External Agency. Your agency agrees to be responsible for protecting NHM&E data security and client privacy at your agency and at the agencies you fund or partner with in fulfilling your mission. Language in this document that refers to “your agency” is inclusive of those grantee locations that are directly funded by CDC and use CDC data systems. Security encompasses data confidentiality, integrity, and availability. Client privacy is a right protected by the Privacy Act of 1974 as amended.
External Agency a) Your agency agrees to periodically (at least annually) assess its data security measures and compliance to all required standards, regulations, and data security guidelines.
b) Your agency agrees to periodically assess the data security measures and compliance to all required standards, regulation, and data security guidelines for its partners and sub-contracting agencies.
External Agency. It is understood that some agencies have stipulated and maximum of work salaries that can
External Agency a) Authorized staff from your agency will access non-CDC data systems through security procedures such as password protection or e-authentication procedures.
b) Your agency agrees to define, document, implement, and frequently update ROBs, policies, and procedures for non-CDC data system access.
External Agency a) Your agency agrees to provide technical assistance to your non-CDC data system users and the non-CDC data system users of your directly funded organizations.
External Agency a) Your agency will select a non-CDC Data System Administrator who will define and document the roles and responsibilities of the non-CDC data system users, and how they are aligned with non-CDC data system access levels. The non-CDC Data System Administrator will also be responsible for verifying non-CDC data system users who need to access NHM&E data and the access levels necessary when requested by CDC employees.
b) Your agency agrees to be responsible for ensuring that roles and responsibilities are documented, including a current list of individuals with access to non-CDC data systems and their respective roles and responsibilities.
c) Your agency agrees to obtain signatures that confirm agreement with current security measures from all current employees and contractors and all new employees and contractors who replace or assume the duties of current signatories to security documents.
External Agency a) Your agency agrees that all non-CDC data system users at your agency and the agencies you fund will read and comply with the Rules of Behavior (XXX) outlined for users and system administrators.
b) Your agency agrees to require all your users of non-CDC data systems read, understand, sign, and agree to abide by the ROB for Non-CDC Data System Agency Users.
External Agency a) Your agency agrees that authentication requirements for CDC data systems will be determined based on the security level assessed by CDC’s Office of the Chief Information Security Officer (OCISO).
External Agency a) Your agency agrees to be responsible for adequately protecting client privacy at your agency. Client privacy is a right protected by law.
b) Your agency agrees to be responsible for ensuring that data are collected in a manner that ensures client privacy and meets current state HIV testing consent and confidentiality laws.
c) Your agency agrees to be responsible for annually training its staff on privacy issues.
d) Your agency agrees to be responsible for complying with all relevant federal and state statutes on privacy (e.g., HIPAA, if applicable).
e) Your agency agrees to take measures as necessary, in addition to those mentioned in this document, to maintain high levels of privacy.
External Agency a) Your agency agrees to provide technical assistance to your users and the users of your directly funded organizations.
