Difference between revisions of "Template:LIMSpec for Cannabis Testing/Information privacy"

Revision as of 18:01, 30 January 2021


Regulation, Specification, or Guidance	Requirement
▪ 45 CFR Part 164 Subpart E ▪ ASTM E1578-18 S-5-1	27.1 The system shall comply with privacy protection compliance like that found in HIPAA provisions (e.g., when handling medical marijuana user data).
▪ 45 CFR Part 164.105 ▪ 45 CFR Part 164 Subpart C ▪ 45 CFR Part 170.315 (d) ▪ ASTM E1578-18 S-5-2	27.2 The system should be provisioned with enough security to prevent personally identifiable information in the system from being compromised.
▪ 45 CFR Part 164.514	27.3 The system shall allow authorized individuals to de-identify select data in the system, including but not limited to names, geographic locations, dates, government-issued identification numbers, telephone numbers, email addresses, full-face photos, and other personal identifiers.
▪ 45 CFR Part 164 Subpart E ▪ NIST 800-53, Rev. 4, AC-6	27.4 The system shall be able to verify and ensure that users authorized to view de-identified data are also not a member of a role that permits access to information that re-identifies the data, i.e., segregate duties.

@@ Line 5: / Line 5: @@
    ! colspan="2" style="text-align:left; padding-left:20px; padding-top:10px; padding-bottom:10px;"|
   |-
-   ! style="color:brown; background-color:#ffffee; width:175px;"| Regulation, Specification, or Guidance
+   ! style="color:brown; background-color:#ffffee; width:150px;"| Regulation, Specification, or Guidance
    ! style="color:brown; background-color:#ffffee; width:700px;"| Requirement
   |-