DOC

Assist Visit Program Supplement to the TMA Assist Visit Guide

By Todd Thomas,2014-06-22 18:55
15 views 0
Assist Visit Program Supplement to the TMA Assist Visit Guide

    TRICARE MANAGEMENT ACTIVITY PRIVACY OFFICE

    SUPPLEMENT TO THE TMA ASSIST VISIT GUIDE

    PRIVACY ACT

    INDIVIDUAL RIGHTS/SYSTEM OF RECORDS

    COMMENTS AND/OR OPPORTUNITIES FOR IMPROVEMENT IDENTIFIED References STANDARD

    Privacy Act of 1974 MHS is not allowed to maintain a system of records without first 1. Personnel are aware that the Military Healthcare System

    (5 U.S.C. ?552a) publishing its purpose, routine use, and other requirements in the (MHS) shall not have any unauthorized system of records. Federal Register.

DoD 5400.11-R Department Normally, amendments under this Regulation are limited to 2. Individuals have a legal right to see and amend their

    of Defense Privacy Program correcting factual matters and not matters of official judgment, information maintained in a system of records. C3.3.2.1 such as performance ratings, promotion potential, and job

     performance appraisals.

DoD 5400.11-R C1.4.1; The Privacy Act states administrative, physical, and technical 3. The government is required to safeguard their information

    Privacy Act of 1974 security safeguards, should be implemented to protect Personally maintained in a system of records to ensure its security and (5 U.S.C. ?552a) Identifiable Information (PII). accuracy.

    DoD 5400.11-R C6.1.6 A Privacy Act SORN is required for systems from which 4. A system notice is published in the Federal Register at least

     information is retrieved using an individual's name or some other 30 days before a system goes live. identifier. http://www.tricare.mil/tma/privacy/RoleoftheTMAPrivacyOffice.aspx

     A system of records under development or one that is undergoing

     significant modification must complete a Privacy Act System of

    Record Notice.

    Please check in the online listings to see if your system is already

    listed.

    If your system is not listed or you require a new SOR notice,

    please read the steps for “Establishing a new (or

    Altering/Amending and Existing) System of Records

    (http://www.tricare.mil/tma/privacy/SystemsofRecords.aspx).

    TMA Privacy Office Assist Visit Program Supplement 1

    February 2010

    TRICARE MANAGEMENT ACTIVITY PRIVACY OFFICE

    SUPPLEMENT TO THE TMA ASSIST VISIT GUIDE

    PRIVACY ACT

    COMMENTS AND/OR OPPORTUNITIES FOR IMPROVEMENT IDENTIFIED References STANDARD

    USES AND DISCLOSURES

    DoD 5400.11-R Department A Privacy Act “system of records” is defined as a group of any 5. A Systems of Records Notice (SORN) must be submitted for of Defense Privacy Program records under the control of any agency from which information is publication in the Federal Register if paper and/or electronic C1.1.2.2 retrieved (or accessed) by the name of the individual, number, records are retrieved by name or other personal identifier. symbol, or other identifier particularly assigned to the individual.

    The Privacy Act requires each agency to publish notice of its

    systems of records in the Federal Register. This notice is

    generally referred to as a system of records notices (SORN).

    Examples: Professional Credential Records System; and Leave

    and Earning Records System.

DoD 5400.11-R C2.1; Privacy Per the Privacy Act, records are to be maintained with only 6. The Privacy Act limits the collection of personal information.

    Act of 1974 (5 U.S.C. ?552a) minimum required information about an individual as is relevant and necessary to accomplish the required purpose.

    DoD 5400.11-R C4.2.7; When a record is disclosed under this provision, reasonable 7. Disclosures of PII are made without the consent of the person C4.2.11.1; efforts to notify the individual to whom the record pertains should in accordance with legal activities 5 USC 552a(b)(11) be made.

    BREACH

    TMA Components Breach Reporting: DoD 5400.11-R C1.5, C10.6; 8. Actual or possible breaches are identified, responded to and TRICARE Management reported. Leadership Immediately Activity Incident Response Team and Breach http://www.tricare.mil/tma/privacy/breach.aspx TMA Privacy Office-Within 1 Hour (privacyofficermail@tma.osd.mil ) Notification Policy Memorandum, October 12, US CERT Within 1 Hour (Done by TMA PO) 2007; TMA Breach Notification Standard Defense Privacy Office Within 48 Hours Operating Procedures (SOP) (Done by TMA PO) 5.1

    TMA Privacy Office Assist Visit Program Supplement 2

    February 2010

    TRICARE MANAGEMENT ACTIVITY PRIVACY OFFICE

    SUPPLEMENT TO THE TMA ASSIST VISIT GUIDE

    PRIVACY ACT

    BREACH

    COMMENTS AND/OR OPPORTUNITIES FOR IMPROVEMENT IDENTIFIED References STANDARD

    TMA Components Breach Reporting: DoD 5400.11-R C1.5, C10.6; 9. Immediate notification of a supervisor is required in the event

     TRICARE Management of an actual or possible breach. Activity Incident Response Leadership Immediately

     Team and Breach

    Notification Policy Memorandum, October 12,

    2007; TMA Breach

    Notification SOP 5.1.2

    TMA Components Breach Reporting: DoD 5400.11-R C1.5, C10.6; 10. The TMA Privacy Office and Chief Information Officer must

    TRICARE Management be contacted within one hour of discovery of an actual or Activity Incident Response TMA Privacy Office Within 1 Hour possible breach. Team and Breach (PrivacyOfficerMail@tma.osd.mil)