Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

2012 Navy Medicine Audit Readiness Training Symposium
June 27, 2005 Preparing your Implementation Plan.
Alabama Primary Health Care Association
Data Sharing In Accordance with HIPAA
"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Medium-term strategic plan: planned financial estimates for the period E/ICEF/2009/AB/L.5.
1 Regulation. 2 Organisational separation 3 Functional Separation.
Aviation Security Training Module 4 Design and Conduct Exercise II 1.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Data Architecture at CIA Dave Roberts Chief Technical Officer Application Services, CIO CIA
CPIC Training Session: Enterprise Architecture
The Implementation Structure DG AGRI, October 2005
The Managing Authority –Keystone of the Control System
European Union Cohesion Policy
WHO Good Distribution Practices for Pharmaceutical Products
Module N° 7 – Introduction to SMS
EA Demonstration Study : Dissemination Forum – 8 June EA Views and Sub-views Patrick Bardet EA Unit.
A Principal’s Guide to Title I, Part A and LAP Requirements
Assistant Regional Director
1 Targeted Case Management (TCM) Changes Iowa Medicaid Enterprise October 14, 2008.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
MULT. INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
1 From the data to the report Module 2. 2 Introduction Welcome Housekeeping Introductions Name, job, district, team.
Micro Focus Research 1 As far as youre aware, how does your organization plan to drive business growth over the next three years? (Respondents' first choices)
Gaining Senior Leadership Support for Continuity of Operations
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Red-Flag Identity Theft Requirements February 19th 2009 Cathy Casagrande, Privacy Officer.
EMS Checklist (ISO model)
Presentation of the proposed Annex 19 – Safety Management
1 Dr. Ashraf El-Farghly SECC. 2 Level 3 focus on the organization - Best practices are gathered across the organization. - Processes are tailored depending.
1 Title I Program Evaluation Title I Technical Assistance & Networking Session May 23, 2011.
Quality Assurance/Quality Control Plan Evaluation February 16, 2005.
A-16 Portfolio Management Implementation Plan Update
1 From the File Room to Facebook: Best Practices and Standards for Managing Social Media Records Chad Doran, CRM Chief Records Management Officer Arlington.
Enterprise Performance Life Cycle (EPLC) Stage Gate Reviews
J Garza Consulting and Associates 1 Pilot Car Escort Certification Model For State Implementation.
Khammar Mrabit Director Office of Nuclear Security
Office for Human Research Protections 1 Updating the Common Rule Governing Human Subjects Research Protections Jerry Menikoff.
Data Sharing Agreements TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Privacy Act: System of Records Notices and Privacy Act Statements TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
2009 Data Protection Seminar
Freedom of Information Act TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Surveillance TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Environmental Management Systems Refresher
Minimum Necessary Standard Version 1.0
1 Department of State Program Evaluation Policy Overview Spring 2013.
1 Development of Electronic Reporting Tools for IPPC Directive and WI Directive Workshop – Objective and next steps Tuesday 3 rd March 2009 Meeting room.
1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Addition 1’s to 20.
25 seconds left…...
Week 1.
1 Phase III: Planning Action Developing Improvement Plans.
Oregon State Library Transformation Project Launch
NLRB: Information Security & FISMA Daniel Wood, Chief IT Security February 19, 2004.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Environmental Management Systems Refresher
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.
Complying With The Federal Information Security Act (FISMA)
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.
FISMA Privacy Reporting Requirements United States Pacific Command (USPACOM) FOIA & Privacy Act Conference Presented by Samuel P. Jenkins, Director for.
1 Defense Health Agency Privacy and Civil Liberties Office Data Sharing Program Overview Ms. Rita DeShields DHA Data Sharing Compliance Manager August.
Privacy Act United States Army (Managerial Training)
FOIA, Privacy & Records Management Conference 2009
FOIA, Privacy & Records Management Conference 2009
Presentation transcript:

Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office

Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS

TRICARE Management Activity HEALTH AFFAIRS 3 Privacy Reporting and Investment Certification Purpose The purpose of this presentation is to provide an overview of how privacy reporting and investment certification are an important aspect on our road to compliance

TRICARE Management Activity HEALTH AFFAIRS 4 Privacy Reporting and Investment Certification Objectives Upon completion of this course, you should be able to: − Identify privacy reporting requirements and what role the Federal Information Security Management Act (FISMA) has in consolidating these reporting requirements − Identify the role of privacy in the Military Health System (MHS) Defense Business Transformation (DBT) Investment Certification process − Describe the importance of the Defense Health Program System Inventory Reporting Tool (DHP-SIRT) in collecting important privacy information for reporting purposes

TRICARE Management Activity HEALTH AFFAIRS 5 Privacy Reporting

TRICARE Management Activity HEALTH AFFAIRS 6 Privacy Reporting and Investment Certification Types of Privacy Reporting SSN Reduction DoD Quarterly Privacy Training Privacy Act Review Public Law FISMA

TRICARE Management Activity HEALTH AFFAIRS 7 Privacy Reporting and Investment Certification Privacy Act Review Agency Responsibilities − Required by agencies subject to the Privacy Act of 1974 − OMB A-130 provides specific guidelines What types of review must be completed? − Section (M) contracts − Records practices − Routine Uses/System of Records/Exemptions − Matching programs − Training − Violations − (e)(3) Statements

TRICARE Management Activity HEALTH AFFAIRS 8 Privacy Reporting and Investment Certification SSN Reduction What brought about Social Security Number (SSN) reduction? − Task Force on Identity Theft Strategic Plan − Office of Management and Budget (OMB) How is SSN reduction being addressed for privacy reporting purposes? − What role does the TMA Privacy Officer have? Provide consultation related to review of SSN usage on forms and surveys Verify program managers are reporting SSN usage for TMA systems

TRICARE Management Activity HEALTH AFFAIRS 9 Privacy Reporting and Investment Certification Public Law What is Public Law ? − Implementing recommendations of the 9/11 Commission Act of 2007 − Title VIII contains sections on privacy and civil liberties Contains four sections Section 803 speaks specifically to the quarterly privacy reporting What privacy information is being collected? − Privacy reviews − Advice and responses − Privacy complaints and dispositions

TRICARE Management Activity HEALTH AFFAIRS 10 Privacy Reporting and Investment Certification DoD Quarterly Privacy Training How is DoD Privacy Training being reported? − Requirement of OMB to ensure privacy training − Requirement from the Defense Privacy Office to report quarterly via FISMA What training elements are being reported? − Orientation training − Specialized training − Management training − Annual Refresher training

TRICARE Management Activity HEALTH AFFAIRS 11 Privacy Reporting and Investment Certification FISMA What is FISMA? − Report required by the E-Government Act of 2002 − Report on the security and privacy of sensitive information in federal computer systems How often are we reporting for FISMA purposes? − Quarterly − Annually

TRICARE Management Activity HEALTH AFFAIRS 12 Privacy Reporting and Investment Certification FISMA – Quarterly Reporting Why is quarterly reporting different than annual reporting? − Provides a pulse check on both security and privacy of systems − Quarterly report is not as comprehensive as annual report What exactly is being reported in the quarterly FISMA report? − Privacy Impact Assessment (PIA) and System of Records Notice (SORN) information − Inventory of systems − Certification & accreditation information

TRICARE Management Activity HEALTH AFFAIRS 13 Privacy Reporting and Investment Certification FISMA – Annual Reporting How does FISMA bring all these privacy reporting requirements together? FISMA SSN Reduction Public Law DoD Quarterly Privacy Training Privacy Act Review

TRICARE Management Activity HEALTH AFFAIRS 14 Investment Certification

TRICARE Management Activity HEALTH AFFAIRS 15 Privacy Reporting and Investment Certification Investment Certification What is investment certification? − Method to ensure appropriate due diligence has been applied to MHS programs/systems which receive funding − Allows MHS key stakeholders to address system concerns How did TMA Privacy Office get involved? − MHS DBT met with TMA Privacy Office − Privacy framework was developed − TMA Privacy Office designated as privacy subject matter expert for investment certification review

TRICARE Management Activity HEALTH AFFAIRS 16 Privacy Reporting and Investment Certification Investment Certification (continued) What documents are reviewed by the TMA Privacy Office? − Privacy Investment Framework − PII/PIA/FISMA checklist − Investment Concept of Operations MHS DBT Investment Package Completion MHS Investment Review Committee Meeting Packages Sent to Additional Investment Review Boards Discussion of Unresolved Issues Investment Review Process

TRICARE Management Activity HEALTH AFFAIRS 17 Privacy Reporting and Investment Certification Investment Certification (continued) How has the Privacy Office/DBT relationship been beneficial? − Organizational privacy awareness − Proactive approach by various program offices − Addressing privacy earlier in the system development life cycle

TRICARE Management Activity HEALTH AFFAIRS 18 DHP-SIRT

TRICARE Management Activity HEALTH AFFAIRS 19 Privacy Reporting and Investment Certification DHP-SIRT What is DHP-SIRT? − Assistant Secretary of Defense for Health Affairs (ASD/HA)/TMA System Repository Driven by development of Defense Information Technology Portfolio Repository Contains different system information to include privacy data DHP-SIRT helps facilitate collection of privacy information for privacy reporting − Collects certain data privacy elements for reporting purposes PIA information SORN information SSN information

TRICARE Management Activity HEALTH AFFAIRS 20 Privacy Reporting and Investment Certification Summary You should now be able to: − Identify privacy reporting requirements and what role FISMA has in consolidating these reporting requirements − Understand the role of privacy in the MHS DBT Investment Certification process − Understand the importance of the DHP-SIRT in collecting important privacy information for reporting purposes

TRICARE Management Activity HEALTH AFFAIRS 21 Privacy Reporting and Investment Certification Resources Public Law Section 208, “E-Government Act of 2002”, 17 December 2002 Public Law , Title III, “Federal Information Security Management Act”, 17 December 2002 Public Law , “Implementing Recommendations of the 9/11 Commission Act of 2007”, 3 August 2007 “Federal Agency Data Mining Reporting Act of 2007”, 4 June 2007 DoDI , “DoD Privacy Impact Assessment (PIA) Guidance”, 12 February 2009 DTM USD(P&R) – “DoD Social Security Number (SSN) Reduction Plan”, 28 March 2008

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.