WAC 246-455-080: Security of the data.

Inside the Legislature

	Find Your Legislator
	Visiting the Legislature
	Agendas, Schedules and Calendars
	Bill Information
	Laws and Agency Rules
	Legislative Committees
	Legislative Agencies
	Legislative Information Center
	E-mail Notifications (Listserv)
	Students' Page
	History of the State Legislature

Outside the Legislature

	Congress - the Other Washington
	TVW
	Washington Courts
	OFM Fiscal Note Website

WACs > Title 246 > Chapter 246-455 > Section 246-455-080

Print Version | [In English]

246-455-070 << 246-455-080 >> 246-455-090

WAC 246-455-080	Agency filings affecting this section
Security of the data.

  (1) The department and its contractors or agents shall maintain the confidentiality of any individually identifiable health information as required by RCW 70.170.090 and federal Health Insurance Portability and Accountability Act standards.

     (2) The department shall institute security and system safeguards to prevent and detect unauthorized access, modification, or manipulation of individually identifiable health information. Accordingly, the safeguards will include:

     (a) Documented formal procedures for handling the information;

     (b) Physical safeguards to protect computer systems and other pertinent equipment from intrusion;

     (c) Processes to protect, control and audit access to the information;

     (d) Processes to protect the information from unauthorized access or disclosure when it is transmitted over communication networks;

     (e) Processes to protect the information when it is physically moved from one location to another;

     (f) Processes to ensure the information is encrypted when:

     (i) It resides in an area that is readily accessible by individuals who are not authorized to access the information (e.g., shared network drives or outside the agency data centers);

     (ii) It is stored in a format that is easily accessible by individuals who are not authorized to access the information (e.g., text files and spreadsheets);

     (iii) It is stored on removable media, or portable devices (e.g., tapes, electronic disks, thumb drives, external hard drives, laptops and handheld devices).

[Statutory Authority: RCW 43.70.040 and 43.70.052. 07-09-091, § 246-455-080, filed 4/18/07, effective 5/23/07. Statutory Authority: RCW 43.70.040 and [43.]70.170. 03-13-029, § 246-455-080, filed 6/10/03, effective 7/11/03. Statutory Authority: RCW 43.70.040 and chapter 70.170 RCW. 94-12-090, § 246-455-080, filed 6/1/94, effective 7/2/94. Statutory Authority: RCW 43.70.040. 91-02-049 (Order 121), recodified as § 246-455-080, filed 12/27/90, effective 1/31/91. Statutory Authority: Chapter 70.39 RCW. 84-20-067 (Order 84-06, Resolution No. 84-06), § 261-50-070, filed 10/1/84.]