Skip to Content

Privacy Act of 1974

Privacy and Confidentiality
Security of Health Information

Privacy Act of 1974


The Privacy Act of 1974 protects information about individuals, such as patients and practitioners, held by or collected by the federal government that can be retrieved by personal identifiers such as name, social security number, or other identifying number or symbol. The Privacy Act authorizes a federal agency to release individually identifiable information to identified persons or to their designees with written consent or pursuant to one of twelve exemptions for disclosure.1

The broadest of the twelve exemptions, the “Routine Use” disclosure, authorizes federal agencies to release individually identifiable information pursuant to a System of Records (SOR) and Routine Uses.2 A SOR is a group of any records under the control of a federal agency from which information is retrieved by the name of the individual or by a particular identifier.  When a federal agency establishes or substantially revises an SOR that contains individually identifiable information, the Privacy Act of 1974 requires the agency to publish a notice of a system of records (SORN or “notice”) in the Federal Register, and to submit a report about the new or amended system to OMB and Congress for approval. The Privacy Act is implemented and maintained by the Department of Justice. 


Current View


  • 1. Privacy Act of 1974, Pub. L. No. 93-579, § 3, 88 Stat. 1896, 1896 (codified as amended at 5 U.S.C. § 552a (2006)).
  • 2. Id.