DHA Home About DHA Human Resources Contact Us FOIA Site Map
 
Infinite Menus, Copyright 2006, OpenCube Inc. All Rights Reserved.

Process Overview

StepsResponsibilityProcedure
1 System Program Manager, Systems Support Team, and/or System Developer (known as System POCs) Complete Section 1(a) of DD Form 2930, Privacy Impact Assessment.

If the answer to Section 1(a) is option 4 (i.e., "no"), continue to step 2.

If the answer to Section 1(a) is option 2 (i.e., "yes, from Federal personnel and/or Federal contractors"), skip to step 3.

If the answer to Section 1(a) is option 1 or 3 (i.e., "yes, from members of the general public", or "yes, from both members of the general public and Federal personnel and/or Federal contractors"), skip to step 5.

2 System POCs As directed by Section 1(b), proceed to Section 4 and obtain the Program Manager and Program Level Senior Information Assurance Officer signatures.

Return the form to the TMA Privacy and Civil Liberties Office using piamail@tma.osd.mil. Retain a copy of the approved and signed PIA for future reference. A copy is retained in the Privacy and Civil Liberties Office files.

Update DHP SIRT and/or DITPR to reflect a.) no PII is collected and b.) a PIA is not required.

End process.

3 System POCs If the PII collected from Federal personnel and/or Federal contractors is -

a.) strictly internal government operations related (e.g., name, badge number, office phone, office e-mail, etc.) then no PIA is required; continue to step 4.

b.) not strictly for internal government operations, skip to step 5.

4 System POCs Please complete the following:

1.) Provide a system description and enter the following statement into Section 2(g)1 of this PIA:

"A PIA is not required per DoDI 5400.16 (Enclosure 3, 1(c)) because the PII is related to strictly internal government operations, does not include members of the public, and PII data is considered low or no risk."

2.) Return the PIA to the TMA Privacy and Civil Liberties Office for review and approval.

3.) Upon review, the TMA Privacy and Civil Liberties Office Director will advise whether a PIA is required.

4.) Update DHP SIRT and/or DITPR to reflect a.) PII is collected but b.) a PIA is not required.

End Process.

5 System POCs Complete and submit DD Form 2930 to the TMA Privacy and Civil Liberties Office using piamail@tma.osd.mil.

The TMA PIA Guide addresses the common issues encountered during the completion of a PIA. This PIA Guide enhances the assessment process and helps the TMA Privacy and Civil Liberties Office efficiently conduct a PIA review to completion.

6 TMA Privacy and Civil Liberties Office Work to identify and mitigate any privacy risks that are identified in the PIA. Several drafts may be required during the review cycle.

Please keep in mind that completion of the PIA is contingent upon timely responses from System POCs during this review cycle.

7 System POCs and TMA Privacy and Civil Liberties Office System POCs and TMA Privacy and Civil Liberties Office - work to reach an agreement on the compliance requirements.

System POCs - incorporate changes and resolve identified risks. If an agreement cannot be reached, issues will be referred to the TMA Privacy Officer and System Program Manager for resolution.

8 TMA Privacy and Civil Liberties Office The PIA will be returned to the System POCs for Program Manager or designee signature.
9 System POCs Return the completed and signed PIA to the TMA Privacy and Civil Liberties Office using piamail@tma.osd.mil.
10 TMA Privacy and Civil Liberties Office Forward the completed and signed PIA to the TMA Privacy Officer, Senior IA Official, and TMA CIO for approval and signatures.
11 TMA Privacy and Civil Liberties Office Send the completed and signed PIA to the Assistant Secretary of Defense (ASD), Networks & Information Integration (NII), who will submit it to OMB if it is a major funded system.
12 TMA Privacy and Civil Liberties Office Post sections one and two of the PIA to the TMA Privacy and Civil Liberties Office Web site.
13 System POCs Facilitate updates of the DHP SIRT privacy tab as necessary. Also, retain a copy of the approved and signed PIA for future reference.
“On October 1, 2013, the Department of Defense established the Defense Health Agency (DHA) to manage the activities of the Military Health System. These activities include those previously managed by TRICARE Management Activity (TMA), which was disestablished on the same date. During the next several months, all TMA websites will change to reflect the new DHA. We appreciate your patience during this transition."
DoD Seal
7700 Arlington Boulevard, Suite 5101, Falls Church, VA 22042-5101
The appearance of hyperlinks to external Web sites does not constitute endorsement by the TRICARE Management Activity of these Web sites or the information, products or services contained therein. For other than authorized government activities, TRICARE Management Activity does not exercise any editorial control over the information you may find at other locations. Such links are provided consistent with the stated purpose of this DoD Web site. Accessibility/Section 508