MUSC Policy: Information Security - Data Integrity

 TITLE: Information Security  ID:
 ORIGINATOR: Information Security Office  DATE: Jan 5, 2005
 REVIEWED: President's Council  DATE: Feb 16, 2005
 APPROVED: Raymond S. Greenberg, MD, PhD  DATE: Feb 16, 2005
 IMPLEMENTATION: Enterprise-wide  DATE: Feb 16, 2005

1. RATIONALE

Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:

HIPAA Security: 164.312(c)(1) Standard: Integrity
HIPAA Security: 164.312(c)(2) Mechanism to authenticate electronic protected health information
HIPAA Security: 164.312(e)(1) Standard: Transmission security
HIPAA Security: 164.312(e)(2)(i) Integrity controls

2. POLICY

If an MUSC System is used to house protected information, then the designated Owner of the System is responsible for ensuring that the System's integrity controls, for protecting data from improper alteration or destruction, are sufficient to meet all legal, ethical and business requirements.

3. PROCEDURES

3.1. Definitions

Refer to MUSC Policy: Information Security: Appendix A.

3.2. Scope of Controls

The System's integrity controls must protect data against improper alteration or destruction during storage, during processing, and during transmission over electronic communication networks.

3.3. Appropriateness of Controls

The types of integrity controls used in the System should be guided by the System Owner's Risk Assessment.

3.4. Sanctions

Refer to MUSC Policy: Information Security: Sanctions.

3.5. See Also

MUSC Policy: Information Security
MUSC Policy: Information Security - Risk Management

4. ACCESS

This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.