Encryption Requirements. The Contractor shall establish, maintain, and enforce (and Contractor shall ensure its affiliates and subcontractors establish, maintain, and enforce) a written policy that prohibits the sending of any State Data that is customarily considered to be sensitive or confidential in nature (including social security number, home address and medical information) by electronic mail. This written policy must be provided to the Department within sixty (60) days of execution of the Contract. The Contractor agrees to encrypt the transmission of all State Data that is customarily considered to be sensitive or confidential in nature (including social security number, home address and medical information), whether or not it is sent through MFMP or through other electronic means. The Contractor shall obtain the Department’s approval for the encryption software and procedures used by Contractor. The foregoing encryption requirement under this section shall not apply to messages sent over secure, dedicated lines: a. From Contractor employees and Individual Contractors to other Contractor employees or Individual Contractors, or b. From the Contractor to the Department, a Covered Entity or a member of the Covered Population. The Contractor shall be permitted to receive emails or other electronic transmissions from the Department or a Customer containing any State Data; further, in the event of such transmission, Contractor shall protect the confidentiality of such data. Contractor shall ensure that all laptop computers, tablets and other portable computer or data storage devices used to access State Data shall have “full disc” encryption. Contractor shall require its subcontractors to comply with the requirements to the extent applicable to subcontractor’s services.
Appears in 2 contracts
Sources: Contract for Next Generation Myfloridamarketplace, Contract for Next Generation Myfloridamarketplace DMS 20/21 150