DSHS is required by state and federal law to protect and maintain the privacy and security of confidential client information.
When contractors have access to confidential client information, we must also require them to safeguard the privacy and security of our clients’ confidential data. Therefore, please be aware that if you bid on and are awarded a contract with DSHS, your contract may contain several important provisions intended to safeguard and protect the privacy of DSHS clients’ confidential information, including protected health information (PHI). These contract provisions may include:
- the Confidentiality section of the General Terms & Conditions
- the HIPAA Compliance/Business Associate section
- the Data Security Requirements Exhibit
If you subcontract any of the services under a contract with DSHS, you must also ensure that your subcontractors are also following all the relevant data security and confidentiality provisions that are included in your contract. This means you must include the same requirements found in your contract with DSHS in your contracts with your subcontractors.
You must also obtain approval from DSHS in advance before you subcontract out any of the services under a contract with DSHS. If a contract does not explicitly state that you have approval to subcontract, then you must contact the DSHS Contact identified on the face sheet of the contract to obtain DSHS approval before you may subcontract any services out.
Resources for Contractors with DSHS Confidential Information
The following resources are intended to provide contractors with information that will help them in applying the security controls necessary to safeguard DSHS confidential data in their possession.