The South Carolina Department of Health and Human Service (SCDHHS) needed support to conduct a comprehensive review of their current privacy practices, identify compliance deficiencies, and establish a roadmap to achieve privacy program compliance. Axiom was selected to support this important effort. Over a 60-day period, Axiom conducted an assessment of SCDHHS’ privacy processes and procedures, and used the findings to develop a roadmap and 12-month implementation plan. This effort required frequent communication with SCDHHS stakeholders in order to identify and access pertinent information that was required to complete the assessment and develop the roadmap.
Our privacy subject matter experts identified and reviewed relevant SCDHHS privacy program policies, procedures, and documentation in order to quantify the existing policies and procedures, determine the subject scope and impact of those documents, and identify gaps where either no policies have been created or where policies need to be updated. Each policy was reviewed to ensure SCDHHS was in full compliance with relevant privacy regulations (i.e., FERPA, HIPAA, HITECH, MARS-E, PPACA). The roadmap detailed our assessment findings, including program-level compliance gaps and recommendations. These recommendations were presented to SCDHHS Privacy Leadership for review and approval, and to further refine the roadmap and its operational deployment. The roadmap includes a 12-month implementation plan; defined Privacy Program Governance to include policies, standards, and templates; staffing recommendations for current and future Privacy Program needs; and a framework for staff performance and oversight.
In 2004, Axiom was chosen by the Department of Homeland Security (DHS) to support the establishment of the first-ever Military Health System (MHS) Privacy Office, now known as the Defense Health Agency (DHA) Privacy Office. The Privacy Office is responsible for developing policy and providing program oversight for all provisions of privacy-related federal legislation and Department of Defense (DoD) regulations. Axiom’s experience supporting privacy requirements extended beyond the formation of the Privacy Office and included providing support for: