NAVY - BUMED 5239.2
(BUMED-M09B6) PROTECTION OF SENSITIVE, PROTECTED HEALTH INFORMATION (PHI), AND PERSONALLY IDENTIFIABLE INFORMATION (PII) DATA AT REST (DAR) ON MOBILE COMPUTING AND PORTABLE STORAGE DEVICES
| Organization: | NAVY |
| Publication Date: | 8 November 2007 |
| Status: | active |
| Page Count: | 6 |
scope:
Aplicability and Scope
Applies to all Navy Medicine personnel, including contractors and volunteers.
Applies to all mobile computing devices, including, but not limited to, commercial mobile device, as define in reference (A) through (O).
Applies to any portable storage device that is easily removable and stores data that can be connected to a Navy Medicine network, workstation, or other computing device via cable, universal serial bus (USB), Firewire (IEEE 1394), I-Link, infrared, radio frequency, personal computer memory card international association (PCMCIA), or any other external connection that would allowed data to be transferred and removed, per reference (k). Examples of portable device include, but are nit limited to zip drives, floppy diskettes, recordable and re-writeable compact disks (CD), recordable and re-writeable digital video disks (DVD), USB flash digital media devices (thumb drives), memory sticks/cards, pc cards storage devices of all types, and mini external hard drives.
Purpose
To establish Navy Medicine policy to protect PHI and PII DAR on mobile computing and portable storage device consistent (a) through (o).
To specify the encryption, certification and accriditation parameters to ensure security of the Navy Medicine DAR environtment, including mobile devices.
To assign responsibilities within Navy Medicine for the evaluation, registration and implementation of secure DAR solution in protecting Sensitive data, which includes PII and PHI.
To enhance the enterprise network capabilities of Navy Medicine through secure application of commercial, standard-based DAR device, services, and technologies
To establish an incident reporting process in the event of lost, stolen, or compromised Sensitive data. Lost, stolen or compromised Sensitive data means actual or possible lost of control, unauthorised disclosure, or unauthorised access of Sensitive data where persons other than authorised users gain access or potential access to such information for other than authorised purpose where one or more indindividuals will be adversely affeted. such incident are also known as breaches.
Document History
