About NIH
NIH Web Privacy Notice
Protecting your privacy is very important to us. Our Web site links to other National Institutes of Health (NIH) sites, federal agency sites and occasionally, to private organizations. Once you leave the primary NIH.gov site, you are subject to the privacy policy for the site(s) you are visiting. We do not collect any personally identifiable information (PII) about you during your visit to NIH Web sites unless you choose to provide it to us. We do, however, collect some data about your visit to our Web site to help us better understand how the public uses the site and how to make it more helpful. We collect information from visitors who read, browse, and/or download information from our Web site. NIH never collects information for commercial marketing or any purpose unrelated to the NIH mission and goals.
When visitors send email messages containing personal information to the general NIH.gov email box NIHinfo@od.nih.gov, NIH staff responds to the letters and files them. Only designated staff members requiring access to the emails to respond, may view, or answer them.
Types of Information Collected
When you browse through any Web site, certain information about your visit can be collected. We automatically collect and temporarily store the following type of information about your visit:
- Domain from which you access the Internet;
- IP address (an IP address is a number that is automatically assigned to a computer when surfing the Web);
- Operating system and information about the browser used when visiting the site;
- Date and time of your visit;
- Pages you visited; and,
- Address of the Web site that connected you to an NIH Web site (such as google.com or bing.com).
We use this information to measure the number of visitors to our site and its various sections and to help make our site more useful to visitors.
How NIH Collects Information
NIH Web sites use a variety of different Web measurement software tools.
NIH.gov uses Webtrends and Google Analytics measurement software to collect the information in the bulleted list in the Types of Information Collected section above. Webtrends and Google Analytics collect information automatically and continuously. No personally identifiable information is collected. The NIH staff conducts analyses and reports on the aggregated data from Webtrends and Google Analytics. The reports are only available to NIH.gov managers, members of the NIH.gov Communications and Web Teams, and other designated staff who require this information to perform their duties.
NIH also uses online surveys to collect opinions and feedback from a random sample of visitors. NIH.gov uses the ForeSee Results’ American Customer Satisfaction Index (ACSI) online survey to obtain feedback and data on visitors’ satisfaction with the NIH.gov Web site. This survey does not collect personally identifiable information. Although the survey invitation pops up for a random sample of visitors, it is optional. If you decline the survey, you will still have access to the identical information and resources at the NIH.gov site as those who do not take the survey. The survey reports are available only to NIH.gov managers, members of the NIH.gov Communications and Web Teams, and other designated staff who require this information to perform their duties.
NIH retains the data from Webtrends, Google Analytics, and ACSI survey results as long as needed to support the mission of the NIH.gov Web site.
How NIH Uses Cookies
The Office of Management and Budget Memo M-10-22,
Guidance for Online Use of Web Measurement and Customization Technologies
allows Federal agencies to use session and persistent cookies.
When you visit any Web site, its server may generate a piece of text known as a "cookie" to place on your computer. The cookie allows the server to "remember" specific information about your visit while you are connected.
The cookie makes it easier for you to use the dynamic features of Web pages. Cookies from NIH Web pages only collect information about your browser’s visit to the site; they do not collect personal information about you.
There are two types of cookies, single session (temporary), and multi-session (persistent). Session cookies last only as long as your Web browser is open. Once you close your browser, the cookie disappears. Persistent cookies are stored on your computer for longer periods.
Session Cookies: We use session cookies for technical purposes such as to enable better navigation through our site. These cookies let our server know that you are continuing a visit to our site. The OMB Memo 10-22 Guidance defines our use of session cookies as "Usage Tier 1—Single Session.” The policy says, "This tier encompasses any use of single session web measurement and customization technologies."
Persistent Cookies: We use persistent cookies to enable Webtrends and Google Analytics to differentiate between new and returning NIH.gov visitors. Persistent cookies remain on your computer between visits to NIH.gov until they expire. We also use persistent cookies to block repeated invitations to take the ACSI survey. The persistent cookies that block repeated survey invitations expire in 90 days. The OMB Memo 10-22 Guidance defines our use of persistent cookies as "Usage Tier 2—Multi-session without Personally Identifiable Information (PII).” The policy says, "This tier encompasses any use of multi-session Web measurement and customization technologies when no PII is collected."
How to Opt Out or Disable Cookies
If you do not wish to have session or persistent cookies placed on your computer,
you can disable them using your Web browser. If you opt out of cookies, you
will still have access to all information and resources at NIH.gov. Instructions
for disabling or opting out of cookies in the most popular browsers are located
at http://www.usa.gov/optout_instructions.shtml
. Please note that by following the instructions to opt-out of
cookies, you will disable cookies from all sources, not just those
from NIH.gov.
How Personal Information Is Protected
You do not have to give us personal information to visit the NIH Web sites. However, if you choose to receive alerts or e-newsletters, we collect your email address to complete the subscription process.
If you choose to provide us with personally identifiable information, that is, information that is personal in nature and which may be used to identify you, through an e-mail message, request for information, paper or electronic form, questionnaire, customer satisfaction survey, epidemiology research study, etc., we will maintain the information you provide only as long as needed to respond to your question or to fulfill the stated purpose of the communication. If we store your personal information in a record system designed to retrieve information about you by personal identifier (name, personal email address, home mailing address, personal or mobile phone number, etc.), so that we may contact you, we will safeguard the information you provide to us in accordance with the Privacy Act of 1974, as amended (5 U.S.C. Section 552a).
If NIH operates a record system designed to retrieve information about you in order to accomplish its mission, a Privacy Act Notification Statement should be prominently and conspicuously displayed on the public-facing website or form which asks you to provide personally identifiable information. The notice must address the following five criteria:
- NIH legal authorization to collect information about you
- Purpose of the information collection
- Routine uses for disclosure of information outside of NIH
- Whether the request made of you is voluntary or mandatory under law
- Effects of non-disclosure if you choose to not provide the requested information
For further information about NIH privacy policy, please contact the NIH Senior Official for Privacy at privacy@mail.nih.gov; call 301-451-3426 or visit http://oma.od.nih.gov/ms/privacy.
Data Safeguarding and Privacy
NIH uses web measurement and customization technologies to help our Web sites
function better for visitors and to better understand how the public uses the
online resources we provide. All uses of web-based technologies comply with
existing policies with respect to privacy and data safeguarding standards.
Information Technology (IT) systems owned and operated by NIH are assessed
using Privacy Impact Assessments (PIAs) posted for public view on the Department
of Health and Human Services (DHHS) Web site (http://www.hhs.gov/pia/nih.html
). NIH conducts and publishes a PIA for each use of a third-party
website and application (TPWA) as they may have a different functionality
or practice. TPWA PIAs are posted for public view on DHHS Web site http://www.hhs.gov/pia/nih_pia_summaries_fy12_q2.pdf
.
Groups of records that contain information about an individual and are designed to be retrieved by the individual’s name or other personal identifier linked to the individual are covered by the Privacy Act of 1974, as amended (5 U.S.C. Section 552a). For these records, NIH Systems of Record Notices are published in the Federal Register and posted on the NIH Senior Official for Privacy Website. When you visit the NIH Institute/Center sites, please look for the Privacy Notice posted on the main pages. When web measurement and customization technologies are used, the Privacy Policy/Notice must provide:
- Purpose of the web measurement and/or customization technology;
- Usage tier, session type, and technology used;
- Nature of the information collected;
- Purpose and use of the information;
- Whether and to whom the information will be disclosed;
- Privacy safeguards applied to the information;
- Data retention policy for the information;
- Whether the technology is enabled by default or not and why;
- How to opt-out of the web measurement/customization technology;
- Statement that opting-out still permits users to access comparable information or services; and,
- Identities of all third-party vendors involved in the measurement and customization process.
Data Retention and Access Limits
NIH will retain data collected using the following technologies long enough
to achieve the specified objective for which they were collected. The data
generated from these activities falls under the National Archives and Records
Administration (NARA) General Records Schedule (GRS) 20-item IC 'Electronic
Records,' and will be handled per the requirements of that schedule (http://www.archives.gov/records-mgmt/grs/grs20.html
).
How NIH.gov uses Third-Party Web sites and Applications
As part of the OMB Memo M-10-06,
Open Government Directive
, the NIH uses a variety of new technologies and social media options
to communicate and interact with citizens. These sites and applications
include popular social networking and media sites, open source
software communities and more. TPWAs are Web-based technologies
that are not exclusively operated or controlled by NIH, such as
applications not hosted on a .gov domain or those that are embedded
on NIH Web pages. Users of TPWAs often share information with the
general public, user community, and/or the third-party operating
the Web site. These actors may use this information in a variety
of ways. TPWAs could cause PII to become available or accessible
to NIH and the public, regardless of whether the information is
explicitly solicited or collected by NIH.
The following list includes some of the TPWAs we use and their purpose. NIH sometimes collects and uses PII made available through third-party Web sites. However, we do not share PII made available through third-party Web sites. Your activity on the third-party Web sites we use is governed by the security and privacy policy of those sites, which we have linked below. You should review the third-party privacy policies before using the sites and ensure that you understand how your information may be used. If you have an account with a third-party Web site, and choose to follow, like, friend, or comment, certain PII associated with your account may be made available to NIH based on the privacy policy of the third-party Web site and your privacy settings within that third-party Web site. Therefore, you should also adjust privacy settings on your account to match your preferences.
For any NIH TPWA that collects PII, the list below also includes details on the information NIH collects and how we will protect your private information.
Third-Party Web Sites and Applications
AddThis: NIH uses the AddThis service
to allow you to bookmark and share the News in Health Web site content
on a variety of social media sites. If you use the AddThis service
to share content, you do not need to register or provide any personal information. AddThis collects
non-personal data, including the aggregate and summary statistics on browsers
and usage patterns. AddThis also uses non-personal data to manage
the service efficiently and diagnose server problems. Although AddThis
offers some analytics and usage data to NIH, these reports do not include any
PII. The reports are password-protected and only available to NIH Managers,
System Owners, Communications Staff, Web Teams, and other designated staff
who require this information to perform their duties. The AddThis Privacy
Policy is available at http://www.addthis.com/privacy
Bit.ly: NIH uses Bit.ly to
shorten long URLs for use in email messages, Twitter feeds and on Facebook pages. Bit.ly collects
and provides data on how often you as an email recipient or Facebook/Twitter user,
click on the shortened URLs distributed by NIH staff. Bit.ly analytics
show how many people clicked on the URLs posted by NIH, compared to the total
number of clicks on the shortened URLs. Bit.ly analytics do not provide
any PII about the visitors who open the shortened links. The Bit.ly Privacy
Policy is available at http://bit.ly/pages/privacy
Facebook: NIH has three main Facebook pages—National
Institutes of Health (NIH)
, NIH Research Matters
, and News in
Health
. Many other NIH Institutes and Centers (ICs) sponsor their own Facebook pages.
IC Facebook Privacy Policies are located on the individual
IC web sites, which can found by clicking on the respective IC
from the NIH homepage (http://www.nih.gov/).
NIH Facebook pages are managed by NIH staff members who
post news and other items of interest to be consumed by the public.
If you have a Facebook account, you can log in to your
account to post comments, and 'like' NIH Facebook pages
and individual entries. If once you click on an NIH Facebook page,
you comment or click on the 'like' button, your PII will be visible
to NIH staff and other Facebook site visitors. The amount
of visible personal information displayed will depend on your own Facebook privacy
settings. You can completely avoid displaying any PII by not creating
a Facebook account, not posting comments, not clicking
on the 'like' options, or interacting with NIH Facebook accounts
in any way (i.e., private messaging, sharing NIH posts, etc.).
NIH staff do not collect, use or disclose any information about
visitors who comment or 'like' the NIH Facebook sites.
However, as a practice, comment moderator policy requires the removal
from NIH Facebook pages of any comments that contain spam
or are improper, inflammatory, or offensive. The information is
then saved on a password-protected shared drive accessible to NIH
Managers, System Owners, Communications Staff, Web Teams, and other
designated staff who require this information to perform their
duties. The Facebook Privacy Policy is available at http://www.facebook.com/policy.php
Flickr: NIH uses Flickr to
upload and share photos and images related to the NIH mission and culture.
NIH is responsible for the uploaded images on NIH-sponsored Flickr pages
and must ensure that the images assigned for posting meet NIH quality standards
and comply with all NIH, HHS, and federal policies. Images posted are produced
by NIH and its Institutes and Centers (ICs), and may include medical illustrations
and other scientific images. Photos posted may also include pre-approved photos
of NIH employees at events or in labs for the purpose of promoting the NIH
mission and culture. You do not need to register with Flickr to view
the images onNIH Flickr sites, because all NIH images posted on Flickr are
visible in the public domain. However, if you choose to register, you will
not provide PII directly to NIH. NIH has disabled the commenting feature on
its Flickr sites. Therefore, PII cannot be collected or unintentionally
received by NIH employees via the Flickr site. The Flickr Privacy
Policy is available at http://info.yahoo.com/privacy/us/yahoo/flickr/details.html
Google+: NIH has
one main Google+ page—National
Institutes of Health (NIH)
.Several other NIH Institutes and Centers (ICs) sponsor their own Google+ pages.
IC Google+ Privacy Policies are located on the individual
IC web sites, which can found by clicking on the respective IC
from the NIH homepage (http://www.nih.gov/).
NIH Google+ pages are managed by NIH staff members who
post news and other items of interest to be consumed by the public.
If you have a Google+ account, you can log in to your
account to post comments, and '+1' NIH Google+ pages and
individual entries. If once you click on an NIH Google+ page,
you comment or click on the '+1' button, your PII will be visible
to NIH staff and other Google+ site visitors. The amount
of visible personal information displayed will depend on your own Google+ privacy
settings. You can completely avoid displaying any PII by not creating
a Google+ account, not posting comments, not clicking
on the 'like' options, or interacting with NIH Google+ accounts
in any way (i.e., private messaging, sharing NIH posts, etc.).
NIH staff do not collect, use or disclose any information about
visitors who comment or 'like' the NIH Google+ sites.
However, as a practice, comment moderator policy requires the removal
from NIH Google+ pages of any comments that contain spam
or are improper, inflammatory, or offensive. The Google+ Privacy
Policy is available at http://www.google.com/intl/en/policies/privacy/
GovDelivery Subscription Management: NIH
uses GovDelivery to send e-newsletters, alerts and other messages
to visitors who subscribe to them. To subscribe to receive an NIH product,
you must provide an email address and indicate your subscription preferences,
including the items you want to receive. The email subscriber lists are password
protected by GovDelivery. Only the NIH managers who send newsletters,
alerts, or memos via GovDelivery and the staff members who monitor
the results of email initiatives have access to the subscriber lists. GovDelivery never
allows access to the subscriber lists to anyone outside of NIH for any purpose. GovDelivery collects
and provides non-identifying information about the number of messages sent,
clicks, and open rates. This information is password-protected and only available
to NIH Managers, System Owners, Communications Staff, Web Teams, and other
designated staff who require this information to perform their duties. The GovDelivery Privacy
Policy is available at http://www.govdelivery.com/privacy
LinkedIn: NIH uses the “groups” feature
on LinkedIn to engage with current and past employees and members
of the public. In order to join a NIH group on LinkedIn, you must
register for a LinkedIn account and provide your first and last name and e-mail
address. Upon confirmation of your email address, you must provide LinkedIn with
information regarding your employment, country, zip code, job title, etc. The
amount of visible personal information will depend on your LinkedIn user
privacy settings. You can completely avoid displaying any PII by not creating
a LinkedIn account, not joining NIH LinkedIn groups, or not interacting
with NIH LinkedIn groups in any way (i.e., private messaging, posting
on group pages, etc.). Although NIH staff managing LinkedIn groups
may view the information you provide when you submit a request to join NIH LinkedIn groups,
NIH staff does not collect, use, or disclose any of this information. The LinkedIn Privacy
Policy is available at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv
Pinterest: NIH has one main Pinterest page—National
Institutes of Health (NIH)
.Several other NIH Institutes and Centers (ICs) sponsor their own Pinterest pages.
IC Pinterest Privacy Policies are located on the individual
IC web sites, which can found by clicking on the respective IC
from the NIH homepage (http://www.nih.gov/).
NIH Pinterest pages are managed by NIH staff members who
post news and other items of interest to be consumed by the public.
If you have a Pinterest account, you can log in to your
account to post comments, like and ‘repin’ NIH Pinterest postings
and individual entries. When you chose to like, comment or ‘repin’ an
item from an NIH Pinterest account, your PII will be visible
to NIH staff and other Pinterest site visitors. You can
completely avoid displaying any PII by not creating a Pinterest account,
not posting comments, not clicking on the 'like' options and not
sharing items from the NIH Pinterest page or NIH websites.
NIH staff do not collect, use or disclose any information about
visitors who comment, share, or 'like' the NIH Pinterest sites
or posts. However, as a practice, comment moderator policy requires
the removal from NIH Pinterest pages of any comments that
contain spam or are improper, inflammatory, or offensive. The Pinterest Privacy
Policy is available at http://about.pinterest.com/privacy/
Polldaddy: NIH uses Polldaddy in
conjunction with some NIH WordPress blogs to collect your click-opinions or
rankings of drop-down menu preferences as a blog participant. Polldaddy is
the only survey tool that is compatible with WordPress and most Polldaddy surveys
are embedded within blog entries on NIH WordPress blogs. However, there are
links to the Polldaddy site at the bottom of the survey form. You
can vote on a topic using the Polldaddy form embedded on a NIH blog.
However, to submit a comment, you must navigate directly to the Polldaddy site,
provide your name, and e-mail address. Polldaddy automatically scans
your comments prior to posting them to determine whether they are spam and,
if so, deletes them. If the submission is not recognized as spam by the Polldaddy filtering
program, the comment is immediately posted to the poll results published on
the Polldaddy site. Considering the comments provided could potentially
contain PII, any such unsolicited PII will not be posted on NIH blogs. Any
information collected by NIH is de-identified and will be used solely for the
purpose of engaging participants and gaining insight into public opinions.
Comments will be viewable on the Polldaddy site. The Polldaddy Privacy
Policy is available at http://polldaddy.com/privacy/
Twitter: NIH uses Twitter to
send short messages or ‘Tweets’ (up to 140 characters) to share
information about NIH with you and respond to your comments and inquiries sent
via Twitter to NIH. While you may read the NIH Twitter feeds
without subscribing to them, if you want to subscribe to (or follow) NIH Twitter feeds,
you must create a Twitter account at www.twitter.com. To create an
account, you must provide some personal information, such as your name, user
name, password and email address. You have the option to provide additional
personal information including a short biography, location or a picture. Most
information you provide for a Twitter account is available to the
public, but you can modify how much of your information is visible by changing
your privacy settings at the Twitter.com Web site. NIH staff members
monitor the number of subscribers and respond to comments and queries via Twitter,
but the staff never takes possession of the personal information belonging
to you as a Twitter follower. However, as a practice, comment moderator
policy requires the removal from the NIH Twitter pages of any comments
that contain spam or are improper, inflammatory, or offensive. The information
is then saved on a password-protected shared drive accessible to NIH Managers,
System Owners, Communications Staff, Web Teams, and other designated staff
who require this information to perform their duties. The Twitter Privacy
Policy is available at http://twitter.com/privacy
Widgets: NIH offers a variety of widgets
that deliver small versions of selected NIH site content to other online locations
outside of the site where the content originated. Widgets are portable pieces
of code. They deliver information and links to any site or application where
the widget is installed. You can install a widget on any PC or Mac Web page
without requiring additional coding or configuration. If you choose to install
NIH.gov widgets, they will not collect any type of PII from you. The WidgetBox
Privacy Policy is available at http://www.widgetbox.com/info/legal/privacy-policy
Note: This is the privacy policy for the widget creator program,
not the widgets themselves.
WordPress: NIH uses the WordPress.com blog
platform to support its NIH Director’s Blog initiative along with others,
enabling visitors to interact with staff regarding news and initiatives posted
by NIH leaders. As a visitor to an NIH Wordpress instance, you can access the
NIH.gov home page and post comments. You do not need to register, provide your
name, or supply any personal information. The comments are not collected, processed,
or reported in any way. However, if you provide your name or other personally
identifiable information (PII), the information you provide will appear along
with your feedback. Although WordPress offers some analytics and usage
data to NIH, these reports do not include any PII. The reports are password-
protected and only available to NIH Managers, System Owners, Communications
Staff, Web Teams, and other designated staff that require this information
to perform their duties. The WordPress.com Privacy Policy is available
at http://automattic.com/privacy/
YouTube: NIH posts videos on YouTube to
make them available to the public. You do not need to register with either YouTube or
Google (YouTube Owner) to watch NIH YouTube videos. When
you watch videos, YouTube may record non-personally identifiable information
about their site usage, such as channels used, videos watched, and data transfer
details to improve its services. If you log on to the YouTube site
before watching NIH videos, YouTube may associate information about
your site usage with your YouTube account. If you log onto YouTube and
comment on an NIH video, any personal information you included on your YouTube profile
page will be visible to visitors who click on the comment field. If you do
not log in before watching NIH videos posted on YouTube, you cannot
comment on NIH videos and your site usage will not be associated with you or
a YouTube account. The YouTube Privacy Policy is available
at http://www.youtube.com/t/privacy
NIH conducts and publishes a Privacy Impact Assessment (PIA) for each use
of a third-party website as they may have a different functionality or practice.
To learn more, visit the published PIAs at http://www.hhs.gov/pia/nih_pia_summaries_fy12_q1.pdf
For more information on the uses of social and new media for which GSA has
negotiated a federally-friendly Terms of Service Agreement, visit the HHS Center
for New Media at http://newmedia.hhs.gov/standards/tos.html
For further information about NIH privacy policy, please contact the NIH Senior Official for Privacy at privacy@mail.nih.gov; call 301-451-3426 or visit http://oma.od.nih.gov/ms/privacy.
Social Media Links