In compliance with OMB guidance and other requirements, HHS routinely provides privacy compliance reports that define the framework for how the agencies meet requirements of the Privacy Act of 1974 and other policies.
These include reports to OMB and Congress:
Privacy Impact Assessments as required by Section 208 of the E-Government Act (https://www.hhs.gov/pia)
New or Altered Privacy Act System of Records Reports (https://hhs.gov/foia/privacy/sorns.html
New, Altered, or Renewed Matching Program Reports (available through the Federal Register)
Executive Order 13636 Privacy and Civil Liberties Assessments (https://www.dhs.gov/publication/executive-order-13636-privacy-civil-liberties-assessment-report-2016)
Health Insurance Portability and Accountability Act Compliance Report to Congress (https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/reports-congress/index.html)