As required by The Privacy Act, HHS publishes SORNs to provide public notice of the records it maintains about individuals which are retrieved by personal identifier. Each SORN describes:
- The types of information contained in the records.
- The legal authority for collecting and maintaining the records.
- How the records are used within HHS.
- The purposes (referred to as "routine uses") for which HHS may disclose the records to non-HHS parties without the individual record subject's consent.
SORNs also indicate whether any records are exempt from certain Privacy Act requirements. Only certain types of records, described in subsections (j) and (k) of the Privacy Act, can be exempted. Exemptions require a rulemaking and are not effective until published in a Final Rule.
For more information about systems of records and exemptions, see OMB Circular A-108 (Dec. 2016).
- Government-wide SORNs cover records (usually, administrative or personnel records) about individuals, retrieved by personal identifier, that are governed by the regulations of one federal agency but in the custody of multiple federal agencies. The agency that has regulatory authority over the records publishes the SORN.
- HHS Exempt SORNs
- HHS Non-Exempt SORNs
- Office of the Secretary (OS) SORNs (Note that many OS SORNs are department-wide.)
- Administration for Children and Families (ACF) SORNs
- Administration for Strategic Preparedness and Response (ASPR) SORNs
- Agency for Healthcare Research and Quality (AHRQ) SORNs
- Centers for Disease Control and Prevention (CDC) SORNs
- Centers for Medicare & Medicaid Services (CMS) SORNs
- Food and Drug Administration (FDA) SORNs
- Health Resources and Services Administration (HRSA) SORNs
- Indian Health Service (IHS) SORNs
- National Institutes of Health (NIH) SORNs
- Substance Abuse and Mental Health Services Administration (SAMHSA) SORNs
- HHS SORNs Rescinded or Pending Rescission