The Privacy Standards and Security Safeguards Policy and Procedure defines a set of requirements for Participants for maintaining and safeguarding data, including:

 

• Administrative, technical, and physical safeguards that Participants must follow to protect the confidentiality, integrity and availability of Health and Social Services Information (HSSI);
• The use of a secure environment that supports the Exchange of HSSI;
• What Participants must do to protect against unauthorized Disclosure, Access, Use, modification, or Exchange of HSSI; and
• How Participants must protect against any Loss, Destruction, Disruption of authorized Access or Exchange of HSSI.

 

The Technical Requirements for Exchange Policy and Procedure defines a set of person attributes that must not be included among person attributes for Person Matching unless required by the technical exchange standard or by the Nationwide Network or Framework in use. It further specifies that if Participants use Nationwide Networks or Frameworks or other intermediaries to Exchange HSSI, Participants must follow all applicable law, and conform to the security model and security standards for exchanging information established by that Nationwide Network or Framework.