SAMHSA Privacy Policy
SAMHSA's Privacy Policy pertains to SAMHSA.gov and all SAMHSA funded websites.
Our Policy
- We do not collect personally identifiable information (PII) about you unless you choose to provide that information to us.
- Any PII you chose to provide is protected by security controls consistent with the HHS Information Security and Privacy Policy and National Institutes of Standards and Technology and Office of Management and Budget guidance.
- Non-PII information related to your visit to our website may be automatically collected and temporarily stored.
Related Resources
- HHS Privacy Act
- HHS Health Information Privacy.
- HHS Policy for Preparing for and Responding to a Breach of Personally Identifiable Information (PII)
- SAMHSA Freedom of Information Act
- HHS FOIA Contacts & Requester Service Centers and Privacy Act Contacts
Disclosure
SAMHSA does not disclose, give, sell, or transfer any personal information about our visitors unless required for law enforcement or by Federal law.
Information Collected and Stored Automatically
When you browse through our website, we gather and temporarily store technical information about your visit. This information does not identify who you are and does not include PII. The information we collect includes:
- The name of the domain you use to access the Internet (for example, aol.com, if you are using an American Online account, or stanford.edu, if you are connecting from Stanford University's domain);
- The date and time of your visit;
- The pages you visited; and
- The address of the website you came from when you came to visit.
We use this information to improve our website and provide a better user experience for our visitors. We use Google Analytics, a tool that collects and aggregates this information. This information is available only to web managers and other designated staff who require this information to perform their duties. It is retained only for as long as needed for proper analysis.
Website Cookies
We use web measurement and customization technologies, such as cookies, to help our website function better for visitors and to better understand how the public is using our website. A cookie is a small text file automatically placed on your computer. We use two types of cookies on our websites:
- Session Cookies: We use this to gather data for technical purposes, such as enabling better navigation through our website and generating aggregated statistics about how the website is used. Session cookies are temporary text files that expire when you leave our website. When cookies expire, they are automatically deleted from your computer. We do not use session cookies to collect PII, and we do not share data collected from session cookies. Our use of session cookies is defined as "Tier 1" usage in accordance with the OMB Memorandum (M)-10-22 Guidance for Online Use of Web Measurement and Customization Technologies.
- Multi-session Cookies: Also known as persistent cookies, we use this to customize our website for frequent visitors and to test variations of website design and content. Multi-session cookies are cookies that are stored over more than a single session on your computer. We do not use multi-session cookies to collect PII, and we do not share data collected from multi-session cookies. Our multi-session cookies are set to expire two years after your last visit to our website. After two years, they are automatically deleted from your computer. Our use of multi-session cookies is defined as "Tier 2" usage in accordance with the OMB Memorandum (M)-10-22 Guidance for Online Use of Web Measurement and Customization Technologies.
You can take actions to block cookies. Blocking these cookies from your computer will not affect your access to the content and tools on our website. Learn how to block website cookies.
Personal Information Voluntarily Submitted
If you choose to provide SAMHSA with personal information – for example by completing a "Contact Us" inquiry via email, leaving a comment, or completing a survey – we may use that information to respond to your message and/or help us get you the information or services you asked for. Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website.
We will retain the information only for as long as necessary to respond to your question or to fulfill the stated purpose of the communication. Electronically submitted information, like information submitted in paper form, is maintained and destroyed in accordance with the Federal Records Act and records schedules of the National Archives and Records Administration. It may be subject to disclosure in certain cases (for example, if lawfully required in response to a Freedom of Information Act request, court order, or Congressional access request, or if authorized by a Privacy Act System of Records Notice). It is subject to the Privacy Act if maintained in a Privacy Act system.
Intrusion Detection
This site is maintained by the U.S. Government. It is protected by various provisions of Title 18, U.S. Code. Violations of Title 18 are subject to criminal prosecution in federal court. For site security purposes and to ensure that this service remains available to all users, we employ software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of authorized law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.
Third-Party Websites
We maintain accounts on third-party websites, such as social media sites, as tools to better interact with the public. Your activity on those third-party websites is governed by the security and privacy policies of those sites. Users of third-party websites are often sharing information with the general public, user community, and/or the third-party operating the website. These actors may use this information in a variety of ways. You should review the privacy policies of third-party websites before using them and ensure that you understand how your information may be used. You should also adjust privacy settings on your account on any third-party website to match your preferences.
Common third-party websites in use include:
- Facebook Privacy Policy
- Instagram Privacy Policy
- X Privacy Policy
- YouTube Privacy Policy
- Flickr Privacy Policy
Information Collected and Used from Third-Party Websites
If you have an account with a third-party website, and choose to follow, like, friend, or comment, certain PII associated with your account may be made available based on the privacy policies of the third-party website and your privacy settings within that third-party website. SAMHSA sometimes collects and uses PII made available through third-party websites. We do not share PII made available through third-party websites.
SAMHSA conducts and publishes a Privacy Impact Assessment (PIA) for each use of a third-party website. Each use of a third-party website may have unique functionality or practices.
Privacy Impact Assessments (PIA)
Privacy Impact Assessments (PIA) determine if Personally Identifiable Information (PII) is contained within a system, what kind of PII, what is done with that information, and how that information is protected. Systems with PII are subject to an extensive list of requirements based on privacy laws, regulations, and guidance. The HHS Privacy Act Officer, SAMHSA Senior Official for Privacy and SAMHSA Information Security Officer can all be used as a resource for questions related to the technicalities of privacy law and the required privacy controls for information systems. In accordance to the Office of Management and Budget (OMB) Memorandum (M) 03-22 please find SAMHSA PIA's:
- Drug and Alcohol Information Services (DASIS) now Behavioral Health Services Information System (BHSIS)
- National Survey on Drug Use and Health (NSDUH)
- Physical Access Control System (PACS)
- Prevention Management Reporting and Training System (PMRTS)
- Public Engagement Platform (PEP) formerly SHIN
- SAMHSA Website
- Services Accountability Improvement System (SAIS)
- Web-Block Grant Application System (WebBGAS)
To receive a copy of these PIAs, please email SAMHSA Privacy.
Systems of Records Notices (SORNs)
Under the Privacy Act, a description of the information to be collected in any System of Records Notices (SORNs) must be published in the Federal Register before the data collection begins.
For each system of records, a specified Agency employee, known as a system manager, is responsible for the business requirements of the data maintained in the system, for answering any questions about seeing the records, and for amending or correcting information contained therein. The system manager, along with his or her mailing address, is listed in the Federal Register notice.
- System Notice 09-30-0023-1
- System Notice 09-30-0027-1
- System Notice 09-30-0036-1
- System Notice 09-30-0052-1
Online Interactions with Children
SAMHSA will take all reasonable steps necessary to protect the privacy and safety of any child from whom information is collected, as required by the Children’s Online Privacy Protection Act (COPPA). A child’s parent or guardian is required to provide consent before SAMHSA collects, uses, or shares personal information from a child under age 13. Information and instructions will be provided by the specific webpage and/or app that collects information about a child. The webpage and/or app will specify exactly what the information will be used for, who will see it, and how long it will be kept.