Information Integrity and Security. 1. Information Assets. Subrecipient shall have in place operational policies, procedures, and practices to protect State information assets including those assets used to store or access Personal Health Information (PHI), Personal Information (PI), and any information protected under the Health Insurance Portability and Accountability Act (HIPAA) (i.e., public, confidential, sensitive and/or personal information) as specified in the State Administrative Manual, Section 5300 to 5365.3; Cal. Gov. Code § 11019.9; DGS Management Memo 06-12; DOF Budget Letter 06-34; and CDA Program Memorandum 07-18 Protection of Information Assets and the Statewide Health Information Policy Manual. Information assets may be in hard copy or electronic format and may include (but are not limited to): a) Reports b) Notes c) Forms d) Computer, laptops, cellphones, printers, scanners e) Networks (LAN, WAN, WIFI) servers, switches, routers f) Storage media, hard drives, flash drives, cloud storage g) Data, applications, databases 2. Encryption on Portable Computing Devices. Subrecipient is required to use 128-Bit encryption for data collected and stored under this Contract that is confidential, sensitive, and/or personal including data and stored on all computing devices (including, but not limited to, workstations, servers, laptops, personal digital assistants, notebook computers, and backup media) and/or portable electronic storage media (including, but not limited to, discs, thumb/flash drives, portable hard drives, and backup media).
Appears in 2 contracts
Sources: Contract for Provision of Services, Contract Ma 012 23010011