Laserfiche WebLink
ATTACHMENT A <br />HIPAA AND DATA SECURITY REQUIREMENTS <br />Part 2: Data Security Requirements <br />Definitions. The words and phrases listed below, as used in this Exhibit, shall each have <br />the following definitions: <br />a. "AES' means the Advanced Encryption Standard, a specification of Federal <br />Information Processing Standards Publications for the encryption of electronic data <br />issued by the National Institute of Standards and Technology <br />(http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.1 97.pdf). <br />b. "Authorized Users(s)" means an individual or individuals with a business need to <br />access DOC Confidential Information, and who has or have been authorized to do so. <br />c. "Business Associate Agreement" means an agreement between DOC and a contractor <br />who is receiving Data covered under the Privacy and Security Rules of the Health <br />Insurance Portability and Accountability Act of 1996. The agreement establishes <br />permitted and required uses and disclosures of protected health information (PHI) in <br />accordance with HIPAA requirements and provides obligations for business <br />associates to safeguard the information. <br />d. "Category 3 Data" is Confidential information is information that is specifically <br />protected from either release or disclosure by law. This includes, but is not limited to: <br />1. Personal information as defined in RCW 42.56.590 and RCW 19.255.10. <br />2. Information about public employees as defined in RCW 42.56.250. <br />3. Lists of individuals for commercial purposes as defined in RCW 42.56.070 <br />4. Information about the infrastructure and security of computer and <br />telecommunication networks as defined in RCW 42.56.420. <br />e. "Category 4 Data" is data that is confidential and requires special handling due to <br />statutes or regulations that require especially strict protection of the data and from <br />which especially serious consequences may arise in the event of any compromise of <br />such data. Data classified as Category 4 includes but is not limited to data protected <br />by: the Health Insurance Portability and Accountability Act (HIPAA), Pub. L. 104-191 <br />as amended by the Health Information Technology for Economic and Clinical Health <br />Act of 2009 (HITECH), 45 CFR Parts 160 and 164; the Family Educational Rights and <br />Privacy Act (FERPA), 20 U.S.C. §1232g; 34 CFR Part 99; Internal Revenue Service <br />Publication 1075 (https://www.irs.gov/pub/irs-pdf/p1075.pdf); Substance Abuse and <br />Mental Health Services Administration regulations on Confidentiality of Alcohol and <br />Drug Abuse Patient Records, 42 CFR Part 2; and/or Criminal Justice Information <br />Services, 28 CFR Part 20. <br />Washington State K14078 Page 8 of 19 <br />Department of Corrections Attachment A 26RAD <br />