search

CDCgov / trusted-intermediary

Bringing together healthcare providers by reducing the connection burden.
Apache License 2.0
10 stars 5 forks source link

What data is considered sensitive and how can it be shared #1350

Open scleary1cs opened 4 days ago

scleary1cs commented 4 days ago

DevEx/OpEx

What data is considered sensitive? E.g. is the report ID sensitive? No, but there are other things that could be clarified. Document this.

Combining with: Documentation: how can we share PII and PHI? Where is it allowed? It is not allowed in Slack, Google Drive. It is allowed in Keybase, but should be deleted after use. What about our computers, Teams, Citgo/Citrix? This is a tricky conversation with our ISSO and others. The last thing we need is for Keybase to be removed and RS is still able to use it. This is a political conversation. Perhaps only select folks should pick-up this issue.

Tasks

Additional Context

Add any other context or screenshots about the work here.

jcrichlake commented 4 days ago

I think this would require clarity from someone on the product team