12 Va. Admin. Code § 5-115-50 - Security

Current through Register Vol.. 38, No. 17, April 11, 2022

A. After VDH gives access to a VIIS participant, a secure connection is established between his browser and VIIS. The system is password protected.
B. Participants shall ensure that employees with authorized access do not disclose their user identification code or password to anyone, have physical security and password-enabled screen savers on computers accessing VIIS, make every effort to protect VIIS screens from unauthorized view, and log off the system whenever leaving the VIIS workstation.
C. The VIIS system, which is maintained on a secure website, shall automatically inactivate a user session after a predetermined period of inactivity. The inactivation period is determined by VITA security policy.
D. The VIIS system shall inactivate user accounts, denying access to the system when participants have not logged into the system after a predetermined period of time. This inactivation period is determined by VITA security policy. The administrator must reactivate the account.
E. There shall be a secure encrypted connection between VIIS and the participating organization sending or receiving data if data exchange is performed. The encryption process will be determined by VITA or VDH or both.

Notes

12 Va. Admin. Code § 5-115-50
Derived From Virginia Register Volume 31, Issue 22, eff. 7/31/2015.

Statutory Authority: § 32.1-46.01 of the Code of Virginia.

The following state regulations pages link to this page.



State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.