Policies and Regulations Governing DSHS Confidential Data

Washington State IT Security Standards

Washington State Office of the Chief Information Officer
141.10 Securing Information Technology Assets - These are high level standards that apply to all Washington state agencies. DSHS has developed its own IT Security Standards, which align with and are as or more restrictive.

Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act

U.S. Department of Health and Human Services, Office of Civil Rights (HHS/OCR
Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164 - Security and Privacy - That portion of HIPAA which includes the Security Rule and Privacy Rule.

Related U.S. Department of Heath & Human Services (HHS) Information
https://www.hhs.gov/hipaa/index.html
https://www.hhs.gov/hipaa/for-professionals/security/index.html
https://www.hhs.gov/hipaa/for-professionals/security/nist-security-hipaa-crosswalk/index.html

Criminal Justice Information Services (CJIS)

Federal Bureau of Investigation, Criminal Justice Information Services Division (FBI/CJISD)
CJIS Security Policy Resource Center - Includes text of the CJIS Security Policy.

42 Code of Federal Regulations (CFR) Part 2 - Confidentiality of Substance Use Disorder Patient Records

U.S. Department of Health and Human Services, Substance Abuse and Mental Health Services Administration (HHS/SAMHSA)
42 CFR Part 2
42 CFR Part 2 §2.13 Confidentiality restrictions and safeguards