5.2. In exercising the functions of office under section 10.1 of the Act respecting the governance and management of the information resources of public bodies and government enterprises (chapter G-1.03), the health and social services network information officer shall define, in respect of the public bodies identified in subparagraph 5 of the first paragraph of section 2 of that Act, specific rules applicable to health and social information management that pertain, among other things, to
(1) the governance framework for health and social information security management, and security guidelines;
(2) the protection of confidential or personal information contained in information assets, and the confidentiality of the unique user identification number;
(3) user and provider identity management and access authorization management with respect to information assets;
(4) the physical and logical security of infrastructures, communications security and integrated security risk management and incident management;
(5) the certification of supplier applications that allow access to health information governed by the Act respecting the sharing of certain health information (chapter P-9.0001);
(6) the categorization of information and the means of authenticating a person’s identity, in accordance with defined degrees of trust; and
(7) reporting by the persons in charge of information assets.
The specific rules come into force after being approved by the Conseil du trésor.
2012, c. 23, s. 149; 2017, c. 282017, c. 28, s. 211.