My WebLink
|
Help
|
About
|
Sign Out
Home
Browse
Search
Minutes - April 16, 2012 Regular Meeting
public access
>
Clerk
>
MINUTES
>
2012
>
Minutes - April 16, 2012 Regular Meeting
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
5/16/2012 8:40:39 AM
Creation date
5/16/2012 8:37:03 AM
Metadata
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
62
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
BK:00024 PG:0894 <br />Consolidated Ag eemem -FY 13 Page 21 Or 22 <br />containing personal information along with the confidential process or key shall constitute a <br />security breach. Good faith acquisition of personal information by an employee or agent of the <br />business for a legitimate purpose is not a security breach, provided that the personal information is <br />not used for a purpose other than a lawful purpose of the business and is not subject to further <br />unauthorized disclosure. <br />d. "Unsecured protected health information" means protected health information (PHI) that is not <br />rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of <br />technology or methodology specified by the Secretary in the guidance issued under section <br />13402(h)(2) of Pub. L.111 -5. <br />The following PHI shall not be regarded as Unsecured PHI: <br />Electronic PHI has been encrypted as specified in the HIPAA Security rule by the use of an <br />algorithmic process to transform data into a form in which there is a low probability of <br />assigning meaning without the use of a confidential process or key and such confidential <br />process or key that might enable decryption has not been breached. To avoid a breach of <br />the confidential process or key, these decryption tools should be stored on a device or at a <br />location separate from the data they are used to encrypt or decrypt. The following <br />encryption processes meet this standard: <br />— Valid encryption processes for data at rest (i.e. data that resides in databases, file <br />systems and other structured storage systems) are consistent with NIST Special <br />Publication 800 -111, Guide to Storage Encryption Technologies for End User Devices. <br />— Valid encryption processes for data in motion (i.e. data that is moving through a <br />network, including wireless transmission) are those that comply, as appropriate, with <br />NIST Special Publications 800 -52, Guidelines for the Selection and Use of Transport <br />Layer Security (TLS) Implementations; 800 -77, Guide to IPsec VPNs; or 800 -113, <br />Guide to SSL VPNs, and may include others which are Federal Information Processing <br />Standards FIPS 140 -2 validated. <br />The media on which the PHI is stored or recorded has been destroyed in the following <br />ways: <br />Paper, film, or other hard copy media have been shredded or destroyed such that the <br />PHI cannot be read or otherwise cannot be reconstructed. Redaction is specifically <br />excluded as a means of data destruction. <br />— Electronic media have been cleared, purged, or destroyed consistent with NIST Special <br />Publications 800 -88, Guidelines for Media Sanitization, such that the PHI cannot be <br />retrieved. <br />
The URL can be used to link to this page
Your browser does not support the video tag.