|Office of Information Technology (OIT)|
IT Security - Inter-connection Security AgreementsInterconnection security agreements (ISAs) identify and implement information security safeguards and responsibilities required for the establishment of a system interconnection between the IHS network and a third-party network. Federal law requires an ISA to be submitted and approved prior to accessing any federal information resource.
ISAs are implemented at the national, area, or facility level. Partners conducting business with a single facility should have an agreement with the local area and/or facility. Partners with national contracts, or separate contracts operating within many different IHS areas, should have a national agreement with the IHS Office of Information Technology.
Business Partner Interconnection Security Agreement (BPISA)This agreement defines procedures of reciprocal cooperation and coordination between IHS and a business partner. This type of agreement is required if the business entity has direct access to IHS information resources (e.g., ability to log in to the IHS network directly, or through a VPN connection).
Tribal Interconnection Security Agreement (TISA)This agreement defines procedures of reciprocal cooperation and coordination between IHS and a tribal-entity. "All Tribal IT or Urban IT systems that will be connected to the IHS network, regardless of the nature of the connection, require… an ISA to be submitted and approved prior to activation of the connection." Indian Health Manual, Part 8 Chapter 15
Data Exchange Agreement (DEA)This agreement is used when sharing or exchanging sensitive IHS information and/or data (e.g., financial, protected health information, or other IHS records) without connecting to the IHS network.