Md. Code Regs. 10.10.11.19

Current through Register Vol. 51, No. 25, December 13, 2024
Section 10.10.11.19 - BAR Information Security Standards - General
A. A trusted partner shall protect and maintain BAR information in a secure manner by limiting access only to a BAR information custodian who is:
(1) An individual designated by the trusted partner; and
(2) Authorized by the Department in a trusted partner agreement.
B. Before the Department shares BAR information with a trusted partner, the trusted partner shall:
(1) Develop, implement, and maintain administrative, physical, and technical security measures and practices to protect and safeguard the integrity, confidentiality, and availability of BAR information by managing and supervising the:
(a) Selection, execution, and use of security measures to protect BAR information; and
(b) Conduct of personnel in relation to the protection of BAR information;
(2) Assess potential risks and vulnerabilities to the BAR information in its possession using a BAR information security self-assessment checklist provided by the BAR Program; and
(3) Submit a:
(a) Completed BAR information security self-assessment; and
(b) Document verifying that the trusted partner's BAR information custodian has successfully undergone a security risk assessment as described in 42 CFR § 73.7.
C. If a BAR information custodian believes that the security of BAR information has been or is suspected to have been misused, mishandled, lost, stolen, or otherwise compromised, the BAR information custodian shall immediately notify the:
(1) BAR Program; and
(2) Individuals who signed the BAR information custodian's trusted partner agreement.

Md. Code Regs. 10.10.11.19