The Authority shall undertake precautions to prevent unauthorized disclosure of the raw data files. These precautions include but are not limited to:
- (1) Storing the raw data files on the internal storage hardware of a password-protected personal computer that is physically located within the Authority;
- (2) Restricting staff access to the raw data files;
- (3) Restricting network access to the raw data files; and
- (4) If applicable, storing patient information within a strongly-encrypted and password-protected virtual drive or using other methods to reliably achieve the same level of security.
Statutory/Other Authority
ORS 442.420, 2007 OL Ch. 838 § 1–6 & 12
Statutes/Other Implemented
ORS 192.496, 192.502, 2007 OL Ch. 838 § 1–6 & 12
History
PH 17-2014, f. & cert. ef. 6-9-14
Renumbered from 409-023-0025 by PH 13-2013, f. 12-26-13, cert. ef. 1-1-14
OHP 1-2008, f. & cert. ef. 7-1-08