VA RFI: PIA Privacy Information Assurance

Notice ID 36C10B24Q0014

Within OIT, the VA Privacy Service oversees programs that ensure VA collects, uses, and discloses PII only as is consistent with law and the data subjects’ reasonable expectations. Laws that govern the collection, use, disclosure, and maintenance of this information include the Privacy Act of 1974 (as amended), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing Privacy and Security Rules, and the Federal Information Security Modernization Act (FISMA). VA must also comply with regulations, policies, and guidelines promulgated by VA itself, the Office of Management and Budget (OMB), the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS). Many of these laws and other authorities (hereafter “authorities”) require VA to protect and maintain the privacy of PII, including PHI.

VA faces significant challenges in managing agency risk to its mission and infrastructure, including its IT networks and information systems. Information assets have become increasingly difficult to protect due to advances in the threat landscape, such as easy-to-use cyber-attack frameworks, advanced threat actor persistence and technologic attack evolution, ransomware, and social engineering such as phishing attacks. VA must respond to increasingly sophisticated threats with innovative and forward-thinking approaches to privacy and security. VA strives to include security and privacy throughout its system and software development life cycles. It also uses continuous monitoring and ongoing authorization programs. VA uses these approaches and others to protect the confidentiality, integrity, availability, and privacy of PII and PHI.

All VA information technology systems, technologies, rulemakings, programs, pilot projects, information collections, information sharing activities, or forms that collect PII, PHI or have a privacy impact are subject to the oversight of the Chief Privacy Officer and the requirements of U.S. data privacy and disclosure laws. Under the direction of the Chief Privacy Officer, VA Privacy Service assesses the privacy risk of VA information technology (IT) systems, technologies, rulemakings, programs, pilot projects, information collections, or forms and develops mitigation strategies by reviewing and approving all VA privacy compliance documentation.

The Contractor shall provide resources necessary to accomplish tasks described in this PWS. The Contractor shall support the implementation and maintenance of the VA PIA program.  This support shall include conducting reviews and analysis of PTA and PIA submissions to ensure compliance with federal and VA privacy requirements; providing operational support for the sustainment and improvement of the PIA program; reviewing the privacy data in VA’s Governance, Compliance and Risk Tool for accuracy and supporting the remediation of data quality issues; and, providing privacy engineering support for new and emerging technologies.

More here.

Ad



Not Yet a Premium Partner/Sponsor? Learn more about the OS AI Premium Corporate and Individual Plans here. Plans start at $250 annually.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

LEAVE A REPLY

Please enter your comment!
Please enter your name here