LOS ANGELES COUNTY
DEPARTMENT OF MENTAL HEALTH
  Policy 555.02 Information Technology and Security
 
Policy Category:  Administrative
Distribution Level:  Directly Operated Programs and Contracted Agencies
Review and Approved by:  Chief Information Office
 
Approved by Edgar M. Soto, MBA, CSP, Administrative Deputy III, on January 21, 2020
 
I.  POLICY STATEMENTS
 
The purpose of this policy is to provide direction for the development and implementation of data security policies and procedures, and to identify data security officials and their responsibilities.
 
II.  DEFINITIONS
 
III.  POLICY
 
The Los Angeles County Department of Mental Health (DMH/Department) Chief Information Officer (CIO) is responsible for securing all electronic data, including Protected Health Information (PHI) and other confidential information, while complying with the security requirements of all applicable regulatory, compliance, and accreditation sources, including but not limited to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Medicare, and Medi-Cal.

The Departmental Information Security Officer (DISO) must develop data security policies and procedures to ensure the security of PHI and other confidential information and the hardware and systems used to obtain, utilize, and maintain such information.

All DMH Workforce Members must comply with provisions of the DMH data security policies. Any Workforce Member who fails to comply will be subject to disciplinary action in accordance with DMH Policy 605.01 and Civil Service Rule 18.031.
 
IV.  PROCEDURES
 
V.  AUTHORITIES