Kan. Admin. Regs. § 28-67-9 - System security

(a) All health care data shall be maintained on computer systems administered by CHES. A password system shall be used to limit access to computer files. Passwords shall be changed on a schedule determined by CHES staff, and an individual account shall be deleted whenever a staff member terminates employment or is no longer authorized access to the system.

(b) Only CHES staff shall be authorized to load data tapes and install software and file servers. All software shall be checked for computer viruses before being installed.

(c) General access to the central computer area shall be limited to normal work hours only. Access shall be restricted to CHES staff at all other times unless an individual obtains authorization to access the computer area.

(d) Network tape backups shall be stored on-site in a secure fire retardant location. Additional copies of software, documentation, and backups shall be stored at a secure, off-site location.

(e) Non-Kansas department of health and environment staff shall set up a CHES user account in order to access the health care information system. Passwords shall only be issued to non-Kansas department of health and environment users if they are under contract to Kansas department of health and environment or under the terms of a data sharing agreement. Unauthorized use of health care data by any other person or governmental subdivision granted access to the database shall result in termination of system access and no further provision of data.

(f) Network backups shall be done weekly and at the end of each month. Two copies of the monthly backup tape shall be produced. All network files shall be checked for computer viruses before backup.

Notes

Kan. Admin. Regs. § 28-67-9

Authorized by and implementing K.S.A. 65-6804, as amended by L. 1994, Ch. 90, sec. 3; effective Dec. 19, 1994.