Privacy Governance provides privacy strategy and direction, and makes decisions on key privacy issues. Privacy governance is the most important enabler to effective privacy management program. The Health Service Providers’ senior executive or the HSP board of directors are account for compliance with relevant legislation and regulations, therefore they are ultimately responsible for the Privacy Governance within their organization.
Privacy Governance is unique for different providers; as it specifies the way how privacy should be managed within each provider. In general, Privacy Governance within an Health Service Provider should clearly define the structure and processes to direct and oversee the management of privacy related issues.
For large providers, the governance structure, which should be an integral part of the overall organizational structure, must be established to support privacy objectives. Typically, the governance structure has privacy steering committee and privacy officers; and defines the roles and responsibilities for the entire organization.
For small to medium size providers, a complex governance structure may be over killed. But at a minimum, a Privacy Officer should be appointed by executive management, who reports to the executive, and is responsible for managing all privacy related issues within the Health Service Provider.
Privacy Governance must also establish processes to properly manage and oversee the privacy management. The processes are normally developed in accordance to the existing organizational management processes and therefore are unique to each provider. Typical governance processes include:
-Strategy development
-Policies/procedures/standards management
-Monitoring and reporting
-Audit and review
-Performance management