Presentation is loading. Please wait.

Presentation is loading. Please wait.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Published byKenneth Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office."— Presentation transcript:

1 Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office Former Privacy Officer, DoD Tricare Management Activity

2 AGENDA Opening Thoughts Organizational Assessment Privacy Program Development Ongoing Activities Monitoring and Reporting

3 The health care industry uses one of the largest networked information systems in the country. The information technology and many interfaces required to meet the needs of the healthcare industry continue to expand. With this expansion we are also experiencing a similar increase in privacy incidents (loss, theft or compromise) and breaches of information (identity theft, healthcare fraud, malicious intent). The Nations concern for personal privacy is not new particularly in health care. Becoming privacy compliant is a process first through an assessment of where we are and a determination where we desire to be followed by a plan to get and stay there. The application of privacy standards for personally identifiable information and protected health information has evolved over time. Organizations must continue to grow in order to stay ahead of these changes. The standards that are most important are those that matter the most to the customer. Opening Thoughts

4 OrganizationalAssessment Organizational Assessment Determine where the organization is in relation to its privacy requirements – Identify information systems and processes Document all locations of personal information (files, databases, paper copies, CDs, hard drives, tapes and any other storage medium) Map the processes associated with the above locations against the requirements of the organization the collect, use, share, process, maintain, store and destroy information Compare current policies against the requirements of applicable privacy legislation or regulation to establish a gap analysis between existing and required standards Identify risks associated with data, uses and compliance to create a strategic plan and working document to achieve compliance

5 Privacy Program Development (Refreshment) Establish infrastructure Position descriptions –Chief Privacy Official –Privacy team leads –Key Privacy personnel Compliance reporting lines –Policy and compliance monitoring –Training and refresher training completion and documentation –Incident reporting and follow-up Designate authority over privacy issues –Develop teams and identify key personnel for privacy actions related to documents, systems, information sharing, transfer, storage and others –Empower employees throughout the organization

6 Development and implementing policies, procedures training and making changes as required – Change forms, systems, procedures and manuals to reflect privacy requirements Change or develop systems to address and support privacy compliance. Network coordination of policy development and implementation throughout the organization Review holdings and archived information for protections (both privacy and security requirements) Train, refresh, retrain. Learning is not just acquiring more information but instead it is about expanding the results we truly want. Create anonymous lessons learned from incidents to educate staff on issues and ways to avoid them Ongoing Activities

7 Monitor and Report for Compliance To ensure you get to the desired compliance Re-assess results with policies to measure outcomes and show due diligence toward compliance Determine criteria for measurement of training completion, incident reporting and management actions Create an environment that encourages the reporting of incidents Identify thresholds for escalating issues to senior management Establish a means of communication for staff, patients and other persons with inquiries, concerns or issues Ensures that appropriate reporting procedures are developed and implemented and that there is a mechanism for follow-up, communication, re-training and resolution of issues. Ensures that appropriate reviews and audits are conducted to provide assurance that privacy policies, procedures and technology create a compliant environment.

8 Conclusion A privacy compliant organizational structure allows adoption of methodologies in addressing the privacy issue it faces. The organization can address in a systematic and planned way, specific privacy requirements, including personal information policies, procedures and standards. An adequate privacy compliance program can create or improve consumer trust and improve the protection of information for consumers and employees alike. Publicity of privacy violations can cause damage to an organizations reputation and possibly its ability to attract patients.

9 Samuel P. Jenkins, Director 1901 S. Bell Street, Suite 920 Arlington, VA. 22202 (Email) DPO.Correspondence@osd.milDPO.Correspondence@osd.mil (Office) (703) 607-2943 (Fax) (703) 607-2951

Download ppt "Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office."

Similar presentations

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.

1 Auditing in the Public Interest Records Management in the Victorian Public Sector Audit objective Audit had two objectives : The first objective was.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA Regulations What do you need to know?.

HIPAA Regulations What do you need to know?.
Randy Benson RHQN Executive Director May, 2012. Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)

Randy Benson RHQN Executive Director May, Compliance Issues During Survey Compliance Officers monitor healthcare facilities (hospitals and clinics)
October 2009. In May 2000, Walkerton’s drinking water system became contaminated with deadly bacteria, primarily Escherichia coli O157:H7.1 Seven people.

October In May 2000, Walkerton’s drinking water system became contaminated with deadly bacteria, primarily Escherichia coli O157:H7.1 Seven people.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
The Role of Regulation in the development of the postal sector in Uganda A presentation to the conference on Leveraging of ICTs in the transformation of.

The Role of Regulation in the development of the postal sector in Uganda A presentation to the conference on Leveraging of ICTs in the transformation of.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Purpose of the Standards

Purpose of the Standards
Guidelines for constructing a Compliance Program for Medicaid Managed Care Organizations and PrePaid Health Plans As provided by the Medicaid Alliance.

Guidelines for constructing a Compliance Program for Medicaid Managed Care Organizations and PrePaid Health Plans As provided by the Medicaid Alliance.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
© 2013 BOS Solutions Ltd. Revised: Mar 15,2013 Version 2 – BOS HSE MSpg. 1 The BOS HSE Management System Brad Whitaker, MSPH, CSP BOS Solutions HSE Director.

© 2013 BOS Solutions Ltd. Revised: Mar 15,2013 Version 2 – BOS HSE MSpg. 1 The BOS HSE Management System Brad Whitaker, MSPH, CSP BOS Solutions HSE Director.

Similar presentations

Ads by Google