Information Integrity and Security. Contractor shall immediately notify County of any known or suspected breach of personal, sensitive and confidential information related to Contractor’s work under this Agreement.
Information Integrity and Security. A. Information Assets SUBRECIPIENT shall have in place operational policies, procedures, and practices to protect State information assets including those assets used to store or access Personal Health Information (PHI), Personal Information (PI), and any information protected under the Health Insurance Portability and Accountability Act (HIPPA) (i.e., public, confidential, sensitive and/or personal information) as specified in the State Administrative Manual, Section 5300 to 5365.3; Cal. Gov. Code § 11019.9; DGS Management Memo 06-12; DOF Budget Letter 06-34; and CDA Program Memorandum 07-18 Protection of Information Assets. Information assets include (but are not limited to):
i. Information collected and/or accessed in the administration of the State programs and services.
ii. Information stored in any media form, paper or electronic.
B. Encryption on Portable Computing Devices SUBRECIPIENT is required to use 128-Bit encryption for data collected under this CONTRACT that is confidential, sensitive, and/or personal including data stored on portable computing devices (including, but not limited to, laptops, personal digital assistants, notebook computers, and backup media) and/or portable electronic storage media (including, but not limited to, discs, thumb/flash drives, portable hard drives, and backup media).
Information Integrity and Security. A. Information Assets
1. Reports
2. Notes
3. Forms
4. Computers, laptops, cellphones, printers, scanners 5. Networks (LAN, WAN, WIFI) servers, switches, routers
Information Integrity and Security. A. Contractor ensures that personal, sensitive and confidential information is protected from inappropriate or unauthorized access or disclosure in accordance with Welfare and Institutions Code Section 10850, LCDSS MEDS Data Privacy and Security Agreement, Lake County Information Security Policy, Health Insurance Portability and Accountability Act (HIPAA), and all other applicable laws, regulations and policies.
B. Contractor shall immediately notify LCDSS of any known or suspected breach of personal, sensitive and confidential information related to Contractor’s work under this Contract.
Information Integrity and Security. A. Information Assets The Contractor, and its Subcontractors/Vendors, shall have in place operational policies, procedures, and practices to protect State information assets, including those assets used to store or access Personal Health Information (PHI), Personal Information (PI) and any information protected under the Health Insurance Portability and Accountability Act (HIPAA), (i.e., public, confidential, sensitive and/or personal identifying information) as specified in the State Administrative Manual, 5300 to 5365.3; Cal. Gov. Code § 11019.9, DGS Management Memo 06-12; DOF Budget Letter 06-34; and CDA Program Memorandum 07-18 Protection of Information Assets and the Statewide Health Information Policy Manual. Information assets may be in hard copy or electronic format and may include but is not limited to:
1. Reports
2. Notes
3. Forms
4. Computers, laptops, cellphones, printers, scanners 5. Networks (LAN, WAN, WIFI) servers, switches, routers
Information Integrity and Security. 1. Information Assets. Subrecipient shall have in place operational policies, procedures, and practices to protect State information assets including those assets used to store or access Personal Health Information (PHI), Personal Information (PI), and any information protected under the Health Insurance Portability and Accountability Act (HIPAA) (i.e., public, confidential, sensitive and/or personal information) herein referred to as Personal, Sensitive and Confidential Information (PSCI) as specified in the State Administrative Manual, Section 5300 to 5365.3; Cal. Gov. Code § 11019.9; DGS Management Memo 06-12; DOF Budget Letter 06-34; and CDA Program Memorandum 07-18 Protection of Information Assets and the Statewide Health Information Policy Manual.
1. Information assets may be in hard copy or electronic format and may include (but are not limited to):
a) Reports b) Notes c) Forms
Information Integrity and Security. A. Information Assets The Contractor shall have in place operational policies, procedures, and practices to protect State information assets, i.e., public, confidential, sensitive and/or personal information as specified in State Administrative Manual, Section 4841.2., GC Section 11019, Department of Finance (DOF) Management Memo 06-12, and DOF Budget Letter 06-34). Information assets include (but are not limited to):
1. Information collected and/or accessed in the administration of the State programs and services.
2. Information stored in any media form, paper or electronic.
Information Integrity and Security. (Continued)
C. Disclosure
1. The Contractor, and its Subcontractors/Vendors, shall ensure that all confidential, sensitive and/or personal identifying information is protected from inappropriate or unauthorized access or disclosure in accordance with applicable laws, regulations, and State policies.
2. The Contractor, and its Subcontractors/Vendors, shall protect from unauthorized disclosure, confidential, sensitive and/or personal identifying information such as names and other identifying information concerning persons receiving services pursuant to this Agreement, except for statistical information not identifying any participant.
3. “Personal Identifying information” shall include, but not be limited to: name; identifying number; social security number; state driver’s license or state identification number; financial account numbers; and symbol or other identifying characteristic assigned to the individual, such as finger or voice print or a photograph.
4. The Contractor, and its Subcontractors/Vendors, shall not use confidential, sensitive and/or personal identifying information above for any purpose other than carrying out the Contractor’s obligations under this Agreement. The Contractor and its Subcontractors are authorized to disclose and access identifying information for this purpose as required by OAA.
5. The Contractor and its Subcontractors/Vendors, shall not, except as otherwise specifically authorized or required by this Agreement or court order, disclose any identifying information obtained under the terms of this Agreement to anyone other than CDA without prior written authorization from CDA. The Contractor may be authorized, in writing, by a participant to disclose identifying information specific to the authorizing participant.
6. The Contractor, and its Subcontractors/Vendors, may allow a participant to authorize the release of information to specific entities, but shall not request or encourage any participant to give a blanket authorization or sign a blank release, nor shall the Contractor accept such blanket authorization from any participant.
Information Integrity and Security. 1. Information Assets. Subrecipient shall have in place operational policies, procedures, and practices to protect State information assets including those assets used to store or access Personal Health Information (PHI), Personal Information (PI), and any information protected under the Health Insurance Portability and Accountability Act (HIPAA) (i.e., public, confidential, sensitive and/or personal information) as specified in the State Administrative Manual, Section 5300 to 5365.3; Cal. Gov. Code § 11019.9; DGS Management Memo 06-12; DOF Budget Letter 06-34; and CDA Program Memorandum 07-18 Protection of Information Assets and the Statewide Health Information Policy Manual. Information assets may be in hard copy or electronic format and may include (but are not limited to):
a) Reports
b) Notes
c) Forms
d) Computer, laptops, cellphones, printers, scanners
e) Networks (LAN, WAN, WIFI) servers, switches, routers
f) Storage media, hard drives, flash drives, cloud storage g) Data, applications, databases
2. Encryption on Portable Computing Devices. Subrecipient is required to use 128-Bit encryption for data collected and stored under this Contract that is confidential, sensitive, and/or personal including data and stored on all computing devices (including, but not limited to, workstations, servers, laptops, personal digital assistants, notebook computers, and backup media) and/or portable electronic storage media (including, but not limited to, discs, thumb/flash drives, portable hard drives, and backup media).
Information Integrity and Security. 1. Information Assets. Subrecipient shall have in place operational policies, procedures, and practices to protect State information assets including those assets used to store or access Personal Health Information (PHI), Personal Information (PI), and any information protected under the Health Insurance Portability and Accountability Act (HIPPAHIPAA) (i.e., public, confidential, sensitive and/or personal information) herein referred to as Personal, Sensitive and Confidential Information (PSCI) as specified in the State Administrative Manual, Section 5300 to 5365.3; Cal. Gov. Code § 11019.9; DGS Management Memo 06-12; DOF Budget Letter 06-34; and CDA Program Memorandum 07-18 Protection of Information Assets and the Statewide Health Information Policy Manual. Information assets may be in hard copy or electronic format and may include (but are not limited to):
a) Information collected and/or accessed in the administration of the State programs and services. a) Information stored in any media form, paper or electronic.Reports
b) Notes c) Forms
