Skip to main content

Search

We are excited to announce the launch of updated product names, logos, and headers within our user interfaces as part of the CivicPlus® Solution Rebranding initiative. These changes mark the first step toward creating a cohesive and seamless user experience across all solutions in our portfolio. As part of this transition, users may notice minor design updates. While the functionality you rely on remains unchanged, we are in the process of updating screenshots and other resources on our Help Centers to reflect the new branding. We appreciate your patience and understanding as we work to complete these updates.

Document Security Levels

  • Updated:

Document Management allows you to create Standard or Secure Document Types. The Document Security Level cannot be changed once it has been set.

 

Standard Documents

The Standard Document Type is not encrypted and should not be used for soliciting or storing any sensitive personally identifiable information (SPII).

 

Secure Documents

Files uploaded to Secure Document Types will be encrypted and only those specified on the activity or Facility will be able to manage them. The Secure Document Type allows for collecting both PII and SPII, with the exceptions of PHI and CHD, which may not be collected in Recreation Management documents. For this reason, do not request credit card or debit card information on any documents and do not use Recreation Management document management to collect patient information concerning the provision of healthcare if you are a HIPAA-covered entity or Business Associate of a HIPAA-covered entity.

 

  • AES 256: The effective standard for the Federal Government established by the National Institute of Standards and Technology (NIST). It is a high performant and requires few resources.
  • Encryption Key Management: Using Azure Key Vault ensures that we can securely store the encryption keys, and limit access to the keys. Azure Key Value uses FIPS 140-2 Level 2 validated hardware security modules.
    • For the HCMS, there is 1 encryption key per HCMS app, and that encryption key is stored in a separate key vault, apart from the encrypted items.
    • We also encrypt portions of the encryption access logs including IP address.
  • Data: Data and files uploaded will be encrypted in transit and at rest.

 

Examples of data that can be collected with Secure Document Types:

  • Telephone and fax numbers
  • Email addresses and physical addresses such as street addresses, zip codes, and county
  • Driver’s license number, passport number, or social security number
  • A name, including the full name of the individual, their maiden name or mother’s maiden name, and any alias they may use
  • Asset information, such as MAC address or IP, as well as other static identifiers that could consistently link a particular person
  • Information about an individual that is linked to their place of birth, date of birth, religion, activities, geographical indicators, or educational data
  • Dates directly linked to an individual, including date of birth and death
  • Bank account information
  • Medical record numbers
  • Health plan beneficiary numbers
  • Medical information such as diagnoses, treatment information, medical test results, and prescription information
  • Certificate or license numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Device identifiers and serial number
  • Biometric identifiers, including finger and voice prints

 

Guiding Principles to Mitigate Risk When Collecting PII or SPII

  • Only collect personal information if you need it and explain why any SPII being collected is required
  • Tell people what you’re going to do with their information
  • Apply appropriate safeguards to the information, such as limiting access and training employees on proper handling
  • Give people access to their personal information if they want it
  • Let people correct any wrong information
  • Get rid of information when you’re done with it

Learn more about PII, Sensitive PII, and PHI.

 

In Article Glossary

  • CHD: Cardholder Data regulated by PCI DSS
  • HIPPA: Health Insurance Portability and Accountability Act
  • IP: Internet Protocol
  • MAC: Macintosh, the line of Apple computing products
  • PHI: Protected Health Information regulated by HIPAA
  • PII: Personal Identifiable Information
  • SPII: Sensitive Personally Identifiable Information

Comments

Let us know what was helpful or not helpful about the article.

0 comments

Please sign in to leave a comment.