The Privacy Act of 1974, as amended at 5 U.S.C. 552a, protects records that can be retrieved by personal identifiers such as a name, social security number, or other identifying number or symbol. An individual is entitled to access to his or her records and to request correction of these records if applicable.

The Privacy Act prohibits disclosure of these records without written individual consent unless one of the twelve disclosure exceptions enumerated in the Act applies. These records are held in Privacy Act systems of records. A notice of any such system is published in the Federal Register. These notices identify the legal authority for collecting and storing the records, individuals about whom records will be collected, what kinds of information will be collected, and how the records will be used.

As with the Freedom of Information Act (FOIA), the Privacy Act binds only Federal agencies, and covers only records in the possession and control of Federal agencies.

In addition to the Privacy Act, the Centers for Medicare & Medicaid Services (CMS) is required to follow the Department of Health and Human Services (HHS) Privacy Act Regulations at 45.C.F.R. Part 5b.

Inquiries concerning the Privacy Act should be directed to the Privacy Officer at (410)786-5357.

How to Make a Privacy Act Request

Requests for Privacy Act records should be directed to the appropriate System Manager of the system where the records are stored. This individual is identified in the system of records notice. The notice also contains access and notification procedures.