Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

HHS-OIG Privacy Policy Notice

Thank you for visiting our HHS-OIG website and for reviewing our Privacy Policy. Our policy:

  • No personally identifiable information (PII) about you is collected unless you choose to provide that information to us.
  • Any PII you chose to provide will be maintained in accordance with Federal privacy requirements.
  • Non-PII information related to your visit to the HHS-OIG websites may be automatically collected and temporarily stored.
  • HHS-OIG does not disclose, give, sell, or transfer any personally identifiable information (PII) about our visitors unless required for law enforcement or by federal law.

What is Personally Identifiable Information (PII)?

PII is information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. Some examples of PII are full name, home address, email address, phone number, age, and gender.

PII can include:

  • Sensitive data, such as medical, financial, or legal information.
  • "Neutral" information, such as name, facial photos, or work address; and
  • Contextual information, such as a file for a specific health condition that contains a list of treated patients.

OIG Privacy Officials -TBD

The OIG Privacy Officials are in the process of being filled. Once filled this notice will be updated accordingly.

Types of Information Collected

When users browse through any website, information about browsing visits can be collected. HHS-OIG automatically collects and temporarily stores the following information about a visitor:

  • the name of the domain used to access the Internet (for example, or gmail account if account login is active in the browsing session, or, if connecting from Stanford University's domain).
  • the date and time of the visit.
  • the pages visited; and
  • the address of the website the user originated from to visit.

HHS-OIG uses the Digital Analytics Program to collect and aggregate this information to create reports and analyses, which are used to help HHS-OIG make our site more useful to visitors. These data elements and reports are only available to web managers and other designated staff who require this information to perform their duties. HHS-OIG retains the data from analysis if needed to support its mission. Again, there is no PII included in this data.

Interaction with Children Online

OIG does not maintain websites directed at children. If you are under 13 and visit any websites, the law says that you and your parents are in charge of what personally identifiable information (PII) the websites can know about you.


Websites can automatically place small text files, known as "cookies," on their visitors' computers. Cookies identify the unique browser used by the visitor unless deleted by the visitor or when the cookies expire. On each subsequent visit to the website, the visitor's browser will retrieve the cookie, allowing HHS-OIG to aggregate the number of return visitors. HHS-OIG uses "cookies" to test and optimize our websites' design and content. We use two types of cookies on the HHS-OIG websites:

  • We use session cookies to gather data for technical purposes, such as improving navigation through our website and generating statistics about how the website is used. Session cookies are temporary text files that expire when a user leaves our website. Cookies delete automatically from a users computer as soon as they expire. We do not use session cookies to collect personally identifiable information (PII), and we do not share data collected from session cookies.
  • We use multi-session cookies, or persistent cookies, to customize our website for frequent visitors and to test variations of website design and content. Multi-session cookies are cookies that are stored over more than a single session on a users computer. We do not use multi-session cookies to collect personally identifiable information (PII), and we do not share data collected from multi-session cookies.
  • A list of the cookies being used and the storage duration that corresponds:
    • .ASP Pages: Session duration
    • SiteImprove: 400 days
    • Google Analytics: Two years
    • Gali and Gat: one day

User can block cookies from their computer by opting out (when options are made available). Blocking session cookies from a users computer will not affect access to the content and tools on our websites. Blocking multi-session or persistent cookies may affect the personalization of the information on these websites.

Personally Identifiable Information (PII) Voluntarily Submitted to HHS

Users do not have to provide personally identifiable information to visit HHS-OIG websites.

If you choose to provide us with additional information about yourself through an e-mail message, form, survey, etc., we will only retain the information if needed to respond to your question or to fulfill the stated purpose of the communication.

However, note that all communications addressed to HHS-OIG are maintained, as required by law, for historical purposes. These communications are retained for a period of seven years (unless subject to a litigation or other preservation hold) or when no longer needed for business use. All communications addressed to HHS-OIG are protected by the Privacy Act which restricts our use of them yet permits certain disclosures. If user information is submitted and is to be maintained in a Privacy Act system of records, a Privacy Act Notice will be provided. We maintain and disposition information submitted electronically as required by the Federal Records Act and the National Archives and Records Administration's (NARA) records schedules. It may be subject to disclosure in certain cases (for example, if required by a Freedom of Information Act (FOIA) request, court order, or Congressional access request, or if authorized by a Privacy Act SORN).

Third-Party Websites and Applications Used by HHS-OIG

In the interest of promoting transparency, public participation, and open government, the Department uses third-party websites (including social media platforms with official HHS-OIG accounts) and third-party applications to enhance the user experience, promote access to information, and provide ease of navigation throughout Department websites.

The term "social media" refers to web-based networks that are accessed by computer and mobile technologies, that facilitate the ability of individuals and entities to share and consume information. HHS-OIG makes every effort to comply with federal record keeping requirements and obligations related to transparency, public access, and personal privacy, in the utilization of social media.

Meta: The Facebook, Inc., is a social media platform that connects people globally. Meta’s policy defined how Meta collects, uses and shares information. It describes how long Meta maintains business account information and how data is secured. Meta is a platform used by HHS-OIG to distribute public facing content.

HootSuite: HootSuite is a password-protected, third-party application that uses a series of tools to manage, track, and analyze approved OIG social media accounts. OIG does not take possession of any personal information provided by users to HootSuite when such users visit OIG social media platforms. The public can access OIG-specific information distributed through HootSuite by visiting OIG's individual social media accounts.

LinkedIn: LinkedIn’s mission is to connect the world’s professionals to allow users to be more productive and successful. Central to this mission is the LinkedIn commitment to be transparent about the data collected about users, how it is used and with whom it is shared. HHS-OIG uses Siteimprove’s URL shortener which keeps data safe because data isn’t collected nor is it shared with third parties.

Salesforce: Salesforce is a newsletter distribution tool that sends emails to subscribers on a daily basis. Please see Salesforce’s privacy policy (link below) for details about what Salesforce tracks. No PII is collected by OIG other than the email address that is used to subscribe to the service.

SiteImprove: SiteImprove is a website analytics tool, share widget, and URL shortener. Please see SiteImprove’s privacy policy (link below) for details about what SiteImprove tracks. No PII is collected in any feature of SiteImprove analytics tools.

X (formerly known as Twitter): OIG uses X to send short messages to share information with the public. While visitors may read the OIG X feed without subscribing to it, visitors who want to subscribe to (or follow) OIG X feeds must create an X account at To create an account, users must provide some personal information, such as name, username, password, and email address. Visitors have the option to provide additional personal information including a short biography, location, or picture. Most information provided for an X account is available to the public, but users can modify how much information is visible by changing privacy settings at the website. HHS-OIG does not take possession of personal information belonging to X followers or users. Nor does HHS-OIG respond to direct messages or comments. HHS-OIG does, however, monitor the number of subscribers.

YouTube: HHS-OIG posts videos on YouTube to make videos available to the public. Users do not need to register with either YouTube or Google (YouTube owner) to watch OIG videos. When visitors watch videos, YouTube may record non-personally identifiable information about its site usage, such as channels used, videos watched, and data transfer details to improve its services. If users log on to the YouTube site before watching OIG videos, YouTube may associate information about the users site use with the YouTube account. If a user logs on to YouTube and comments on an OIG video, any personal information included when registering for an account will be visible to visitors who click on the comment.

Third-Party Privacy Policies

Linked below are the privacy policies affiliated with the third-party websites and applications (i.e. social media platforms) leveraged by official HHS-OIG accounts where HHS-OIG uses various platforms to communicate with the public:

Website Security

The U.S. Government maintains this website and there are federal laws that protect it. The government can arrest and prosecute individuals for illegal activity if they violate these laws.

To maintain website security and ensure HHS-OIG websites are available to the public, HHS-OIG uses software programs to monitor traffic and identify unauthorized attempts to upload or change information or otherwise cause damage to HHS-OIG websites. Law enforcement may use information from these tools to help identify an individual in the event of investigations and as part of any required legal process.

Where electronic communications, such as tweets, email or other similar messages, convey a threat of violence against the OIG or Department of Health and Human Services (HHS), suggest waste, fraud or abuse in an HHS program or otherwise suggest a violation of law, the OIG may collect, maintain or disseminate the notice as well as the name and profile information associated with the sender's account, for the purpose of OIG meeting its obligations under the Inspector General Act of 1978 and as a statutory law enforcement agency.

Systems of Records

All digital data is maintained and dispositioned pursuant to the Federal Records Act, and in some cases may be subject to the Privacy Act. Information submitted by the public, submitted with the intent for use in a Privacy Act system of records, there will be a Privacy Act Notice.

Last updated May 29, 2024