CYCIS: A Child and Youth Centered Information System. Phase II: System Design. Volume V: Security and Privacy Manual

摘要

The establishment and implementation of the Child and Youth Centered Information System (CYCIS) is contingent upon acceptance of the principles and procedures equivalent to those set forth in the security and privacy manual. These principles and procedures are required to insure the integrity of recorded information and prevent the misuse of CYCIS records, to minimize the potential threats to privacy which are inherent in any recordkeeping system, and to assure the maximum possible confidentiality of individually identifiable recorded information. The agencies having legitimate access to CYCIS data are defined. Also discussed are the agencies allowed to enter information on the CYCIS record and the authority mechanisms and procedures for release of CYCIS information. External security encompasses the mechanisms and procedures used in protecting and maintaining the confidentiality of child data in all areas exterior to the computer system itself. The following elements of external security are discussed: physical security, employee security, coding of client name, separation of identifiable data, security contract with an operational group, backup and restart procedures, external file labels, provisions to prosecute violators of security and privacy, user and system audits, and hard copy destruction. Internal security measures are specific computer software - designed safeguards that help protect the security and privacy of CYCIS records. The following internal security measures are discussed: internal file labels, coded file keys, limited run cycles, expungement of data, historical one - way algorithm, and real - time systems security measures (user passwords, terminal identification, and cryptography). All records created and used in providing youth services should employ these principles and procedures to insure confidentiality of information.