(1) The department and its contractors or agents shall maintain the confidentiality of data from CHARS as required by chapter
70.170 RCW.
(2) The department shall institute security and system safeguards to prevent and detect unauthorized access, modification, or manipulation of individually identifiable health information. Accordingly, the safeguards will include:
(a) Documented formal procedures for handling the information;
(b) Physical safeguards to protect computer systems and other pertinent equipment from intrusion;
(c) Processes to protect, control and audit access to the information;
(d) Processes to protect the information from unauthorized access or disclosure when it is transmitted over communication networks;
(e) Processes to protect the information when it is physically moved from one location to another;
(f) Processes to ensure the information is encrypted when:
(i) It resides in an area that is readily accessible by individuals who are not authorized to access the information (e.g., shared network drives or outside the agency data centers);
(ii) It is stored in a format that is easily accessible by individuals who are not authorized to access the information (e.g., text files and spreadsheets);
(iii) It is stored on removable media, or portable devices (e.g., tapes, electronic disks, thumb drives, external hard drives, laptops and hand-held devices).
[Statutory Authority: RCW
43.70.052, 2014 c 220. WSR 15-19-152, § 246-455-080, filed 9/22/15, effective 10/23/15. Statutory Authority: RCW
43.70.040 and
43.70.052. WSR 07-09-091, § 246-455-080, filed 4/18/07, effective 5/23/07. Statutory Authority: RCW
43.70.040 and [43.]70.170. WSR 03-13-029, § 246-455-080, filed 6/10/03, effective 7/11/03. Statutory Authority: RCW
43.70.040 and chapter
70.170 RCW. WSR 94-12-090, § 246-455-080, filed 6/1/94, effective 7/2/94. Statutory Authority: RCW
43.70.040. WSR 91-02-049 (Order 121), recodified as § 246-455-080, filed 12/27/90, effective 1/31/91. Statutory Authority: Chapter
70.39 RCW. WSR 84-20-067 (Order 84-06, Resolution No. 84-06), § 261-50-070, filed 10/1/84.]