Virginia Administrative Code (Last Updated: January 10, 2017) |
Title 12. Health |
Agency 5. Department of Health |
Chapter 115. Virginia Immunization Information System |
Section 50. Security
-
A. After VDH gives access to a VIIS participant, a secure connection is established between his browser and VIIS. The system is password protected.
B. Participants shall ensure that employees with authorized access do not disclose their user identification code or password to anyone, have physical security and password-enabled screen savers on computers accessing VIIS, make every effort to protect VIIS screens from unauthorized view, and log off the system whenever leaving the VIIS workstation.
C. The VIIS system, which is maintained on a secure website, shall automatically inactivate a user session after a predetermined period of inactivity. The inactivation period is determined by VITA security policy.
D. The VIIS system shall inactivate user accounts, denying access to the system when participants have not logged into the system after a predetermined period of time. This inactivation period is determined by VITA security policy. The administrator must reactivate the account.
E. There shall be a secure encrypted connection between VIIS and the participating organization sending or receiving data if data exchange is performed. The encryption process will be determined by VITA or VDH or both.
Historical Notes
Derived from Volume 31, Issue 22, eff. July 31, 2015.
Statutory Authority
§ 32.1-46.01 of the Code of Virginia.