Data Classification

Protected

HIPAA

Health Insurance Portability and Accountability Act – legislation that includes requirements for the privacy and security of identifiable patient health information. Privacy covers all records whether paper or electronic and the Security focuses on electronic information.
All departments the produce, use, store or transmit patient health records.

http://www.hhs.gov/ocr/hipaa/

PCI DSS

PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments. Merchants and service providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company.

Departments that process credit cards for payment of services.

https://www.pcisecuritystandards.org/

FERPA

Family Educational Rights and Privacy Act protects the privacy of student education records.

http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html

Chemical Facility Anti-Terrorism Standards

The Department of Homeland Security has issued Chemical Facility Anti-Terrorism Standards for any facility that manufactures, uses, stores, or distributes certain chemicals above a specified quantity.

Environmental Health & Safety and other information sources that track DHS identified Chemicals.

http://www.dhs.gov/xprevprot/laws/gc_1166796969417.shtm

FISMA

Federal Information Security Management Act – requirements for security controls to be in place when federally regulated information is stored.

Departments that produce, use, store or transmit information to the Veterans Affairs patient database.

http://iase.disa.mil/fisma/index.html

FDA Part 11

Requirements for controls to non-repudiation of electronic signatures for records that are intended for the Food and Drug Administration.

Departments that take part in drug trials will need to comply.

http://www.fda.gov/cder/guidance/5667fnl.html

NRC

Nuclear Regulatory Commission.  Regulations to protect information related to U.S. government programs for the physical protection and safeguarding of nuclear materials or facilities.

www.nrc.gov

Missouri PII

Missouri Personally Identifiable Information

http://www.moga.mo.gov/mostatutes/stathtml/40700015001.html

 

 

Confidential

HR Records

Legal Documents

Intellectual Property

Financial Data

 

Public

De-identified Research Data

Released by Public Affairs