Imaging Security Requirements. The California Department of Health Care Services (DHCS) has recently established security requirements pertaining to the use, access and disclosure of Medi-Cal Personally Identifiable Information (PII). Since Social Services Agency (SSA) case files contain this and other confidential welfare client information, these requirements must be adhered to by any Contractor (and subcontractor) staff who engages in case scanning for SSA. If these requirements change during the course of this engagement, SSA will notify and work with the Contractor to ensure compliance with the new requirements. All Contractor staff that has access to this data during this work must read and sign SSA’s standard Welfare Client Information confidentiality statement.
Imaging Security Requirements. 1. Contractor assumes responsibility for protecting County equipment and data assets and maintaining their integrity, confidentiality, and availability at all times. County may, at any time, conduct a formal walk-through of Contractor's facility to validate that Contractor's physical security meets the minimum standards for security as described herein. The County Information Security Officer (CISO) or designee may validate that Contractor’s security plan is being enforced and that all precautions are being taken to secure and protect County records.
2. Contractor agrees to maintain the confidentiality of all County and County-related records and information pursuant to all statutory laws relating to privacy and confidentiality that currently exist or exist at any time during the term of this Contract. All such records and information shall be considered
3. Contractor shall only use and disclose County data as permitted in this Contract and only use the data to perform an administrative function in direct support of the County. All other uses and disclosure of County data requires the express written approval from the County. Access to County data will be limited to those who require this access to perform their official duties in support of County business requirements. Contractors, who access, disclose, or use County data for a purpose not authorized in this agreement may be subject to civil and criminal prosecution.
4. Contractor will provide training for all employees who access County data to ensure compliance with this Contract prior to providing them with access to this data and annually thereafter. Documentation of training completion shall be retained for three (3) years after completion.
5. All Contractor employees must sign a confidentiality statement acknowledging understanding all information security related provisions in this contract prior to accessing County data and annually thereafter. Signed statements must be retained for a minimum of three (3) years. The statement shall include at a minimum: general use; security and privacy safeguards; unacceptable use; and enforcement policies.
6. All workstations, laptops, tablets or other communication devices which process or store County data must encrypt the data using a FIPS 140-2 256 bit or higher algorithm that is full disk. Servers that process or store County data must have sufficient administrative, physical and technical controls in place to protect that data based on a risk assessment a...
Imaging Security Requirements. The California Department of Health Care Services (DHCS) has recently established security requirements pertaining to the use, access and disclosure of Medi-Cal Personally Identifiable Information (PII). Since Social Services Agency (SSA) case files contain this and other confidential welfare client information, these requirements must be adhered to by any Contractor (and subcontractor) staff who engages in case scanning for SSA. If these requirements change during the course of this engagement, SSA will notify and work with the Contractor to ensure compliance with the new requirements.
Imaging Security Requirements. The California Department of Health Care Services (DHCS) has recently established security requirements pertaining to the use, access and disclosure of Medi-Cal Personally Identifiable Information (PII). Since Social Services Agency (SSA) case files contain this and other confidential welfare client information, these requirements must be adhered to by any Contractor (and subcontractor) staff who engages in case scanning for SSA. If these requirements change during the course of this engagement, SSA will notify and work with the Contractor to ensure compliance with the new requirements. Privacy and Confidentiality Statement: The California Department of Health Care Services (as well as Welfare and Institutions Code section 14100.2 and 42 Code of Federal Regulations section 431.300 et.seq.) requires that those who have access to Medi-Cal Personally Identifiable Information (PII) sign a confidentiality statement.
1. All Contractor staff that has access to this data during this work must read and sign SSA’s standard Welfare Client Information confidentiality statement.
