Training Proposed After TRICARE Breach Proposal Spells Out Privacy Training for Govt. Contractors
The Department of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate privacy training to their staff members. The proposal comes in the wake of a recent healthcare information breach incident involving a contractor to TRICARE, the military health program.

In the TRICARE breach, unencrypted computer backup tapes containing information on 4.9 million beneficiaries were stolen from the car of an employee of a contractor, Science Applications International Corp. A $4.9 billion class action lawsuit, alleging privacy violations, has been filed in the case.

The proposed rule would amend the Federal Acquisition Regulation "to require contractors to complete training that addresses the protection of privacy, in accordance with the Privacy Act of 1974, and the handling and safeguarding of personally identifiable information."

Minimum Requirements Spelled Out

The intention of the proposal, according to the notice, is to set clear-cut, minimum requirements for privacy training "in order to ensure consistency across the government." The General Services Administration and the National Aeronautics and Space Administration joined the DoD in making the proposal, which reinforces other existing requirements.

The training provided, according to the proposal, must cover:

  • The handling and safeguarding of personally identifiable information;
  • The authorized and official use of a government system of records;
  • Restrictions on the use of personally owned equipment to process, access or store personally identifiable information;
  • The prohibition against access by unauthorized users;
  • Breach notification procedures;
  • Any agency-specific training requirements.
Comments on the proposal will be accepted until Dec. 13.

About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network