Laserfiche WebLink
F-10.9 Appendix I: Access to the DSHS HEN Referral List Data Security Requirements <br />As required under RCW 43.185.0 230 and RCW 74.62.030, the Lead/sub grantee may use the <br />HEN Referral List information for the sole purpose of improving access to HEN assistance for <br />individuals determined eligible for a referral to HEN. <br />Access to Data shall be limited to staff whose duties specifically require access to such Data in <br />the performance of their assigned duties. <br />Prior to making Data available to its staff, the Data Recipient shall notify all such staff of the Use <br />and Disclosure requirements. <br />All staff accessing the data must sign a ❑SHS Nondisclosure of Confidential Information — Non <br />Employee form prior to accessing the Data. <br />The Lead/sub grantee shall maintain a list of such staff and their signed QSHS Nondisclosure of <br />Confidential In ormotion — Non Employee forms. These forms must be updated annually and <br />submitted to Commerce upon request. <br />Limitations on Use of Data: If the Data and analyses generated by the Lead/sub grantee <br />contain personal information about DSHS clients, then any and all reports utilizing the -se Data <br />shall be subject to review and approval by Commerce prior to publication in any medium or <br />presentation in any forum. <br />1. Definitions. The words and phrases listed below, as used in this Exhibit, shall each have <br />the following definitions: <br />a. "AES" means the Advanced Encryption Standard, a specification of Federal <br />Information Processing Standards Publications for the encryption of electronic data <br />issued by the National Institute of Standards and Technology <br />(http://nvlpubs.nist.gov/nistr)ubs/FIPS/NIST.FIPS.197.pdf). <br />b. "Authorized Users(s)" means an individual or individuals with a business need to <br />access DSHS Confidential Information, and who has or have been authorized to do <br />so. <br />c. `Business Associate Agreement" means an agreement between DSHS and a <br />contractor who is receiving Data covered under the Privacy and Security Rules of the <br />Health Insurance Portability and Accountability Act of 1996. The agreement <br />establishes permitted and required uses and disclosures of protected health <br />information (PHI) in accordance with HIPAA requirements and provides obligations <br />for business associates to safeguard the information. <br />d. "Category 4 Data" is data that is confidential and requires special handling due to <br />statutes or regulations that require especially strict protection of the data and from <br />which especially serious consequences may arise in the event of any compromise of <br />such data. Data classified as Category 4 includes but is not limited to data protected <br />by: the Health Insurance Portability and Accountability Act (HIPAA), Pub. L. 104-191 <br />as amended by the Health Information Technology for Economic and Clinical Health <br />Act of 2009 (HITECH), 45 CFR Parts 160 and 164; the Family Educational Rights and <br />Privacy Act (FERPA), 20 U.S.C. §1232g; 34 CFR Part 99; Internal Revenue Service <br />M <br />