AHRQ Information Security and Privacy Program

This page provides an overview of AHRQ's Information Security and Privacy Program and requirements for protecting against information technology threats and vulnerabilities.

The AHRQ Information Security and Privacy Program fosters an enterprise-wide secure and trusted environment in support of AHRQ's mission. AHRQ's program was established to help protect the Agency against potential information technology (IT) threats and vulnerabilities. The program ensures compliance with Federal mandates and legislation, including the Federal Information Security Management Act and the President's Management Agenda. It also plays an important role in enabling the Agency's ability to provide mission-critical operations.

Information Security and Privacy Awareness Training.
Incident Reporting.
Points of Contact.
Policy, Guidance, and Legislation Links.
Privacy Impact Assessments and Resources Links.

Information Security & Privacy Awareness Training

Information security and privacy awareness training is mandatory for all Federal employees and contract personnel. The Department of Health and Human Services (HHS) mandates that all employees must complete information security training upon initial hiring and annually thereafter. AHRQ ensures that all Agency employees and contractors receive annual information security awareness training and role-based training in compliance with—

.
[PDF File, 12.3 MB].

To comply with this training requirement, AHRQ developed an online Information Security and Privacy Awareness Training Module that is available on the Agency Intranet to AHRQ staff and contractors.

Additionally, offers courses for Agency staff and contractors on —

HHS's Cybersecurity Program also offers the following role-based training courses:

is also a resource for security training.

For more information on AHRQ information security and privacy training, send an Email to the AHRQ Information Security and Privacy Team (SecureAHRQ@ahrq.hhs.gov).

Incident Reporting

AHRQ defines a computer security incident as "a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices," in accordance with [PDF File, 1.5 KB].

If you suspect an information security or privacy related incident has occurred, send an Email immediately to the �鶹��ý Chief Information Security Officer (eric.colombel@ahrq.hhs.gov) or the AHRQ Information Security and Privacy Team (SecureAHRQ@ahrq.hhs.gov).

Points of Contact

Chief Information Security Officer: Eric Colombel
- Email: eric.colombel@ahrq.hhs.gov
- Phone: 301-427-1750.
Senior Official for Privacy: Tim Erny
- Email: tim.erny@ahrq.hhs.gov.
- Phone: 301-427-1760.
Information Security and Privacy Team
- Email: SecureAHRQ@ahrq.hhs.gov.

Policy, Guidance, and Legislation

The following are links to information security policies, guidance, and legislation:

.
[PDF File, 309 KB].
.
[PDF File, 26 KB].
.
.
.
[PDF File, 1.2 MB].
[PDF File, 1.5 MB].
[PDF File, 331 KB].
[PDF File, 1.2 MB] [].
.
[PDF File, 2.1 MB].
[PDF File, 1.6 MB].
[PDF File, 931 KB].
[PDF File, 88 KB].
[PDF File, 367 KB].

Privacy Impact Assessments and Resources

Titles II and III of the E-Government Act of 2002 () require Federal agencies to evaluate systems that collect personally identifiable information to determine that the privacy of this information is adequately protected. The links below provide information on privacy impact assessments on HHS systems and on third-party Web sites:

�鶹��ý

Browse Topics

Topics A-Z

Priority Populations

Programs

Research

Publications & Products

Research Findings & Reports

National Healthcare Quality and Disparities Report

Data & Analytics

Tools

Funding & Grants

Notice of Funding Opportunities

Research Policies

Funding Priorities

Training & Education Funding

Grant Application, Review & Award Process

Post-Award Grant Management

Contracts

AHRQ Grants by State

PCOR

News

Newsroom

Blog

Newsletter

Events

�鶹��ý

�鶹��ý AHRQ

Organization & Contacts

SHARE: