Difference between revisions of "Template:LIMSpec for Cannabis Testing/Information privacy"
From CannaQAWiki
Jump to navigationJump to searchShawndouglas (talk | contribs) |
Shawndouglas (talk | contribs) m (Renumbered.) |
||
Line 9: | Line 9: | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E 45 CFR Part 164 Subpart E]<br />[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-5-1] | | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E 45 CFR Part 164 Subpart E]<br />[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-5-1] | ||
| style="background-color:white;" |''' | | style="background-color:white;" |'''27.1''' The system shall comply with privacy protection compliance like that found in HIPAA provisions (e.g., when handling medical marijuana user data). | ||
|- | |- | ||
| style="padding:5px; width:500px;" | | | style="padding:5px; width:500px;" | | ||
Line 16: | Line 16: | ||
[https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | ||
[https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-5-2] | [https://www.astm.org/Standards/E1578.htm ASTM E1578-18 S-5-2] | ||
| style="background-color:white;" |''' | | style="background-color:white;" |'''27.2''' The system should be provisioned with enough security to prevent personally identifiable information in the system from being compromised. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514] | | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514] | ||
| style="background-color:white;" |''' | | style="background-color:white;" |'''27.3''' The system shall allow authorized individuals to de-identify select data in the system, including but not limited to names, geographic locations, dates, government-issued identification numbers, telephone numbers, email addresses, full-face photos, and other personal identifiers. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E 45 CFR Part 164 Subpart E]<br /> | | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E 45 CFR Part 164 Subpart E]<br /> | ||
[https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-6] | [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53, Rev. 4, AC-6] | ||
| style="background-color:white;" |''' | | style="background-color:white;" |'''27.4''' The system shall be able to verify and ensure that users authorized to view de-identified data are also not a member of a role that permits access to information that re-identifies the data, i.e., segregate duties. | ||
|- | |- | ||
|} | |} | ||
|} | |} |
Revision as of 21:22, 21 January 2021
|