Laserfiche WebLink
b. When it is not feasible or practical to segregate HCA Confidential Information from <br />non -HCA data, then both the HCA Confidential Information and the non -HCA data <br />with which it is commingled must be protected as described in thisAttachment. <br />5. Confidential Information Shared with Subcontractors <br />If HCA Confidential Information provided under this Contract is to be shared with a <br />Subcontractor, the contract with the Subcontractor must include all of the Confidential <br />Information Security Requirements. <br />6. Confidential Information Disposition <br />When the Confidential Information is no longer needed, except as noted below, the <br />Confidential Information must be returned to HCA or destroyed. Media are to be destroyed <br />using a method documented within NIST 800-88 <br />(http://csrc.nist.gov/publications/PubsSPs.htmi). <br />For HCA's Confidential Information stored on network disks, deleting unneeded <br />Confidential Information is sufficient as long as the disks remain in a Secured <br />Area and otherwise meet the requirements listed in Section 3, above. Destruction <br />of the Confidential Information as outlined in this section of this Attachment may <br />be deferred until the disks are retired, replaced, or otherwise taken out of the <br />Secured Area. <br />Washington State Page 41 HCA Contract No. K3924 <br />Health Care Authority <br />