§ 126076. Security Requirements -- Technical Controls.
22 CA ADC § 126076Barclays Official California Code of Regulations
22 CCR § 126076
§ 126076. Security Requirements -- Technical Controls.
• Login ID (successful and unsuccessful attempts)
• Events (create, read, update, delete)
• Timestamp (date, time)
• Role (e.g. doctor, nurse, admin, billing, IT)
• Unauthorized accesses
(d) Data Assurance. A Demonstration Project Participant shall protect IHI from unauthorized alteration or destruction. A Demonstration Project Participant shall implement technical security measures to guard against unauthorized access to, or modification of, IHI that is being transmitted over an electronic communications network.
(1) Encryption & Cryptographic Controls. A Demonstration Project Participant shall utilize encryption to the level appropriate to the data being protected, and where appropriate, to protect IHI. Demonstration Project Participants shall utilize the NIST Cryptographic Module Validation Program (CMVP) as the authoritative source of which products, modules, and modes are approved for use by NIST for Federal information Processing. This list, or its successor, should be periodically reviewed for updated information as part of each Demonstration Project Participant's internal best practices.
Credits
Note: Authority cited: Sections 130277 and 130278, Health and Safety Code. Reference: Sections 1798.21 and 1798.81.5, Civil Code; Sections 1280.15, 130200, 130277 and 130279, Health and Safety Code; and 45 C.F.R. Sections 164.306(a), 164.308(a)(5), 164.310 and 164.312.
History
1. New section filed 1-31-2012; operative 1-31-2012. Exempt from the rulemaking requirements of the Administrative Procedure Act and submitted to OAL for printing only pursuant to Health and Safety Code section 130278 (Register 2012, No. 5).
This database is current through 4/26/24 Register 2024, No. 17.
Cal. Admin. Code tit. 22, § 126076, 22 CA ADC § 126076
End of Document |