Privacy/Confidentiality: Difference between revisions

Jump to navigation Jump to search
no edit summary
No edit summary
No edit summary
(14 intermediate revisions by 3 users not shown)
Line 20: Line 20:
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"  
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"  
width="20">[[Intellectual Property]]</td>
width="20">[[Intellectual Property]]</td>
<td style="border-bottom:2px solid #A3B1BF" width="3">&#160;</td>
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF"
width="20">[[Faculty]]</td>
</tr>
</tr>
</table>
</table>
Line 27: Line 30:
Policy No.: '''6045'''<br />
Policy No.: '''6045'''<br />
Effective Date: '''11/21/03'''<br />
Effective Date: '''11/21/03'''<br />
Revised Date: '''07/30/18  DRAFT'''<br />
Revised Date: '''07/01/19'''<br />
Reviewed Date: '''07/30/18'''<br />
Reviewed Date: '''06/17/19'''<br />
<br />
<br />
<big>'''Privacy, Confidentiality and Security of Patient and Proprietary Information Policy'''</big><br /><br />
<big>'''Privacy, Confidentiality and Security of Patient and Proprietary Information Policy'''</big><br /><br />
Line 43: Line 46:
:*is created or received by ACE; and
:*is created or received by ACE; and
:*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
:*relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.
==Definitions==
*'''Workforce''' means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC.
'''Controlled Unclassified Information (CUI)''' is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
==Other Definitions==
*'''Controlled Unclassified Information (CUI)''' as defined by U.S. Presidential Executive Order 13556 is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended.
*'''Employee Records''' refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
*'''Employee Records''' refers to all information, records and documents pertaining to any person who is an applicant or nominee for any University personnel position described in the Board of Regents Bylaws, § 3.1, regardless of whether any such person is ever actually employed by the University, and all information, records and documents pertaining to any person employed by the University.
*'''Information Security''' is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons.
*'''Information Security''' is the ability to control access and protect information from unauthorized alteration, destruction, loss or accidental or intentional disclosure to unauthorized persons.
*'''Proprietary Information''' is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; student records; and meeting minutes.
*'''Proprietary Information''' is information relating to business practices, including but not limited to financial statements, contracts, and business plans; employee records; student records; and meeting minutes.
*'''Student Education Records''' means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person other than a student who is employed by UNMC by virtue of his or her status as a student at UNMC, (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).
*'''Student Education Records''' means any information recorded in any way which directly relates to a student and is maintained by or on behalf of UNMC (education agency/institution). Student education record does not include a (i) sole possession record, (ii) law enforcement record, (iii) employee record of a person who is employed by UNMC by virtue of his or her status as a student at UNMC (e.g. work study, assistantships, resident assistants), (iv) alumni record and (v) medical record that is part of the common medical record shared by the Affiliated Covered Entity. Student education records are covered by the Family Educational Rights and Privacy Act (FERPA).
*'''Workforce''' means employees, the medical staff, volunteers, trainees, and other persons whose conduct, in the performance of work for UNMC is under the direct control of UNMC, whether or not they are paid by UNMC.
 
==Procedures==
==Procedures==
===Patient Information===
===Patient Information===
*Records containing confidential information, in any form, are the property of the ACE. The original medical record in any form shall not be released except in response to a valid search warrant, subpoena, or court order requiring the release of the original record. A copy of the medical record should be offered first in such circumstances. If the original medical record must be released, a copy should be made prior to release if possible.
*Records containing PHI, in any form, are the property of the ACE. The original medical record in any form shall not be released except in response to a valid search warrant, subpoena, or court order requiring the release of the original record. A copy of the medical record should be offered first in such circumstances. If the original medical record must be released, a copy should be made prior to release if possible.
*Individuals have the following rights with respect to their PHI:
*Individuals have the following rights with respect to their PHI:
:*Right to request access and obtain copies of their designated record set within a reasonable amount of time and to request amendment (see UNMC Policy No. 6059, [https://wiki.unmc.edu/index.php/Access_to_Designated_Record_Set Access and Amendment of Designated Record Set]);
:*Right to request access and obtain copies of their designated record set within a reasonable amount of time and to request amendment (see UNMC Policy No. 6059, [https://wiki.unmc.edu/index.php/Access_to_Designated_Record_Set Access and Amendment of Designated Record Set]);
Line 60: Line 64:
:*Right to file a complaint internally with the Nebraska Medicine Patient Relations Department, the Office of the Assistant Dean for Patient Services (College of Dentistry), or with the U.S. Department of Health and Human Services Office for Civil Rights. (See UNMC Policy Nos. 6058, [[Notice of Privacy Practices]] and 6062, [[Patient/Consumer Complaints]]).
:*Right to file a complaint internally with the Nebraska Medicine Patient Relations Department, the Office of the Assistant Dean for Patient Services (College of Dentistry), or with the U.S. Department of Health and Human Services Office for Civil Rights. (See UNMC Policy Nos. 6058, [[Notice of Privacy Practices]] and 6062, [[Patient/Consumer Complaints]]).
*Individuals shall not be asked to waive these rights as a condition of receiving treatment.
*Individuals shall not be asked to waive these rights as a condition of receiving treatment.
*The ACE is responsible for safeguarding and protecting confidential information against loss, tampering, and disclosure to unauthorized individuals. The safeguarding of confidential information in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]).
*The ACE is responsible for safeguarding and protecting PHI against loss, tampering, and disclosure to unauthorized individuals. The safeguarding of PHI in any form includes when the information is stored and/or being transferred outside the facility (see UNMC Policy No. 6073, [[Transporting Protected Health Information]]).
*ACE workforce have a duty to protect PHI. Breach of this duty includes the following:
*ACE workforce have a duty to protect PHI. Breach of this duty includes the following:
:*Accessing PHI, in any form, without a "need to know" to perform assigned duties. Workforce members with medical information system access may view their own individual medical records. Workforce members may not print copies of their own records nor access records of family members (including children), relatives, friends and others, unless access is necessary to perform assigned duties. Workforce members may obtain a copy of their medical records from the Health Information Management Department. Workforce may not alter their own medical record.
:*Accessing PHI, in any form, without a "need to know" to perform assigned duties. Workforce members may not access their own records. Workforce members may not access records of family members (including children), relatives, friends and others, unless access is necessary to perform assigned duties. Workforce members may obtain a copy of their medical records from the Health Information Management Department via the online patient portal.  
:*Discussing or disclosing patient care events to individuals who do not have a “need to know” to perform assigned duties, even if the patient’s name is not mentioned. The facts surrounding patient care are confidential and can lead to the identity of the patient.
:*Discussing or disclosing patient care events to individuals who do not have a “need to know” to perform assigned duties, even if the patient’s name is not mentioned. The facts surrounding patient care are confidential and can lead to the identity of the patient.
:*Disclosing PHI without proper authorization (see UNMC Policy No. 6057, [[Use and Disclosure of Protected Health Information]]);
:*Disclosing PHI without proper authorization (see UNMC Policy No. 6057, [[Use and Disclosure of Protected Health Information]]);
Line 74: Line 78:
:*Transferring PHI in any form without both parties having a need to know.
:*Transferring PHI in any form without both parties having a need to know.
*The ACE shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches.
*The ACE shall reasonably mitigate or reduce any harmful effects that may result from privacy breaches.
*All employees, medical staff, allied health practitioners and members of the workforce with access to PHI shall sign UNMC [https://www.unmc.edu/hipaa/policies/6045-exhibit-a-statement-of-understanding.pdf Statement of Understanding (Exhibit A)] upon initial employment/work/appointment/credentialing.
*All employees, medical staff, allied health practitioners and members of the workforce with access to PHI shall sign UNMC [https://www.unmc.edu/academicaffairs/_documents/compliance/Statement_of_Understanding.pdf Statement of Understanding] upon initial employment/work/appointment/credentialing.
*Workforce members who suspect a privacy or information security violation must report it immediately to their respective manager and the Privacy and/or Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 844-348-9548. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. The Medical Staff and allied health practitioners shall report suspected violations to the System Chief Medical Officer.
*Workforce members who suspect a privacy or information security violation must report it immediately to their respective manager and the Privacy and/or Information Security Office. A full investigation of the suspected violation shall be conducted. Staff who wish to remain anonymous may report the suspected violation to the Compliance Hotline at 844-348-9548. Sanctions shall be imposed for substantiated breaches or failure to report suspected violations. The Medical Staff and allied health practitioners shall report suspected violations to the System Chief Medical Officer.
*Sanctions for violations of privacy or information security may include revocation of medical staff privileges, allied health credentials, or employee corrective action up to and including termination of employment (see UNMC Policy No. 1098, [https://wiki.unmc.edu/index.php/Corrective/Disciplinary_Action Corrective and Disciplinary Action]). Civil and criminal fines and penalties can also be levied under HIPAA.
*Sanctions for violations of privacy or information security may include revocation of medical staff privileges, allied health credentials, or employee corrective action up to and including termination of employment (see UNMC Policy No. 1098, [https://wiki.unmc.edu/index.php/Corrective/Disciplinary_Action Corrective and Disciplinary Action]). Civil and criminal fines and penalties can also be levied under HIPAA.
Line 140: Line 144:
*Defense/Technology related research and development for the US Government
*Defense/Technology related research and development for the US Government
Guiding standards for the management and handling of CUI are:
Guiding standards for the management and handling of CUI are:
*[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations]  
*[https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations]  
*[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations - Moderate Standards]  
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final Security and Privacy Controls for Federal Information Systems and Organizations]  
All personnel, including faculty, staff, research associates and fellows, visiting scholars, students, and all other persons retained by or working at the University of Nebraska Medical Center and its affiliates will comply with all applicable U.S. laws and regulations while teaching, conducting research or providing service activities at or on behalf of the university. As such, personnel are required to comply with the U.S. laws that regulate the transfer of items, information, technology, software, and funds to destinations and persons outside of the U.S., as well as in some cases, to non-U.S. citizens at the university.
All personnel, including faculty, staff, research associates and fellows, visiting scholars, students, and all other persons retained by or working at the University of Nebraska Medical Center and its affiliates will comply with all applicable U.S. laws and regulations while teaching, conducting research or providing service activities at or on behalf of the university. As such, personnel are required to comply with the U.S. laws that regulate the transfer of items, information, technology, software, and funds to destinations and persons outside of the U.S., as well as in some cases, to non-U.S. citizens at the university.
*Specific CUI are referenced elsewhere in this policy, reference applicable sections for additional information.
*Specific CUI are referenced elsewhere in this policy, reference applicable sections for additional information.
*Workforce members who suspect a breach of confidentiality regarding controlled unclassified information shall report the breach to the Privacy Office and/or Information Security Office.  
*Workforce members who suspect a breach of confidentiality regarding controlled unclassified information shall report the breach to the Privacy Office and/or Information Security Office.  
===Research Information===
===Research Information===
*Members of the workforce have a duty to protect confidential information produced while performing research. Breach of this duty includes the following:  
*PHI and other sensitive data, such as student information or business information, may be elements of authorized research. Members of the workforce have a duty to protect confidential information produced while performing research.  
:*Disclosure of PHI to unauthorized persons or entities not included in the Authorization for Release of Information
*Health outcomes and quality improvement projects performed with data from the Nebraska Medicine enterprise may be exempt from IRB review and approval but publication of those results will require IRB approval. Any questions should be directed to the IRB, and questions of ethical access to the data to specific individuals or groups can be referred to the privacy officer or IRB.
*Research with PHI generated within Nebraska Medicine or other UNMC affiliated entities or received by UNMC from other entities. Research personnel need to follow all relevant policies for use of those records, including restrictions on sharing with any individuals that have not received human subjects training and/or authorization by IRB protocol.
*De-identified data used for research is proprietary information and should still be stored and shared safely.
*Research PHI generated by other entities and sent to UNMC. When UNMC receives data containing PHI from another or a group of institutions for the purposes of analysis or storage, such as when UNMC serves as a coordinating center for a collaboration, a multicenter trial, or UNMC conducts data analysis, PHI received should be stored securely and shared only with those individuals approved by the IRB protocol and in accordance with the business contract.
*Breach of confidentiality includes the following:  
:*Disclosure of PHI to unauthorized persons or entities not included in the Authorization for Release of Information, if requested for specific data sets OR
:*Disclosure of research results linked to human subjects to persons or entities not authorized in the Institutional Review Board (IRB) approved protocol
:*Disclosure of research results linked to human subjects to persons or entities not authorized in the Institutional Review Board (IRB) approved protocol
*Workforce members who suspect a breach of confidentiality regarding human subjects' research information shall report the breach to the IRB office and/or the Privacy Office.
*Workforce members who suspect a breach of confidentiality regarding human subjects’ research information shall report the breach to the IRB office for research data sets sent to UNMC from outside entities and/or the Privacy Office for data sets generated within Nebraska Medicine or affiliated entities.  
==Additional Information==
==Additional Information==
*UNMC Policy No. 6045, Privacy, Confidentiality and Security of Patient and Proprietary Information corresponds to Nebraska Medicine Policy IM06
*Note: Corresponds to Nebraska Medicine Policy IM06
=*Contact the [mailto:sarah.glodencarlson@unmc.edu Chief Compliance Officer], 402-559-9576, or the UNMC Compliance Office at 402-559-6767
*Contact the [mailto:sarah.glodencarlson@unmc.edu Chief Compliance Officer], 402-559-9576, or the UNMC Compliance Office at 402-559-6767
*Contact the [mailto:debrbishop@nebraskamed.com Privacy] or [mailto:libazis@nebraskamed.com Information Security] Officers  
*Contact the [mailto:debrbishop@nebraskamed.com Privacy] or [mailto:libazis@nebraskamed.com Information Security] Officers  
*Contact Human Resources – Records at 402-559-8962 or Human Resources - Employee Relations  
*Contact Human Resources – Records at 402-559-8962 or Human Resources - Employee Relations  
*Exhibit A - [https://www.unmc.edu/hipaa/policies/6045-exhibit-a-statement-of-understanding.pdf Statement of Understanding]  
*[https://www.unmc.edu/academicaffairs/_documents/compliance/Statement_of_Understanding.pdf Statement of Understanding]  
*Exhibit B - [https://www.unmc.edu/hipaa/_documents/6045-Exhibit-B-SSN-Student.docx Use of Student Social Security Number Exception]
*Exhibit B - [https://www.unmc.edu/hipaa/_documents/6045-Exhibit-B-SSN-Student.docx Use of Student Social Security Number Exception]
*Exhibit C - [https://www.unmc.edu/hipaa/_documents/6045-Exhibit-C-SSN-Employee.docx Use of Employee Social Security Number Exception]
*Exhibit C - [https://www.unmc.edu/hipaa/_documents/6045-Exhibit-C-SSN-Employee.docx Use of Employee Social Security Number Exception]
*UNMC Policy No. 1098, [https://wiki.unmc.edu/index.php/Corrective/Disciplinary_Action Corrective and Disciplinary Action
*UNMC Policy No. 1098, [https://wiki.unmc.edu/index.php/Corrective/Disciplinary_Action Corrective and Disciplinary Action]
*UNMC Policy No. 6036, [http://wiki.unmc.edu/index.php?title=Reproducing_Copyrighted_Materials Reproduction of Copyrighted Materials Policy]
*UNMC Policy No. 6036, [http://wiki.unmc.edu/index.php?title=Reproducing_Copyrighted_Materials Reproduction of Copyrighted Materials Policy]
*UNMC Policy No. 6052, [http://wiki.unmc.edu/index.php?title=Student_Training_Agreement Contract or Agreement for Student Training Policy]
*UNMC Policy No. 6052, [http://wiki.unmc.edu/index.php?title=Student_Training_Agreement Contract or Agreement for Student Training Policy]
Line 170: Line 179:
*UNMC Policy No. 8000, [[Compliance Program]]
*UNMC Policy No. 8000, [[Compliance Program]]
*UNMC Policy No. 8009, [[Contracts]]
*UNMC Policy No. 8009, [[Contracts]]
*UNMC [https://info.unmc.edu/its-security/policies/procedures/data-classification.html Data Classification Procedure]
*[http://wiki.unmc.edu/index.php?title=Privacy/Information_Security UNMC Privacy and Information Security Policies]
*[http://wiki.unmc.edu/index.php?title=Privacy/Information_Security UNMC Privacy and Information Security Policies]
*[http://wiki.unmc.edu/index.php?title=Human_Resources_-_Procedures UNMC Human Resources Procedures]
*[http://wiki.unmc.edu/index.php?title=Human_Resources_-_Procedures UNMC Human Resources Procedures]
Line 175: Line 185:
*[https://info.unmc.edu/its-security/policies/plan.html Information Security Plan]
*[https://info.unmc.edu/its-security/policies/plan.html Information Security Plan]
*[http://www.unmc.edu/hipaa/_documents/telehealth-final.pdf Telehealth Procedures]
*[http://www.unmc.edu/hipaa/_documents/telehealth-final.pdf Telehealth Procedures]
*[http://www.unmc.edu/media/compliance/privacy_incident_response_and_breach_notification_procedures.pdf Privacy Incident Response and Breach Notification Procedures]
*[https://www.unmc.edu/hipaa/_documents/privacy-incident-response-and-breach-notification-procedures.pdf Privacy Incident Response and Breach Notification Procedures]
*[https://nebraska.edu/site-information.html?redirect=true Copyright and Disclaimer]
*[https://nebraska.edu/offices-policies/general-counsel/practice-areas/intellectual-property Copyright and Disclaimer]
*[https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information Procedures]
*[https://info.unmc.edu/its-security/policies/procedures/destruction-confinfo.html Destruction of Private and Confidential Information Procedures]
*[http://wiki.unmc.edu/index.php?title=Informed_Consent_for_UNMC_Media_Production_and_Distribution_Procedures Procedures for Obtaining Informed Consent for UNMC Audio-Visual Media Production and Distribution]
*[http://wiki.unmc.edu/index.php?title=Informed_Consent_for_UNMC_Media_Production_and_Distribution_Procedures Procedures for Obtaining Informed Consent for UNMC Audio-Visual Media Production and Distribution]
Line 187: Line 197:
*Nebraska Free Flow of Information Act (§ 20-144, 20-145, 20-146, 20-1470)
*Nebraska Free Flow of Information Act (§ 20-144, 20-145, 20-146, 20-1470)
*[http://nebraskalegislature.gov/laws/laws.php Nebraska Rev. Statutes] § 84-712, 84-712.01, 84-712.02, 84-712.03, 84-712.04, 84-712.05, 84-712.06, 84-712.07, 84-712.08, 84-712.09
*[http://nebraskalegislature.gov/laws/laws.php Nebraska Rev. Statutes] § 84-712, 84-712.01, 84-712.02, 84-712.03, 84-712.04, 84-712.05, 84-712.06, 84-712.07, 84-712.08, 84-712.09
*[http://www.nebraska.edu/bylaws-and-policies.html Board of Regents Bylaws and Policies]
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-bylaws.pdf?la=en Board of Regents Bylaws]
*[http://www.nebraska.edu/docs/president/16%20Responsible%20Use%20of%20Computers%20and%20Info%20Systems.pdf Executive Memorandum No. 16, Responsible Use of Information Resources, Technology and Networks]
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-policies.pdf?la=en Board of Regents Policies]
*[https://nebraska.edu/docs/president/22%20Public%20Record%20Requests.pdf Executive Memorandum No. 22, Public Record Requests]
*[https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/policy-for-responsible-use-of-university-computers-and-information-systems.pdf Executive Memorandum No. 16, Policy for Responsible Use of University Computers and Information Systems]
*[https://nebraska.edu/docs/president/26%20Information%20Security%20Plan%20%28GLB%20Compliance%29.pdf Executive Memorandum No. 26, Information Security Plan]
*[https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/public-records-request.pdf Executive Memorandum No. 22, Public Record Requests]
*[https://nebraska.edu/docs/president/27%20HIPAA%20Compliance.pdf Executive Memorandum No. 27, HIPAA Compliance Policy]
*[https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/university-of-nebraska-information-security-plan.pdf Executive Memorandum No. 26, Information Security Plan - Gramm Leach Bliley Compliance]
*[http://www.unmc.edu/com/about/gme/gme-housestaff.pdf University of Nebraska Residency Program Policies and Procedures]
*[https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/hipaa-compliance-policy.pdf Executive Memorandum No. 27, HIPAA Compliance Policy]
*[https://www.unmc.edu/com/about/gme/housestaffmanual.pdf University of Nebraska Affiliated Hospital House Staff Manual 2018 – 2019]
*[https://www.unmc.edu/vcr/about/research-handbook-web.pdf Research Handbook]
*[https://www.unmc.edu/vcr/about/research-handbook-web.pdf Research Handbook]
*[http://www.unmc.edu/irb/ Institutional Review Board Guidelines]
*[http://www.unmc.edu/irb/ Institutional Review Board Guidelines]
*[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf NIST 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations]  
*[https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations]  
*[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST 800-53 Security and Privacy Controls for Federal Information Systems and Organizations - Moderate Standards]  
*[https://csrc.nist.gov/publications/detail/sp/800-53/rev-4/final Security and Privacy Controls for Federal Information Systems and Organizations]  
 


This page maintained by [mailto:dpanowic@unmc.edu dkp].
This page maintained by [mailto:dpanowic@unmc.edu dkp].

Navigation menu