Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Personnel Security 2007 Data Protection Seminar TMA Privacy Office HEALTH AFFAIRS TRICARE Management Activity.

Published byDina Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Personnel Security 2007 Data Protection Seminar TMA Privacy Office HEALTH AFFAIRS TRICARE Management Activity."— Presentation transcript:

1 1 Personnel Security 2007 Data Protection Seminar TMA Privacy Office HEALTH AFFAIRS TRICARE Management Activity

2 2 Personnel Security Purpose  This presentation will provide an overview of the TRICARE Management Activity (TMA) office role in personnel security

3 3 Personnel Security Objectives  Upon completion of this lesson, you will be able to: Understand TMA Privacy Office’s personnel security Be familiar with current policies and procedures for TMA personnel security Identify common misconceptions with respect to personnel security background investigations

4 4 Personnel Security Mission and Objective  Mission Ensure policies and procedures against inappropriate use and disclosure of sensitive information are upheld by contractors who have access to information systems containing Protected Health Information (PHI) and Privacy Act information on Department of Defense (DoD) Information Technology (IT) Systems  Objective Provide guidance and consultation to ensure all TMA contractor employees with access to DoD IT Systems are:  Trustworthy  Reliable  Of unquestionable allegiance to the United States

5 5 Personnel Security What is Personnel Security?  Personnel Security refers to the practices, technologies, and/or services used to ensure personnel security safeguards are applied specifically to: Contractors on TRICARE contracts IT systems Background checks and trustworthiness determination Granting or withdrawing system access privileges – Common Access Card (CAC)  Misconception TMA Privacy Office Personnel Security pertains to military and government civilian personnel

6 6 Personnel Security The Information and System Lifecycle Start: Personnel Security Phase 1 Initiation Phase 2 Acquisition/ Development Phase 3 Implementation Phase 4 Operations/ Maintenance Phase 5 Disposition Complete: Personnel Security When to address Personnel Security?

7 7 Personnel Security Why Personnel Security?  Consider the purpose of Personnel Security safeguards The most common perpetrators of significant computer crime are those with legitimate access  Knowingly  Unknowingly Managing personnel with privileged access is critical  Recertification  Change in level access

8 8 USDI Guidance (DoD 5200.2R) OPM ISN TMA Privacy Office JPAS MCSC employees NPC employees ISN JPAS ISN JPAS DISCO DOHA SF85P Difficult cases Completed cases JPAS Unacceptable Cases Denials Personnel Security Workflow

9 9 Personnel Security ADP Determination Levels  Applicable levels of trustworthiness determinations for public trust positions: ADP/IT-I ─ Critical Sensitive Position ADP/IT-II ─ Non-critical Sensitive Position ADP/IT-III ─ Non-critical Non-Sensitive Position Note: ADP/IT-III are no longer authorized on DoD systems ADP is the language formerly used for information systems

10 10 Personnel Security Positions of Trust vs. Security Clearances (1 of 2)  Positions of Trust- SF 85 (paper)  SF 85P and FD 258 (fingerprint card) completed and mailed to OPM  Office of Personnel Management (OPM) screens, schedules, or rejects questionnaire  Investigation Schedule Notice (ISN)

11 11 Personnel Security Positions of Trust vs. Security Clearances (2 of 2)  ISN’s entered into MHS database and copy sent to contracting company  Investigation level and schedule date entered into JPAS  Interim access granted upon ISN receipt

12 12 Personnel Security SF 86 Security Clearance  Submitted electronically via eQIP to Defense Security System (DSS)  Interim secret access granted normally within 48 hours  OPM schedules National Agency Check with Local Law and Credit Check (NACLC) investigation  Posted in JPAS

13 13 Personnel Security Common Access Card Process  Facilities Security Officer (FSO) prepares DD1172 and sends to TMA Privacy Office  TMA Privacy Office verifies background investigation type NACLC required  Sends DD1172 to TMA Security Office  TMA Security notifies company FSO to have personnel complete Contracting Verification System (CVS) application  TMA Security notifies FSO when CVS application has been accepted and to have employee proceed to a RAPIDS location for CAC issuance

14 14 Personnel Security Application Requirement: ADP/IT-I  A written request for approval must be submitted to the TMA Privacy Officer prior to submitting the application to OPM  The Letter of Request must include: Thorough job description which justifies the need for the ADP/IT-I Trustworthiness Determination Contact information for the Security Officer or other appropriate executive Signature, at a minimum, by the company Security Officer or other appropriate executive

15 15 Personnel Security Interim Access  New TRICARE contractor employees who are U.S. citizens may be granted interim access upon receipt of notification of a scheduled investigation by OPM  Misconception: Prior language implied access granted after submission of the SF 85P and fingerprint cards to the OPM

16 16 Personnel Security Non-U.S. Citizen Access  Non-United State Citizens are not being adjudicated for any trustworthiness position by any government agency for TRICARE contracts  SF 85P’s will not be submitted on Non-United States citizen contractor employees

17 17 Personnel Security Open Issues  Communication between contracting companies and TMA Privacy Office (i.e. New submittals, Denial acknowledgement and Termination notification)  Sharing of billing and accounting data – can constitute fraud against the government  Procedures for obtaining CAC and access to HA/TMA Network

18 18 Personnel Security Presentation Summary  You should now be able to: Understand TMA Privacy Office’s personnel security Be familiar with current policies and procedures TMA personnel security Identify common misconceptions with respect to personnel security background investigations

19 19 Personnel Security Resources (1 of 4)  DoD 5200.2-R, “Personnel Security Program (January 1987),”  Privacy Act of 1974  Health Insurance Portability and Accountability Act (HIPAA) of 1996  DoD 6025.18-R, “DoD Health Information Privacy Regulation, January 2003”

20 20 Personnel Security Resources (2 of 4)  DoD 5220.22-M, “National Industrial Security Program Operating Manual” (NISPOM), January 1995 (Change 2, May 1, 2000)  DoD 8500.1, “Information Assurance, (October 24, 2002)  www.tricare.osd.mil/tmaprivacy/personnel- security.cfm www.tricare.osd.mil/tmaprivacy/personnel- security.cfm  Questions: ADP.MAIL@TMA.OSD.MILADP.MAIL@TMA.OSD.MIL

21 21 Personnel Security Resources (3 of 4)

22 22 Personnel Security Resources (4 of 4)

23 23 Please fill out your critique Thanks! TRICARE Management Activity HEALTH AFFAIRS

Download ppt "1 Personnel Security 2007 Data Protection Seminar TMA Privacy Office HEALTH AFFAIRS TRICARE Management Activity."

Similar presentations

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
PIV-I Issuing Procedures for Applicants (New Contractors) v1.1

PIV-I Issuing Procedures for Applicants (New Contractors) v1.1
Data Sharing Agreements TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Data Sharing Agreements TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
2009 Data Protection Seminar

2009 Data Protection Seminar
Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.

Annual Security Refresher Briefing Note: All classified markings contained within this presentation are for training purposes.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.

Copyright Eastern PA EMS Council February 2003 Health Information Portability and Accountability Act It’s the law.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Defense Security Service Facility Clearance Branch (FCB)

Defense Security Service Facility Clearance Branch (FCB)
Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.
Department of Health and Human Services Personal Identity Verification Training APPLICANT.

Department of Health and Human Services Personal Identity Verification Training APPLICANT.
Copyright © 2008 Delmar Learning. All rights reserved. Chapter 4 Life Cycle of an Insurance Claim.

Copyright © 2008 Delmar Learning. All rights reserved. Chapter 4 Life Cycle of an Insurance Claim.
Clearance Processing Back To The Basics Presented By Mallory Howard

Clearance Processing Back To The Basics Presented By Mallory Howard
Florida Industrial Security Working Group (FISWG) SF86 Review Workshop Nannette Bell December 2012.

Florida Industrial Security Working Group (FISWG) SF86 Review Workshop Nannette Bell December 2012.
Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.
Joint Personnel Adjudication System (JPAS) Overview

Joint Personnel Adjudication System (JPAS) Overview
PIV-I Issuing Procedures for Applicants (Current Contractors) v1.1.

PIV-I Issuing Procedures for Applicants (Current Contractors) v1.1.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management

Similar presentations

Ads by Google