ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS.

Slides:



Advertisements
Similar presentations
PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
Advertisements

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Mandatory training for all Users who have access to Privacy Act Data
Safeguarding Privacy Act Data Awareness Training for ALL DeCA Employees and Contractors.
Privacy 201 Training for Supervisors
PRESS “F5” ON YOUR KEY BOARD TO PROPERLY START THIS TRAINING MODULE
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Overview of the Privacy Act
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Confidentiality and HIPAA
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Health Insurance Portability and Accountability Act (HIPAA) Presented by: APS Healthcare Southwestern PA Health Care Quality Unit (HCQU) December 2010.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Health Insurance Portability and Accountability Act (HIPAA)
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
1 DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY WARFIGHTER SUPPORT.
FAR P ART 24. This part prescribes policies and procedures that apply requirements of the Privacy Act of 1974 (5 U.S.C. 552a) (the Act) and OMB Circular.
1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.
Defense Privacy Office 1 Budget Documentation and Justification Writing Class The Privacy Act of 1974: What Senior Leaders Need to Know.
Privacy Act 101 Privacy Awareness Training
PRIVACY ACT OVERVIEW The Basic Concepts of the Act United States Pacific Command (USPACOM) FOIA & Privacy Act Conference presented by Samuel P. Jenkins,
PA/FOIA INTERFACE OSD/JS Privacy Office (703)
 Freedom of Information Act General Background. Access to Army Records. Exemptions. Exclusions. Procedural Rules for Processing FOIA Requests for Army.
Privacy 201 Training for Supervisors The Privacy Act of U.S.C. 552a.
PRIVACY ACT OWCP Interagency Meeting November 4, 2014 Paul J. Klingenberg, Esq. Senior Attorney Office of the Solicitor, FEEWC Division.
PRIVACY ACT Federal Workers’ Compensation Conference 2014 Department of Labor.
Health and Safety Legislation
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
HIPAA Health Insurance Portability & Accountability Act of 1996.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
Privacy Act 101 Orientation training for all Military Members, Civilian Employees, and Contractor Personnel.
The Privacy Act of 1974: An Introduction The Privacy Act of 1974: An Introduction September 2010 For Official Use Only 0.
PRIVACY SAFEGUARDS ANNUAL TRAINING FY 2011 previous next Office of Management Privacy, Information and Records Management Services Privacy Safeguards Division.
HIPAA PRIVACY AND SECURITY AWARENESS.
Confidentiality and Public Information Act LISD Special Education Department Training SY
1 DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY DEFENSE LOGISTICS AGENCY AMERICA’S COMBAT LOGISTICS SUPPORT AGENCY WARFIGHTER SUPPORT.
707 KAR 1:360 Confidentiality of Information. Section 1: Access Rights 1) An LEA shall permit a parent to inspect and review any education records relating.
Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.
HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.
HOOVER CITY SCHOOLS In-Service Training: Annual Review of.
Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.
The right item, right place, right time. Privacy Act 101 Privacy Awareness Training AUDIENCE: DLA Workforce Annually (Civilian employees, Military members,
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
Mr. Fleming.  Law passed by Congress in  Right to Privacy ◦ Medical information of patient can only be shared with doctor and professionals administering.
The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.
The right item, right place, right time. Privacy Act 102 Privacy Training for DLA Supervisors / Managers.
Headquarters U. S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Freedom Of Information Act/Privacy Act Interface Freedom Of Information.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Privacy Act United States Army (Managerial Training)
Slide 1 of 9. Slide 2 of 9 The Privacy Act of 1974 (Pub.L , 88 Stat. 1896, enacted December 31, 1974, 5 U.S.C. Section 552a) establishes a Code.
HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.
DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).
For Official Use Only (FOUO) and Similar Designations NPS Security Office
The Medical College of Georgia HIPAA Privacy Rule Orientation.
HIPAA Privacy What Every Staff Member Needs to Know.
HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.
What is HIPAA? HIPAA stands for “Health Insurance Portability & Accountability Act” It was an Act of Congress passed into law in HEALTH INSURANCE.
Wyoming Statutes §§ through
Chapter 3: IRS and FTC Data Security Rules
Move this to online module slides 11-56
Disability Services Agencies Briefing On HIPAA
Employee Privacy and Privacy of Employee Information
The Privacy Act of 1974: An Introduction September 2010
HIPAA Do’s and Don'ts: What is Really Behind Protected Health Information (PHI) and Health Care Privacy Rules Paul Sisler, Director, Information Services;
State of florida tax information sharing Paula Barfield August 5, 2015
Presentation transcript:

ROLES & RESPONSIBILITIES PRIVACY ACT (PA) SYSTEMS OF RECORDS MANAGERS

THE PRIVACY ACT OF 1974 … IS A RECORDS MANAGEMENT STATUTE * how and why we collect information * how we maintain information * who has access * how long we will maintain

THE PRIVACY ACT REQUIRES THAT: NOTICE BE GIVEN TO AN INDIVIDUAL WHENEVER PERSONALLY IDENTIFYING INFORMATION (PII) IS SOLICITED DIRECTLY FROM THAT INDIVIDUAL (PRIVACY ACT STATEMENT)

THE PRIVACY ACT REQUIRES THAT: PUBLICATION BE MADE IN THE FEDERAL REGISTER FOR: - any new PA System of Records collection (PA System of Records Notice) - any existing PA Systems of Records collection where the data collection, purpose, authority, disposition, etc. has changed - any proposed computer matching program

THE PRIVACY ACT REQUIRES THAT: INFORMATION MAINTAINED IN PRIVACY ACT SYSTEM OF RECORDS FILE IS - ACCURATE - RELEVANT - COMPLETE - CURRENT

THE PRIVACY ACT REQUIRES THAT: INDIVIDUALS ARE ALLOWED ACCESS TO RECORDS ABOUT THEMSELVES - when maintained in a NONEXEMPT PA System of Records file.

THE PRIVACY ACT REQUIRES THAT: “OFFICIAL” REQUESTS FOR NONCONSENSUAL DISCLOSURE OF INFORMATION BE PROCESSED IAW PROVISIONS ESTABLISHED BY THE PRIVACY ACT [5 U.S.C. §§ 552a(b)(1) through (b)(12)]. (b)(1) – For Official Use Only (within DoD) (b)(2) – Required to be released by FOIA (b)(3) – For pre-established official use (outside DoD) (b)(4) – To Census Bureau (for census or survey) (b)(5) – For statistical research (b)(6) – To the National Archives (b)(7) – For federal, state, and/or local civil or criminal law enforcement proceeding (b)(8) – When health or safety of an individual is at issue (b)(9) – For “official business” of Congress (b)(10) – To GAO (b)(11) – Pursuant to a court order (b)(12) – To a consumer reporting agency under the Debt Collection Act (31 U.S.C. 3711(e).

THE PRIVACY ACT REQUIRES THAT: INDIVIDUALS BE ALLOWED TO FIND OUT ABOUT ANY UNAUTHORIZED SHARING OR DISCLOSURE OF INFORMATION MAINTAINED IN THEIR RECORDS (DISCLOSURE ACCOUNTING RECORDS). Note: Exceptions to disclosure accounting requirements: - disclosure made pursuant to Exception (b)(1) (FOUO) - disclosure made pursuant to Exception (b)(2) (FOIA) - disclosure made pursuant to Exception (b)(7) (but only during the specific time that the civil or criminal law enforcement proceeding is ongoing)

THE PRIVACY ACT REQUIRES THAT: INDIVIDUALS BE AFFORDED AN OPPORTUNITY AND MEANS BY WHICH TO CORRECT ANY INACCURACIES EXISTING IN THEIR RECORDS.

THE PRIVACY ACT PROVIDES - U.S. citizens and lawful aliens with guaranteed rights - - To access/amend their records - To appeal agency decisions regarding access or amendment - To sue agencies for breaches/compromises

PA SYSTEM OF RECORDS MANAGER RESPONSIBILITIES MANN WHO IS A PRIVACY ACT SYSTEM OF RECORDS MANAGER? Any official responsible for the maintenance of a collection of records whereby records are routinely retrieved by someone’s name or other similar personal identifier? ***** See DoD Regulation R ***** ***** (DON - SECNAVINST G) ***** DOE JAMES SMITH

– Ensure that staff personnel receive annual Privacy Act training. – Ensure that no data collection is undertaken unless there is a Federal Register published PA System of Records Notice that allows for the data collection. – Ensure that data access is limited only to those personnel who have a specific “need to know” – not necessarily to all office personnel! – Ensure that personal data is transmitted in a secure manner. – Ensure that personal data is properly safeguarded during and after duty hours. – Ensure that personal data is properly disposed of (rendered unrecognizable and beyond reconstruction). – Ensure that staff personnel comply with the Privacy Act, DoD Privacy rules (DoD R), and the DON Privacy Act Fair Information Principles. PA SYSTEM OF RECORDS MANAGER RESPONSIBILITIES

PA MANAGER’S ROADMAP FOR MEETING PRIVACY RESPONSIBILITIES - CHECK TO SEE IF YOUR AGENCY HAS DEVELOPED PRIVACY TRAINING * DON has posted training at -ENSURE THAT YOUR STAFF COMPLETES PRIVACY TRAINING ANNUALLY (1) IS YOUR STAFF PRIVACY TRAINED?

PA MANAGER’S ROADMAP FOR MEETING PRIVACY RESPONSIBILITIES * Ensure your staff consults with your command Privacy Office before: - Initiating new data collections. - Adding new elements to an existing, approved database. - Creating or revising forms that collect personal data. - Deploying surveys. (2) ARE YOUR DATA COLLECTIONS PROPERLY CONDUCTED?

PA MANAGER’S ROADMAP FOR MEETING PRIVACY RESPONSIBILITIES * Ensure your staff consults with your command Privacy Office before: - Initiating new data collections. - Adding new elements to an existing, approved database. - Creating or revising forms that collect personal data. - Deploying surveys. * Ensure your staff includes a Privacy Act Statement on all forms, surveys, or websites that collect personal data.

PA MANAGER’S ROADMAP FOR MEETING PRIVACY RESPONSIBILITIES * Mark records “For Official Use Only – Privacy Sensitive” when created. * For e-records, include “For Official Use Only – Privacy Sensitive” on data screens and in headers/footers of printouts. * Place records in file cabinets, overhead bins, or desk drawers for overnight storage. * Cover paper records when a third party enters your workspace. * Use filter screens on terminals to blacken angular views. (3) IS YOUR STAFF SAFEGUARDING THE INFORMATION MAINTAINED IN YOUR FILES?

PA MANAGER’S ROADMAP FOR MEETING PRIVACY RESPONSIBILITIES * Periodically ask your staff to review the Code of Fair Information Principles (available at * Ask your staff to immediately report to you, the Command Privacy Office, of the Command Information Technology staff all instances of personal data being openly posted (no permission levels) to a public or shared website, e-workplace, shared calendar, or shared drive. (4) IS YOUR STAFF FOLLOWING THE PRIVACY ACT FAIR INFORMATION PRINCIPLES?

PA MANAGER’S ROADMAP FOR MEETING PRIVACY RESPONSIBILITIES * Use staff meetings to stress good Privacy practices. * Voice your commitment to protecting individual privacy. * Applaud workers who practice good privacy principles! * Remind staff to use caution when posting data to shared drives, e-work-places, or multi-access calendars. * Question workers who leave personal data in the open. (5) ARE YOU KEEPING PRIVACY AT THE TOP OF YOUR STAFF’S MINDS?

If You Have Access to Personal Data... PKI Encrypt, UserID restrict, and/or password protect personal data placed on shared drives or the Intranet. Monitor your actions: If I do this, will I increase the risk of unauthorized access? Limit non-consensual access to those individuals who have an official need to know inside the agency and ensure that any non-consensual disclosures going outside the agency are permissible under Section (b) of the Privacy Act [5 U.S.C. 552a(b)(1) through (b)(12). It is your RESPONSIBILITY to protect personal information at all times. Remember: You may be subject to civil and criminal penalties for violating the Privacy Act.

Civil Penalties for Noncompliance with the Privacy Act The Privacy Act also imposes civil penalties on violators who: * Unlawfully refuse to amend a record * Unlawfully refuse to grant access to records * Fail to maintain accurate, relevant, timely and complete data * Fail to comply with any Privacy Act provision or agency rule that results in an adverse effect. Penalties include: * Payment of actual damages * Payment of reasonable attorney’s fees * Removal from employment

Criminal Penalties for Noncompliance with the Privacy Act For knowingly and willfully disclosing Privacy Act data to any person not entitled to access: –Misdemeanor criminal charge, and a fine of up to $5000. For maintaining a System of Records without meeting the public notice requirements: –Misdemeanor criminal charge, and a fine of up to $5000. For knowingly and willfully requesting or obtaining records under false pretenses: –Misdemeanor criminal charge, and a fine of up to $5000.