OAR 407-014-0305
Definitions

For purpose of these rules, the following terms have definitions set forth below. All other terms not defined in this section shall have the meaning used in the Health Insurance Portability and Accountability Act (HIPAA) security rules found at 45 CFR § 164.304:

(1)

“Access” means the ability or the means necessary to read, communicate, or otherwise use any Department information asset.

(2)

“Access control process” means Department forms and processes used to authorize a user, identify their job assignment, and determine the required access.

(3)

“Client records” means any client, applicant, or participant information regardless of the media or source, provided by the Department to the user, or exchanged between the Department and the user.

(4)

“Department” means the Department of Human Services.

(5)

“Incident” means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of any network and information system or Department information asset including but not limited to unauthorized disclosure of information, failure to protect user’s identification (ID) provided by the Department, or theft of computer equipment that uses or stores any Department information asset.

(6)

“Information asset” means any information, also known as data, provided through the Department, regardless of the source or media, which requires measures for security and privacy of the information.

(7)

“Network and information system” means the State of Oregon’s computer infrastructure which provides personal communications, client records and other sensitive information assets, regional, wide area and local area networks, and the internetworking of various types of networks on behalf of the Department.

(8)

“Organization” means any entity authorized by the Department to access a network and information system or information asset.

(9)

“User” means any individual authorized by the Department to access a network and information system or information asset.

Source: Rule 407-014-0305 — Definitions, https://secure.sos.state.or.us/oard/view.action?ruleNumber=407-014-0305.

407‑014‑0000
Definitions 407‑014‑0010
Purpose 407‑014‑0015
Information Governed by the HIPAA Privacy Rules 407‑014‑0020
Uses and Disclosures of Client or Participant Protected Information 407‑014‑0030
Client Privacy Rights 407‑014‑0040
Minimum Necessary Standards 407‑014‑0050
Business Associate 407‑014‑0060
Uses and Disclosures of Protected Information for Research Purposes 407‑014‑0070
De-identification of Client Information and Use of Limited Data Sets under Data Use Agreements 407‑014‑0200
Confidentiality and Inadmissibility of Mediation Communications 407‑014‑0205
Confidentiality and Inadmissibility of Workplace Interpersonal Dispute Mediation Communications 407‑014‑0300
Scope 407‑014‑0305
Definitions 407‑014‑0310
Information Access 407‑014‑0315
Security Information Assets 407‑014‑0320
User Responsibility

Last Updated

Jun. 8, 2021

Rule 407-014-0305’s source at or.us

Stay Connected

Join thousands of people who receive monthly site updates.

Get Legal Help

The Oregon State Bar runs a service for finding an attorney in good standing. Initial consultations are usually free or discounted: Lawyer Referral Service

Committed to Public Service

We will always provide free access to the current law. In addition, we provide special support for non-profit, educational, and government users. Through social entrepreneurship, we’re lowering the cost of legal services and increasing citizen access.

Navigate

California:	Codes
Colorado:	C.R.S.
Nevada:	NRS
New York:	Laws
Oregon:	OAR, ORS
Texas:	Statutes
World:	Rome Statute, International Dictionary

Location: https://oregon.public.law/rules/oar_407-014-0305

Original Source: Rule 407-014-0305 — Definitions, https://secure.sos.state.or.us/oard/view.action?ruleNumber=407-014-0305 (last accessed Jun. 8, 2021).

OAR 407-014-0305 Definitions

(1)

(2)

(3)

(4)

(5)

(6)

(7)

(8)

(9)

OAR 407-014-0305
Definitions