Upload
brooke-green
View
220
Download
0
Tags:
Embed Size (px)
Citation preview
Compliant and secure disposition
• Health Insurance Portability and Accountability Act
• Financial Services Modernization Act• Fair and Accurate Credit Transaction Act• Regulation SP• Health Information Technology for Clinical and Economic Health
• State-level I.D. fraud prevention laws• Data Breach Notification Laws
Written policies and procedures
Staff training
Designated accountability
Vendor selection due diligence
Service provider contracts required
Compliant and secure disposition
Written policies and procedures
• State organization’s commitment to data protection
• Define organizational accountability
• Provide sufficient direction to field staff
• Describe training and field staff acknowledgement
• Describe incident reporting protocol
• Describe auditing methodology and tools
• Include vendor selection criteria and process
• Link to regulatory requirements and written policies/procedure
• Establish chain of custody and fiduciary clarity
• Address subcontracting issues
• Define liability and indemnification requirements
Contractual protections