Compliance with Data Center Security Requirements

Data Center Supplemental Document
Employee Last Name, First Name / Supervisor Name

Compliance with Data Center Security Requirements

General Requirements (apply to all requests for access)

1. Each individual entering the Data Center must be aware of his/her responsibility not to disclose any information housed in the Data Center. In addition, no information or data should be accessed without a need to know.
2. The Internal Revenue Code contains secrecy provisions that apply to federal tax reports and returns. Pursuant to Internal Revenue Code sections 6103 and 7213, penalties similar to those in New York State law are imposed on any person making an unauthorized disclosure of federal tax information. In addition, Internal Revenue Code section 7213A prohibits the unauthorized inspection of returns or return information (“browsing”). The unauthorized inspection of returns or return information by any person is punishable by a fine not exceeding $1,000 for each access, or by imprisonment of not more than one (1) year, or both, together with the costs of prosecution.
3. Misuse of SSA-provided data, unauthorized access, and unauthorized disclosure could result in potential criminal and/or civil sanctions or penalties associated with misuse or unauthorized disclosure of SSA-provided information.
4. The data center houses HIPAA-related data, which is protected under federal statute. HIPAA overview below is shared with each individual.

ITS State Employees and ITS Hired Contractors
In additional to the above, it is understood that prior to requesting Data Center access that all ITS workforce members have met the following qualifications:

1. The Employee, contractor and/or the contractor’s company has agreed to a non-disclosure statement.
2. All individuals have been fingerprinted according to the policy provisions contained in NYS-P16-001.
3. ITS Employees receive a copy of the ITS Work Rules.

All individuals entering the Data Center are required to follow Data Center security procedures. Failure to adhere to these procedures will result in denial of access.
______
Compliance with HIPAA Regulations in the Data Center
As of April 1, 2002 all individuals entering New York State consolidated Data Center(s) must comply with federal privacy regulations known as the “Health Insurance Portability and Accountability Act,” which requires that ITS make every reasonable effort to keep individual health information private and confidential, and disclose or use only what is minimally necessary.
Authorized uses of this health information are long-established jobs and tasks of the Data Centers; however, if any State employee or contractor suspect’s health information may be being improperly used or disclosed, they should report it to management immediately for corrective action.
Any individual you authorize to enter the Data Center should be informed that HIPAA information is present and they should not access any information that is not essential to their job function. Any access or disclosure of HIPAA related data is subject to Federal and State Laws.
Any individual you authorize to enter the Data Center must have completed the online course “Privacy and Security of Health Information in New York State,” available on the Statewide Learning Management System (SLMS),
Employee Signature ______Date
Authorizer Signature______Date