Privacy Consulting Services

SCDHHS logo

https://www.scdhhs.gov/

Provide Privacy Services to the South Carolina Department of Health and Human Services

The South Carolina Department of Health and Human Service (SCDHHS) needed support to conduct a comprehensive review of their current privacy practices, identify compliance deficiencies, and establish a roadmap to achieve privacy program compliance. Axiom was selected to support this important effort. Over a 60-day period, Axiom conducted an assessment of SCDHHS’ privacy processes and procedures, and used the findings to develop a roadmap and 12-month implementation plan. This effort required frequent communication with SCDHHS stakeholders in order to identify and access pertinent information that was required to complete the assessment and develop the roadmap.

Our privacy subject matter experts identified and reviewed relevant SCDHHS privacy program policies, procedures, and documentation in order to quantify the existing policies and procedures, determine the subject scope and impact of those documents, and identify gaps where either no policies have been created or where policies need to be updated. Each policy was reviewed to ensure SCDHHS was in full compliance with relevant privacy regulations (i.e., FERPA, HIPAA, HITECH, MARS-E, PPACA). The roadmap detailed our assessment findings, including program-level compliance gaps and recommendations. These recommendations were presented to SCDHHS Privacy Leadership for review and approval, and to further refine the roadmap and its operational deployment. The roadmap includes a 12-month implementation plan; defined Privacy Program Governance to include policies, standards, and templates; staffing recommendations for current and future Privacy Program needs; and a framework for staff performance and oversight.

SC Admin logo

http://www.admin.sc.gov/technology/enterprise-privacy

Provide Support to Establish the Military Health System (MHS) Privacy Office

In 2004, Axiom was chosen by the Department of Homeland Security (DHS) to support the establishment of the first-ever Military Health System (MHS) Privacy Office, now known as the Defense Health Agency (DHA) Privacy Office. The Privacy Office is responsible for developing policy and providing program oversight for all provisions of privacy-related federal legislation and Department of Defense (DoD) regulations. Axiom’s experience supporting privacy requirements extended beyond the formation of the Privacy Office and included providing support for:

  • Privacy Impact Assessment (PIA) compliance under the E-Government Act (E-Gov Act)
  • Reduction in DoD, DHA, and MHS collection and use of Social Security Numbers (SSNs)
  • Compliance with the requirements of the federal Privacy Act (including its system of records, Privacy Act Statement, enforcement of individual rights, and Privacy Act complaint resolution)
  • Development of DHA’s processes and procedures for HIPAA complaint processing; Privacy Act and HIPAA breach notification, mitigation, and remediation for DHA and the MHS; and the provision of HIPAA Privacy guidance and interpretations for DHA and the MHS
  • Development of a new DoD Manual that updated DoD’s 2003 regulation implementing the HIPAA Privacy and Breach Notification Rules within DoD (including updates required as a result of the HITECH Act)
  • DoD Records Management Program and the Personnel Security/Automated Data Processing Program regarding clearance requirements