As a result of the current Federal government funding situation, the information on this website may not be up to date or acted upon. Updates regarding government operating status and resumption of normal operations can be found at www.opm.gov . Despite the lapse in appropriations, IHS will continue to provide direct clinical health care services as well as referrals for contracted services that cannot be provided through IHS clinics. For more information on how IHS is impacted, visit: HHS Contingency Plan
Laws, Regulations & Policies
Federal regulations, public laws, and other mandates form the foundation of the IHS information security program. The major regulations to which IHS must adhere are listed below. Please note that the list is not all inclusive.
- E-Government Act of 2002: Includes the Federal Information Security Management Act of 2002 (FISMA) which provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets.
- Federal Information Processing Standards (FIPS): Required by FISMA. NIST develops standards, guidelines, and associated methods and techniques for federal computer systems.
- Health Insurance Portability and Accountability Act of 1996 (HIPAA): Designed to protect confidential healthcare information through improved security standards and federal privacy legislation.
- HIPAA Administration Simplification: Required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data.
- NIST Special Regulations: Also known as the "800 Series," it was established to provide a separate identity for information technology security publications.
- Homeland Security Presidential Directive/HSPD-12: Policy for Common Identification Standard for Federal Employees and Contractors. This directive establishes a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors.
- Homeland Security Presidential Directive/HSPD-7: Policy for Critical Infrastructure Identification, Prioritization, and Protection. This directive establishes a national policy for federal departments and agencies to identify and prioritize critical infrastructure and to protect them from terrorist attacks.
- OMB Circular, A-123, Management Accountability and Control: Implements FMFIA by providing guidance to federal managers on improving accountability and effectiveness of federal programs and operations.
- Privacy Act of 1974: Establishes a code of fair information practice that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies.
- HHS Security and Privacy Policies: Establishes department-wide information security policy for HHS and its operating divisions, including IHS.
- IHS Security and Privacy Policies: Establishes IHS-wide information security policies.