Your browser doesn't support JavaScript. Please upgrade to a modern browser or enable JavaScript in your existing browser.
Skip Navigation U.S. Department of Health and Human Services www.hhs.gov
Agency for Healthcare Research Quality www.ahrq.gov
AHRQ Home | Questions? | Contact Us | Site Map | What's New | Browse | InformaciĆ³n en espaƱol | E-mail UpdatesE-mail Updates
www.ahrq.gov

You Are Here: AHRQ Home > News & Information > Electronic Policies > Privacy Act Information > Notification of Breach Routine Use Language

Notification of Breach Routine Use Language

October 9, 2007

TO: HHS Privacy Act Contacts

FROM:

Robert Eckert
Director
FOI/Privacy Acts Division
Office of Public Affairs, ASPA

SUBJECT: Notification of Breach Routine Use Language

On May 22, 2007, the Office of Management and Budget (OMB) released Memoranda (M) 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information. (http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf). The Department of Health and Human Services (HHS) convened a leadership committee composed of members from the Office of the Chief Information Officer (OICO), the Office of Assistant Secretary for Public Affairs (ASPA), and the Office of the Assistant Secretary for Planning and Evaluation (ASPE) in order to formulate a response plan for the newly established requirements. The final response plan was signed by the HHS Chief Information Officer (CIO), Mike Carleton and submitted to OMB on September 19, 2007. It is available at: http://www.hhs.gov/ocio/securityprivacy/incidentmanagement/incidentresp.html, and on the HHS intranet at http://intranet.hhs.gov/infosec/policies_memos.html.

As required by the memoranda, to comply with the "Incident Reporting and Handling Requirements," all OPDIVs/STAFFDIVs must incorporate the following routine use language as part of your normal SORN review process:

"To appropriate federal agencies and Department contractors that have a need to know the information for the purpose of assisting the Department's efforts to respond to a suspected or confirmed breach of the security or confidentiality of information maintained in this system of records, and the information disclosed is relevant and necessary for that assistance."

If you have any questions, please contact Maggie Blackwell, Privacy Officer, at (202) 690-7453 or maggie.blackwell@hhs.gov.

Internet Citation:

Notification of Breach Routine Use Language. Memorandum from the Department of Health and Human Services' Office of Assistant Secretary for Public Affairs (ASPA), October 9, 2007. http://www.ahrq.gov/news/privacyact/breachnot.htm

 
AHRQ Advancing Excellence in Health Care