Privacy Panel for ACT-IAC’s Healthcare Cybersecurity and Privacy Form

April 24, 2019
Jill DeGraff
Compliance Program Implementation, Counseling on Privacy Laws and Data Protection Standards, Uncategorized

I participated in a privacy panel on April 23, 2019 during ACT-IAC’s Health Security, Privacy and Practice Forum. Special thanks to moderator Eric Larson, co-panelists Jamie Danker and LaShaunne Graves and all who contributed their comments and questions during the Q&A.

Some key takeaways:

1. All panelists agree on the importance of “baking” privacy into system design and applications. We need to move beyond static programs that rely primarily upon policies and training to active systems of monitoring and accountability.

2. Jamie noted that cybersecurity tends to be better resourced in federal agencies than privacy, which puts consumer privacy interests risk

3. Government agencies can improve trust by not only disclosing all the ways that a personally identifiable information may be used and disclosed, but reinforcing its privacy commitments in demonstrable ways within information flows.

4. Privacy issues are rising in federal health agencies because of rising demand to adopt modern technologies and use data in new ways to advance public welfare interests. As a result, settled practices for balancing personal and public welfare interests need to be reexamined.

5. Protecting privacy needs to be at the forefront of federal agency missions.

NIST’s Privacy Framework: Step-by-Step Instructions for Building a Privacy Program