We evaluated the Office of Health Affairs’ (OHA) privacy safeguards for protecting the personally identifiable information (PII) it collects and maintains. OHA has not implemented an effective organizational framework for safeguarding PII in accordance with Federal requirements. OHA appointed a Privacy Officer, but this official lacks adequate authority and resources to carry out the various required privacy management responsibilities. This official also has not received OHA senior leadership support to issue the policies and procedures needed for effective organization-wide privacy management. Further, there was no central tracking to ensure that all employees completed annual privacy training and to accurately report this information to the Department and Congress as required.
Consistent with CDC guidance, most Office of Inspector General employees are currently serving the American people remotely. We are determined to keep interruptions to our operations to a minimum, and we appreciate your patience during this time.
Information and guidance about COVID-19 is available at coronavirus.gov.