VBA Privacy Program Overview and Professional Development Support
Learn about the Veterans Benefits Administration (VBA) Privacy Program's legal responsibilities in safeguarding individuals' personally-identifiable information and health data. Explore how VBA provides training, conducts assessments, and supports Privacy Officers in ensuring compliance with privacy policies and procedures.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
VA Veterans Benefits Administration Office of Mission Support (OMS) VBA PRIVACY PROGRAM Rochelle Foxworth, Supervisory Privacy Officer July 2023 Build, Sustain, Improve! 1
Objective To provide an overview of the VBA Privacy Program and emphasize the legal responsibility to protect and safeguard the personally-identifiable information (PII) and protected health information (PHI) of individuals whose information we collect. Relevant, Responsive, Respected! 2 2
Supports VBA Central Office and 56 Regional Offices (ROs) Professional Development Training We create and provide training based on VA Directive 6509 Duties of Privacy Officers, to support the professional development of the privacy community. Privacy Officers receive TMS credit for these trainings. Monthly Privacy Officer Meetings These are chats with Privacy Officers from across VBA to discuss current topics derived from questions coming from ROs or current updates from VBACO Privacy Office. Completion Assistance of Facility Self-Assessments (FSA) Created by the Privacy and Records Assessment Directorate (PRAD) office to conduct ongoing monitoring and assess facilities Privacy and Records Management Programs for compliance with applicable policies, statutes, and regulations. All ROs are required to complete quarterly. Privacy Incidents Assist facilities with filing Privacy Security Event Tracking System (PSETS) tickets. Relevant, Responsive, Respected! 3 3
Professional Development Privacy Officer Training Program supports VBA Privacy Officers by defining common knowledge skills and abilities (KSAs), training resources, and professional development tools required to implement and ensure local compliance with Privacy policies and procedures. Privacy Officer Monthly Calls Professional Development Sample Topics: The Role of the VBA Privacy Officer Incident Response and Reporting Privacy Awareness FY20 10 FY20 8 FY21 12 FY21 6 FY22 12 FY22 1 FY23 7 FY23 5 Relevant, Responsive, Respected! 4 4
Facility Self Assessments VBA Privacy Office provides the following services to assist the ROs in completing the assessment: Monitoring of ROs completion of the quarterly requirement for compliance and sending reminders of upcoming deadlines Provide quarterly training focused on the content areas being evaluated Consult and assist the VBA Privacy Officers while they complete the 120-question assessment along with providing resource assistance for questions requiring mandatory document upload Relevant, Responsive, Respected! 5 5
Knowledge Check Which office administers Facility Self-Assessments (FSAs)? A. VBA Privacy Office B. Privacy and Records Assessment Directorate (PRAD) C. VA Privacy Service D. Office of Management and Budget (OMB) Relevant, Responsive, Respected! 6 6
Privacy Incidents What is a Privacy Incident? A privacy incident is any event that has resulted in unauthorized use or disclosure of personal identifiable information (PII) or protected health information (PHI) where persons, other than authorized users, access PII/PHI or use it for an unauthorized purpose. How to Report Privacy Incidents: Report incidents to your Privacy Officer (PO). Anyone can report a suspected privacy incident. You are not required to speak to your manager before reporting an incident but should keep management informed when incidents occur. This can be done via email or phone call. Privacy Officers are required to report privacy incidents within one hour of notification. Relevant, Responsive, Respected! 7 7
Knowledge Check Privacy incidents are reported to the Privacy Officer? A. True B. False Relevant, Responsive, Respected! 8 8
Knowledge Check What is a Privacy Incident? A privacy incident is any event that has resulted in unauthorized use or disclosure of personal identifiable information (PII) or protected health information (PHI) where persons, other than authorized users, access PII/PHI or use it for an unauthorized purpose. A. True B. False Relevant, Responsive, Respected! 9 9
Consultancy and Customer Service VACO Privacy Officers provide customer service by answering questions to VBA Business Lines, Staff Offices, Office of General Counsel (OGC), Regional Offices and Veterans, their family and dependents about: Privacy Laws VA Privacy Regulations Facility Self Assessments Privacy and Records Assessment Directorate Assessment Privacy Incidents Relevant, Responsive, Respected! 10 10
VA Privacy Policies, Statutes, and Guidance The VBA Privacy Office ensures that VA policies comply with Federal regulatory requirements and legislative mandates. We promulgate those policies throughout VBA. VA Privacy Policies, Statutes, and Guidance VA Code of Fair Information Principles VA Notice of Privacy Practices VA Information Security Rules of Behavior for Organization VA Information Security Rules of Behavior for Non-Organization Handbook 6300.4, Procedures for Processing Requests for Records Subject to the Privacy Act VA Handbook 6300.5 for SORN guidance VA Directive 6500 - VA Cybersecurity Program VA Handbook 6500 - Risk Management Framework for VA Information Systems and Information Security Program Directive 6502, VA Enterprise Privacy Program Directive 6502.3, Web Page Privacy Policy Handbook 6502.3, Webpage Privacy Policy VA Handbook 6502.4, Procedures for Matching Programs Directive 6507, Reducing the Use of Social Security Numbers (SSN) Handbook 6507.1, Acceptable uses of the Social Security Number and the VA SSN Review Board Directive 6508, Implementation of Privacy Threshold Analysis and Privacy Impact Assessment Relevant, Responsive, Respected! 11 11
VA Privacy Policies, Statues, and Guidance (cont.) VA Privacy Policies, Statutes, and Guidance (cont.) Handbook 6508.1, Procedures for Privacy Threshold Analysis and Privacy Impact Assessment Directive 6509, Duties of Privacy Officers Directive 6511, Presentations Displaying Personally-Identifiable Information Directive 6609, Mailing of Sensitive Personal Information Privacy Statutes The Privacy Act of 1974 The Computer Matching and Privacy Protection Act The eGovernment Act of 2002 The Freedom of Information Act The Paperwork Reduction Act OMB Guidance OMB Memorandum M-22-05, Guidance on Federal Information Security and Privacy Management Requirements OMB Circular A-130, Managing Information as a Strategic Resource OMB Memorandum 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information OMB Memorandum 06-16, Protection of Sensitive Agency Information OMB Memorandum 06-15, Safeguarding Personally Identifiable Information Relevant, Responsive, Respected! 12 12
