Browse
Search
2011-415 Health- State of NC Health Dept contract extention
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2010's
>
2011
>
2011-415 Health- State of NC Health Dept contract extention
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
11/21/2016 10:48:41 AM
Creation date
6/26/2012 4:11:03 PM
Metadata
Fields
Template:
BOCC
Date
8/23/2011
Meeting Type
Regular Meeting
Document Type
Agreement
Agenda Item
5l
Document Relationships
2012-079 Health - NC State $508,303
(Linked To)
Path:
\Board of County Commissioners\Contracts and Agreements\Contract Routing Sheets\Routing Sheets\2012
Agenda - 08-23-2011 - 5l
(Linked To)
Path:
\Board of County Commissioners\BOCC Agendas\2010's\2011\Agenda - 08-23-2011
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
27
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Consolidated Agreement-FY13 Page 21 of 22 <br /> containing personal information along with the confidential process or key shall constitute a <br /> security breach. Good faith acquisition of personal information by an employee or agent of the <br /> business for a legitimate purpose is not a security breach, provided that the personal information is <br /> not used for a purpose other than a lawful purpose of the business and is not subject to further <br /> unauthorized disclosure. <br /> d. "Unsecured protected health information"means protected health information(PHI)that is not <br /> rendered unusable,unreadable, or indecipherable to unauthorized individuals through the use of <br /> technology or methodology specified by the Secretary in the guidance issued under section <br /> 13402(h)(2) of Pub. L.111-5. <br /> The following PHI shall not be regarded as Unsecured PHI: <br /> • Electronic PHI has been encrypted as specified in the HIPAA Security rule by the use of an <br /> algorithmic process to transform data into a form in which there is a low probability of <br /> assigning meaning without the use of a confidential process or key and such confidential <br /> process or key that might enable decryption has not been breached. To avoid a breach of <br /> the confidential process or key, these decryption tools should be stored on a device or at a <br /> location separate from the data they are used to encrypt or decrypt. The following <br /> encryption processes meet this standard: <br /> — Valid encryption processes for data at rest(i.e. data that resides in databases, file <br /> systems and other structured storage systems) are consistent with NIST Special <br /> Publication 800-111, Guide to Storage Encryption Technologies for End User Devices. <br /> — Valid encryption processes for data in motion(i.e. data that is moving through a <br /> network, including wireless transmission) are those that comply, as appropriate, with <br /> NIST Special Publications 800-52, Guidelines for the Selection and Use of Transport <br /> Layer Security(TLS) Implementations; 800-77, Guide to IPsec VPNs; or 800-113, <br /> Guide to SSL VPNs, and may include others which are Federal Information Processing <br /> Standards FIPS 140-2 validated. <br /> • The media on which the PHI is stored or recorded has been destroyed in the following <br /> ways: <br /> Paper, film, or other hard copy media have been shredded or destroyed such that the <br /> PHI cannot be read or otherwise cannot be reconstructed. Redaction is specifically <br /> excluded as a means of data destruction. <br /> Electronic media have been cleared, purged, or destroyed consistent with NIST Special <br /> Publications 800-88, Guidelines for Media Sanitization, such that the PHI cannot be <br /> retrieved. <br />
The URL can be used to link to this page
Your browser does not support the video tag.