The CHFS Office of Health Data and Analytics (OHDA) houses the Cabinet’s Privacy Program. The mission of the Privacy Program is to promote and safeguard privacy rights of individuals served by CHFS across the commonwealth. We do this by developing and implementing policies and procedures to prevent and minimize potential privacy risks and ensuring compliance with state and federal privacy laws, including HIPAA.
The Privacy Program supports CHFS in its role as a covered entity under 45 CFR 164.530 by designating a chief privacy officer (CPO) who works with other agencies to build and maintain consistent and effective privacy safeguards for personal information across all media. The CPO also cooperates with the CHFS technology chief security officer on privacy risk assessments, analysis, mitigation and remediation.
Privacy Incidents and Reporting
The CPO collaborates with appropriate CHFS personnel to identify, address and promptly report incidents to appropriate authorities.
The CHFS Privacy Committee is composed of dedicated professionals from CHFS agencies who work to build the Privacy Program through collaboration, streamlining processes and creating an educational platform for privacy principles.
Data Share Agreements
The Privacy Program works closely with the OHDA Data Governance Program to ensure all data share agreements comply with relevant state and federal privacy laws.
Policies and Procedures
The Privacy Program continuously researches, reviews and develops guidance related to privacy to ensure compliance with all state and federal privacy laws.
Please email CHFS Privacy with questions related to HIPAA, privacy rights or privacy incidents.
The Privacy Program does not act in a legal capacity or provide legal advice.