORA OCI Automated Investigative Management System (AIMS) – Investigative records system. SORN 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA/OC and SORN 09-10-0013, Employee Conduct Investigative Records, HHS/FDA/OM.
  • ORA OCI Digital Acquisition Reporting System (DARS). SORNs 09-10-0002, Regulated Industry Employee Enforcement Records, HHS/FDA and 09-10-0013, Employee Conduct Investigative Records, HHS/FDA.
  • ORA Pathlore. SORN OPM/GOVT-1, General Personnel Records, OPM.

Rescinded FDA SORNs

On January 16, 2020, National Institutes of Health (NIH) published a SORN to reflect that records are now maintained by NIH, FDA and the Centers for Disease Control and Prevention, SORN 09-90-0067, (85 FR 2747). The notice also deleted the following SORN: https://www.govinfo.gov/content/pkg/FR-2020-01-16/pdf/2020-00633.pdf

  • Invention, Patent, and Licensing Documents Submitted to the Public Health Service by its Employees, Grantees, Fellowship Recipients, and Contractors, HHS/NIH/OD, 09-25-0168.

On December 8, 2014, FDA published a SORN for records regarding FDA Commissioning of State and Local Officials, HHS/FDA/ORA, System No. 09-10-0022 (79 FR 72687). This notice also deleted the following SORN which was rendered obsolete: http://www.gpo.gov/fdsys/pkg/FR-2014-12-08/pdf/2014-28634.pdf

On June 27, 2014 FDA deleted the following four System of Records Notices for record systems no longer in use. The Federal Register Notice of this deletion is available online at http://www.gpo.gov/fdsys/pkg/FR-2014-06-27/pdf/2014-15022.pdf.

  • Science Advisor Research Associate Program, HHS/FDA/ORA, System No. 09–10–0007. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52146).
  • Radiation Protection Program Personnel Monitoring System, HHS/FDA/CDRH, System No. 09–10–0008. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52147) and published as revised with updated system location and manager information, December 31, 1992 (57 FR 62828 at 62829).
  • Certified Retort Operators, HHS/FDA/CFSAN, System No. 09–10–0011. First published in the Federal Register, September 29, 1977 (42 FR 51922 at 52148) and published as revised with minor changes, December 29, 1993 (58 FR 69056).
  • Epidemiological Research Studies of the Center for Devices and Radiological Health, HHS/FDA/CDRH, System No. 09–10–0017. First published in the Federal Register, May 29, 1979 (44 FR 30765 at 30766) and republished with minor changes in December 28, 1994 (59 FR 67087).

FDA Exempt Systems

Federal Register notices regarding the exemptions for the first three systems listed below are available online: Notice of Proposed Rulemaking (40 FR 41140) and Final Rule (40 FR 47406). For SORN 09-10-0020, the Proposed Rule is available here and the Final Rule is available here.