What is the role of a Privacy Officer at VA?
VA Privacy Officers are an integral part of VA's privacy organization. They represent privacy across VA and help to ensure that VA's privacy policies are implemented at the local level.
Privacy Officers (POs) are part of VA Triumvirate, a team of information protection professionals which also includes the facility Chief Information Officer (CIO) and the Information Security Officer (ISO). These professionals work together to protect the personally identifiable information (PII) of our veterans and employees.
[back to top]
What are the duties of a Privacy Officer?
VA Privacy Officers can be either full-time or collateral duty and duties may vary by Administration or Staff Office. General Privacy Officer duties include the following:
- Working closely with the local Triumvirate to promote employee awarness of VA's responsibility to protect the personally identifiable information (PII) of veterans and employees
- Understanding and ensuring local facility compliance with Federal privacy laws and regulations and VA Directives, such as the Privacy Act and VA Directive 6502.
- Responding to privacy complaints and violations, reporting them in the Privacy Violation Tracking System (PVTS)/FERET within the required timeframes, and offering corrective guidance when breaches occur.
- Completing and mailing credit monitoring letters when appropriate.
- Informing employees of required Privacy Awareness training requirement and deadlines and track compliance.
- Promoting privacy awareness through education and outreach activities. Examples include:
- New employee orientation
- Town Hall meetings and walk-arounds
- VA Information Protection Week (held annually)
- Privacy Day (held annually)
- VA awareness events (as required)
- Ensuring that required Privacy Impact Assessments (PIAs) are completed annually. This duty will require coordination with other members of the Triumvirate.
- Coordinating with other local offices as applicable or when necessary.
- Cooperating with Office of the Inspector General (OIG), Office of General Counsel (OGC), Office of IT Oversight and Compliance (ITOC), Office of Human Resources (HR), and other legal and regulatory authorities in any compliance reviews or investigations.
- Coordinating with HR, the facility ISO, OGC and the facility Director, to ensure compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the facility. Working cooperatively with Health Information Management (HIM) Director and other applicable organization units in overseeing patient rights to inspect, amend, and restrict access to protect health information, when appropriate.
- Serving as a non-voting member of the facility's Internal Review Board (IRB) and as information privacy liaison for uses of clinical and administrative systems, as appropriate.
- Identifying Privacy Act Systems of Records.
[back to top]
How can I find my local Privacy Officer?
Contact your local facility to obtain the contact information for your Privacy Officer. Click here to access VA's Facility Locator.
Tell me more about privacy certifications
VA is committed to instituting a culture that encourages and supports the continuous learning and development of its privacy professionals. Certified Privacy Officers further VA's goals of forging a more secure enterprise and establishing the Department as the Federal gold standard in privacy and information management.
VA has partnered with the International Association of Privacy Professionals (IAPP) to assist its employees in obtaining the Certified Information Privacy Professional (CIPP) and Certified Information Privacy Professional/Government (CIPP/G) designations. As of August 2008, VA has 66 IAPP certified employees. This is more than any other government agency and more than triple the number from just a year ago.
For more information on the IAPP certifications, please visit www.privacyassociation.org
For further information, contact the Privacy Service at 202.273.5070 or firstname.lastname@example.org.
[back to top]