Training Proposed After TRICARE Breach

Proposal Spells Out Privacy Training for Govt. Contractors

By , October 18, 2011.
Training Proposed After TRICARE Breach

T

See Also: Looking for Anomalies: Try Machine Data

he Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members. The proposal comes in the wake of a recent healthcare information breach incident involving a contractor to TRICARE, the military health program.

In the TRICARE breach, unencrypted computer backup tapes containing information on 4.9 million beneficiaries were stolen from the car of an employee of a contractor, Science Applications International Corp. A $4.9 billion class action lawsuit, alleging privacy violations, has been filed in the case.

The proposed rule would amend the Federal Acquisition Regulation "to require contractors to complete training that addresses the protection of privacy, in accordance with the Privacy Act of 1974, and the handling and safeguarding of personally identifiable information."

Minimum Requirements Spelled Out

The intention of the proposal, according to the notice, is to set clear-cut, minimum requirements for privacy training "in order to ensure consistency across the government." The General Services Administration and the National Aeronautics and Space Administration joined the DoD in making the proposal, which reinforces other existing requirements.

The training provided, according to the proposal, must cover:

  • The handling and safeguarding of personally identifiable information;
  • The authorized and official use of a government system of records;
  • Restrictions on the use of personally owned equipment to process, access or store personally identifiable information;
  • The prohibition against access by unauthorized users;
  • Breach notification procedures;
  • Any agency-specific training requirements.
Comments on the proposal will be accepted until Dec. 13.

Follow Howard Anderson on Twitter: @HealthInfoSec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Why is Facebook Flaw Still Unpatched?

A year after Facebook received a bug report regarding a loophole in its app architecture, the...

Latest Tweets and Mentions

ARTICLE Why is Facebook Flaw Still Unpatched?

A year after Facebook received a bug report regarding a loophole in its app architecture, the...

The ISMG Network