1 minute read
Table 4. Suggested Procedures for Data Disclosure
Classification
Table 4. Suggested Procedures for Data Disclosure
Advertisement
Use Disclosure
Highly Sensitive 1.Must be restricted to only individuals who have a need to know.
2.Must use extreme cau�on when handling data. Only share informa�on internally and only when expressly permi�ed and when directed by the data owner.
Sensitive 3.Must be restricted to only Only share informa�on individuals who have a need to know. internally and only when expressly permi�ed.
4.Data can be generally used, but Only share informa�on Internal Use care should be considered in its consump�on. internally within the organiza�on.
Public 5.No restric�ons. Share freely with no restric�ons.
Be careful when sending information through e-mail. Ensure that sending PHI via e-mail is consistent with ONC guidance. Do not send unencrypted PHI through regular e-mail or text message. However, patients can request and receive access to their PHI via unencrypted electronic communications following a brief warning to the patient that unencrypted communications could be accessed by a third-party in transit and the patient confirms that they still want to receive the unencrypted communication. Labeling: It is important to label information properly to facilitate implementation of restrictions related to its usage and disclosure. Labeling helps keep data secure in two ways. First, users will understand how to handle information that is properly labeled. Second, specialized security tools, such as data loss prevention (DLP) systems, can be configured to discover and control information when it is properly labeled.
At minimum, the labeling process should ensure that labels are readily apparent when users view information. Use techniques like placing the classification in the footer of the document.
Collaborate with your marketing and communication departments to create document templates based on data classification levels. Organization-wide document templates enable specialized tokens or signatures to be embedded in the documents and tracked by DLP systems.
4.M.C Data Security NIST FRAMEWKORK REF:
PR.DS, PR.DS-1, PR.DS-2, PR.IP-6, PR.DS-5
After policies and procedures have been defined, you can establish additional data security methods. Consider the security methods described in Table 5.
44
