CDA Contractor and its Subcontractors/Vendors or other business associates performing work for CDA on or off CDA’s work site.
Unauthorized access, acquisition, use or disclosure of hardcopy or electronic data that compromises the security, confidentiality, or integrity of personal information (PI) maintained by CDA’s authorized users.
Consists of the following CDA employees who are responsible for responding to an incident and a breach of PI or protected health information in the most expeditious and efficient manner possible:
Member of CDA’s IRT who is responsible for managing a particular security incident.
Information maintained, collected, accessed, or stored by CDA or its authorized user which identifies or describes an individual. PI includes but is not limited to:
Information maintained, collected, accessed, or stored by CDA or its authorized users which includes individually identifiable health information that is maintained or transmitted electronically or by any other form or medium.
PHY includes but is not limited to:
A CDA authorized user who has first-hand knowledge of a security incident and completes a Security Incident Report (CDA 1025) and any other applicable reporting requirements.
An occurrence involving a CDA authorized user that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures or acceptable use policies.