Management and the Privacy Act of 1974

Management and the Privacy Act of 1974

Park University

        Being in any position of management is quite challenging.  There are many principles that must be learned and followed based on experience as a technician as well as case by case experiences that are learned throughout the day.  The manager must take into account not only the goals of the organization but other standards that are created from outside agencies that are looking to satisfy the patients and customers as well.  One of these standards is the Privacy Act of 1974.  Not only does this act impact the management and their decisions but it impacts the layout of the organization and strategies the organization has.

        The Privacy Act was created in 1974 as a safeguard against misuse or invasion of personal privacy in records.  It was established to control what personal information is collected, maintained, used and disseminated by agencies in the Federal government (The Privacy Act, n.d.).  According to foia.state.gov, the Act only applies to records that are kept by a “system of records,” such as a database, where the information is retrieved by searching by a member’s name, identification number, or some other identifying information assigned to an individual (n.d.).  The Privacy Act guarantees three main rights: access to records about oneself, ability to amend records that are not correct or complete, and protection against unwarranted intrusion that may be the result of collection, maintenance use or disclosure of personal information (The Privacy Act, n.d.).

        As was stated previously, management has to take into account this Privacy Act. As stated in our text, Management Principles for Health Professionals, policies “should conform to legal and accrediting mandates as well as to any other requirement imposed by internal or external authorities” (Liebler, 2012).  In order to do so, management will set policies that adhere to the statements made by the Privacy Act and include them in various ways throughout the facility.  This includes creating policies that are logical, direct, in words that state predefined issues, and permit certain actions.  They may also assist in creating a summary of points, also known as a “Policy in Brief” (Liebler, 2012).  Managers will then ensure the policies relate to the sections that they are created for and use verbiage that is relative to the section as well.  

        At the beginning of its inception, Congress requested information about the implementation of the Privacy Act.  According to gao.gov, information was obtained from thirteen agencies but the amounts were more guesses and forecasts than they were actual numbers.  The initial estimation for a three-year period was about $35.9 million (Data on Privacy Act and FOIA, n.d.).  The same site states that almost all agencies found it hard to project work load and costs.  I’m positive there are better ways to keep track of funds spent on implementation of the Privacy Act now days, I was just unable to locate some.  What is available is the fact that management has to not only look at hiring bodies to monitor and take care of those records but training from outside resources or buying software to prevent or locate breaches that occurred.  The funds itself are not at the discretion of the management per se, what they essentially have to do is find sources that are available and push it to the resource expert to request those funds, with justification.  

        Another position the managers have to manage in the health care process is forms.  Placement of the Privacy Act statement is very important and what forms they should be placed on; management will have the final say but can delegate to a section such as forms and publications to get the initial job completed.  These forms sometimes can be pre-ordered from different health care companies, if so, then again, the manager will have to pick a form that works for the health care organization and request for it to be purchased.  For instance, the military will go with Defense Logistics Agency, since they have a contract with them already.  Forms are not the only publication that can be created.  There are coversheets that state, “Privacy Act Information below” and give small blurbs about the penalties if the information is misused.  The best thing for that would be to have that information electronically and not have them printed out and sitting on someone’s desk where it is at risk.  This is also a manager’s responsibility and something to bring up for training.