- We do not collect personally identifiable information (PII) about you unless you choose to provide that information to us.
- Non-PII information related to your visit to our website may be automatically collected and temporarily stored.
For more information on your health information privacy and security rights, or on the HIPAA Privacy and Security Rules, visit the HHS Office for Civil Rights.
Information Collected and Stored Automatically
When you browse through our website, we gather and temporarily store technical information about your visit. This information does not identify who you are. The information we collect includes:
- The name of the domain you use to access the Internet (for example, aol.com, if you are using an American Online account, or stanford.edu, if you are connecting from Stanford University's domain);
- The date and time of your visit;
- The pages you visited; and
- The address of the website you came from when you came to visit.
We use this information to improve our website and provide a better user experience for our visitors. We use a tool, Google Analytics, to collect and aggregate this information. This information is available only to web managers and other designated staff who require this information to perform their duties. It is retained only for as long as needed for proper analysis. There is no PII included in this data.
Web Measurement and Customization
We use web measurement and customization technologies, such as cookies, to help our website function better for visitors and to better understand how the public is using our website.
SAMHSA uses "cookies" to test and optimize our website design and content. A cookie is a small text file automatically placed on your computer. We use two types of cookies on our websites:
- We use session cookies to gather data for technical purposes, such as enabling better navigation through our website and generating aggregated statistics about how the website is used. Session cookies are temporary text files that expire when you leave our website. When cookies expire, they are automatically deleted from your computer. We do not use session cookies to collect PII, and we do not share data collected from session cookies. Our use of session cookies is defined as "Tier 1" usage in accordance with the OMB Memorandum (M)-10-22 Guidance for Online Use of Web Measurement and Customization Technologies.
- We use multi-session cookies, a.k.a. persistent cookies, to customize our website for frequent visitors and to test variations of website design and content. Multi-session cookies are cookies that are stored over more than a single session on your computer. We do not use multi-session cookies to collect PII, and we do not share data collected from multi-session cookies. Our multi-session cookies are set to expire two years after your last visit to our website. After two years, they are automatically deleted from your computer. Our use of multi-session cookies is defined as "Tier 2" usage in accordance with the OMB Memorandum (M)-10-22 Guidance for Online Use of Web Measurement and Customization Technologies.
You can take actions to block cookies. Blocking these cookies from your computer will not affect your access to the content and tools on our website. Instructions to opt out are available on USA.gov.
Personal Information Voluntarily Submitted to SAMHSA
If you choose to provide SAMHSA with personal information – for example by completing a "Contact Us" inquiry via email, leaving a comment, or completing a survey – we may use that information to respond to your message and/or help us get you the information or services you asked for. Submitting personal information (name, address, telephone number, email address, etc.) is voluntary and is not required to access information on our website.
We will retain the information only for as long as necessary to respond to your question or to fulfill the stated purpose of the communication. Electronically submitted information, like information submitted in paper form, is maintained and destroyed in accordance with the Federal Records Act and records schedules of the National Archives and Records Administration. It may be subject to disclosure in certain cases (for example, if lawfully required in response to a Freedom of Information Act request, court order, or Congressional access request, or if authorized by a Privacy Act System of Records Notice). It is subject to the Privacy Act if maintained in a Privacy Act system.
Learn more about your rights under the Freedom of Information Act and the Privacy Act.
Visiting an Official SAMHSA Page on Third-Party Websites/Applications
We maintain accounts on third-party websites, such as social media sites, as tools to better interact with the public. Your activity on those third-party websites is governed by the security and privacy policies of those sites. Users of third-party websites are often sharing information with the general public, user community, and/or the third-party operating the website. These actors may use this information in a variety of ways. You should review the privacy policies of third-party websites before using them and ensure that you understand how your information may be used. You should also adjust privacy settings on your account on any third-party website to match your preferences.
Common third-party websites in use include:
Information Collected and Used from Third-Party Websites
If you have an account with a third-party website, and choose to follow, like, friend, or comment, certain PII associated with your account may be made available based on the privacy policies of the third-party website and your privacy settings within that third-party website. SAMHSA sometimes collects and uses PII made available through third-party websites. We do not share PII made available through third-party websites.
SAMHSA conducts and publishes a Privacy Impact Assessment (PIA) for each use of a third-party website. Each use of a third-party website may have unique functionality or practices. To learn more, review the PIAs published by HHS.
Interaction with Children Online
SAMHSA will take all reasonable steps necessary to protect the privacy and safety of any child from whom information is collected, as required by the Children’s Online Privacy Protection Act (COPPA). A child’s parent or guardian is required to provide consent before SAMHSA collects, uses, or shares personal information from a child under age 13.
Information and instructions will be provided by the specific webpage and/or app that collects information about a child. The webpage and/or app will specify exactly what the information will be used for, who will see it, and how long it will be kept.
SAMHSA does not disclose, give, sell, or transfer any personal information about our visitors unless required for law enforcement or by Federal law.
This site is maintained by the U.S. Government. It is protected by various provisions of Title 18, U.S. Code. Violations of Title 18 are subject to criminal prosecution in federal court.
For site security purposes and to ensure that this service remains available to all users, we employ software programs to monitor traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. In the event of authorized law enforcement investigations and as part of any required legal process, information from these sources may be used to help identify an individual.
For more information
For more information on the Privacy Act at HHS, visit: http://www.hhs.gov/foia/privacy/index.html
For SAMHSA privacy questions or concerns contact: firstname.lastname@example.org
Systems of Records Notices (SORNs)
Under the Privacy Act of 1974, a description of the information to be collected in any system of records must be published in the Federal Register before the data collection begins.
For each system of records, a specified Agency employee, known as a system manager, is responsible for the business requirements of the data maintained in the system, for answering any questions about seeing the records, and for amending or correcting information contained therein. The system manager, along with his or her mailing address, is listed in the Federal Register notice.
- System of Records Notices (SORNs)
- Privacy Impact Assessment (PIA)
- U.S. Federal Government related policies, including Privacy Act of 1974
- HHS Privacy Contacts (HHS Intranet)
- Personally Identifiable Information (PII) Breach Response Team (BRT) Policy
- Privacy of Individually Identifiable Health Information (Privacy Rule)