Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Published byAnnette Hooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office."— Presentation transcript:

1 Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office

2 Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS

3 TRICARE Management Activity HEALTH AFFAIRS 3 Privacy Reporting and Investment Certification Purpose The purpose of this presentation is to provide an overview of how privacy reporting and investment certification are an important aspect on our road to compliance

4 TRICARE Management Activity HEALTH AFFAIRS 4 Privacy Reporting and Investment Certification Objectives Upon completion of this course, you should be able to: − Identify privacy reporting requirements and what role the Federal Information Security Management Act (FISMA) has in consolidating these reporting requirements − Identify the role of privacy in the Military Health System (MHS) Defense Business Transformation (DBT) Investment Certification process − Describe the importance of the Defense Health Program System Inventory Reporting Tool (DHP-SIRT) in collecting important privacy information for reporting purposes

5 TRICARE Management Activity HEALTH AFFAIRS 5 Privacy Reporting

6 TRICARE Management Activity HEALTH AFFAIRS 6 Privacy Reporting and Investment Certification Types of Privacy Reporting SSN Reduction DoD Quarterly Privacy Training Privacy Act Review Public Law 110-53 FISMA

7 TRICARE Management Activity HEALTH AFFAIRS 7 Privacy Reporting and Investment Certification Privacy Act Review Agency Responsibilities − Required by agencies subject to the Privacy Act of 1974 − OMB A-130 provides specific guidelines What types of review must be completed? − Section (M) contracts − Records practices − Routine Uses/System of Records/Exemptions − Matching programs − Training − Violations − (e)(3) Statements

8 TRICARE Management Activity HEALTH AFFAIRS 8 Privacy Reporting and Investment Certification SSN Reduction What brought about Social Security Number (SSN) reduction? − Task Force on Identity Theft Strategic Plan − Office of Management and Budget (OMB) How is SSN reduction being addressed for privacy reporting purposes? − What role does the TMA Privacy Officer have? Provide consultation related to review of SSN usage on forms and surveys Verify program managers are reporting SSN usage for TMA systems

9 TRICARE Management Activity HEALTH AFFAIRS 9 Privacy Reporting and Investment Certification Public Law 110-53 What is Public Law 110-53? − Implementing recommendations of the 9/11 Commission Act of 2007 − Title VIII contains sections on privacy and civil liberties Contains four sections Section 803 speaks specifically to the quarterly privacy reporting What privacy information is being collected? − Privacy reviews − Advice and responses − Privacy complaints and dispositions

10 TRICARE Management Activity HEALTH AFFAIRS 10 Privacy Reporting and Investment Certification DoD Quarterly Privacy Training How is DoD Privacy Training being reported? − Requirement of OMB to ensure privacy training − Requirement from the Defense Privacy Office to report quarterly via FISMA What training elements are being reported? − Orientation training − Specialized training − Management training − Annual Refresher training

11 TRICARE Management Activity HEALTH AFFAIRS 11 Privacy Reporting and Investment Certification FISMA What is FISMA? − Report required by the E-Government Act of 2002 − Report on the security and privacy of sensitive information in federal computer systems How often are we reporting for FISMA purposes? − Quarterly − Annually

12 TRICARE Management Activity HEALTH AFFAIRS 12 Privacy Reporting and Investment Certification FISMA – Quarterly Reporting Why is quarterly reporting different than annual reporting? − Provides a pulse check on both security and privacy of systems − Quarterly report is not as comprehensive as annual report What exactly is being reported in the quarterly FISMA report? − Privacy Impact Assessment (PIA) and System of Records Notice (SORN) information − Inventory of systems − Certification & accreditation information

13 TRICARE Management Activity HEALTH AFFAIRS 13 Privacy Reporting and Investment Certification FISMA – Annual Reporting How does FISMA bring all these privacy reporting requirements together? FISMA SSN Reduction Public Law 110-53 DoD Quarterly Privacy Training Privacy Act Review

14 TRICARE Management Activity HEALTH AFFAIRS 14 Investment Certification

15 TRICARE Management Activity HEALTH AFFAIRS 15 Privacy Reporting and Investment Certification Investment Certification What is investment certification? − Method to ensure appropriate due diligence has been applied to MHS programs/systems which receive funding − Allows MHS key stakeholders to address system concerns How did TMA Privacy Office get involved? − MHS DBT met with TMA Privacy Office − Privacy framework was developed − TMA Privacy Office designated as privacy subject matter expert for investment certification review

16 TRICARE Management Activity HEALTH AFFAIRS 16 Privacy Reporting and Investment Certification Investment Certification (continued) What documents are reviewed by the TMA Privacy Office? − Privacy Investment Framework − PII/PIA/FISMA checklist − Investment Concept of Operations MHS DBT Investment Package Completion MHS Investment Review Committee Meeting Packages Sent to Additional Investment Review Boards Discussion of Unresolved Issues Investment Review Process

17 TRICARE Management Activity HEALTH AFFAIRS 17 Privacy Reporting and Investment Certification Investment Certification (continued) How has the Privacy Office/DBT relationship been beneficial? − Organizational privacy awareness − Proactive approach by various program offices − Addressing privacy earlier in the system development life cycle

18 TRICARE Management Activity HEALTH AFFAIRS 18 DHP-SIRT

19 TRICARE Management Activity HEALTH AFFAIRS 19 Privacy Reporting and Investment Certification DHP-SIRT What is DHP-SIRT? − Assistant Secretary of Defense for Health Affairs (ASD/HA)/TMA System Repository Driven by development of Defense Information Technology Portfolio Repository Contains different system information to include privacy data DHP-SIRT helps facilitate collection of privacy information for privacy reporting − Collects certain data privacy elements for reporting purposes PIA information SORN information SSN information

20 TRICARE Management Activity HEALTH AFFAIRS 20 Privacy Reporting and Investment Certification Summary You should now be able to: − Identify privacy reporting requirements and what role FISMA has in consolidating these reporting requirements − Understand the role of privacy in the MHS DBT Investment Certification process − Understand the importance of the DHP-SIRT in collecting important privacy information for reporting purposes

21 TRICARE Management Activity HEALTH AFFAIRS 21 Privacy Reporting and Investment Certification Resources Public Law 107- 347 Section 208, “E-Government Act of 2002”, 17 December 2002 Public Law 107-347, Title III, “Federal Information Security Management Act”, 17 December 2002 Public Law 110-53, “Implementing Recommendations of the 9/11 Commission Act of 2007”, 3 August 2007 “Federal Agency Data Mining Reporting Act of 2007”, 4 June 2007 DoDI 5400.16, “DoD Privacy Impact Assessment (PIA) Guidance”, 12 February 2009 DTM 07-15-USD(P&R) – “DoD Social Security Number (SSN) Reduction Plan”, 28 March 2008

Download ppt "Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
2012 Navy Medicine Audit Readiness Training Symposium

2012 Navy Medicine Audit Readiness Training Symposium
June 27, 2005 Preparing your Implementation Plan.

June 27, 2005 Preparing your Implementation Plan.
Alabama Primary Health Care Association

Alabama Primary Health Care Association
Data Sharing In Accordance with HIPAA

Data Sharing In Accordance with HIPAA
Embedding Privacy in Federal Information Systems Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Medium-term strategic plan: planned financial estimates for the period 2009-2012 E/ICEF/2009/AB/L.5.

Medium-term strategic plan: planned financial estimates for the period E/ICEF/2009/AB/L.5.
1 Regulation. 2 Organisational separation 3 Functional Separation.

1 Regulation. 2 Organisational separation 3 Functional Separation.
Aviation Security Training Module 4 Design and Conduct Exercise II 1.

Aviation Security Training Module 4 Design and Conduct Exercise II 1.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Data Architecture at CIA Dave Roberts Chief Technical Officer Application Services, CIO CIA

Data Architecture at CIA Dave Roberts Chief Technical Officer Application Services, CIO CIA
CPIC Training Session: Enterprise Architecture

CPIC Training Session: Enterprise Architecture
The Implementation Structure DG AGRI, October 2005

The Implementation Structure DG AGRI, October 2005
The Managing Authority –Keystone of the Control System

The Managing Authority –Keystone of the Control System
European Union Cohesion Policy

European Union Cohesion Policy
WHO Good Distribution Practices for Pharmaceutical Products

WHO Good Distribution Practices for Pharmaceutical Products
Module N° 7 – Introduction to SMS

Module N° 7 – Introduction to SMS
EA Demonstration Study : Dissemination Forum – 8 June 20091 EA Views and Sub-views Patrick Bardet EA Unit.

EA Demonstration Study : Dissemination Forum – 8 June EA Views and Sub-views Patrick Bardet EA Unit.
A Principal’s Guide to Title I, Part A and LAP Requirements

A Principal’s Guide to Title I, Part A and LAP Requirements

Similar presentations

Ads by Google