) Users are accessing a New York State government information system;
) System usage may be monitored, recorded, and subject to audit;
) Unauthorized use of the system is prohibited and subject to criminal and civil penalties; and
) Use of the system indicates consent to monitoring and recording.
) Prevent unauthorized access and safeguard the confidentiality of personal/consumer data in compliance with State and Federal law, including the Health Insurance Portability and Accountability Act (HIPAA), the New York State Personal Privacy Protection Law, and the data breach provisions of the New York State Technology Law.
) The system application, associated network architecture, shared services and systems shall, at a minimum, be compliant with New York State Office of Cyber Security Policy P03-002, New York State Information Security Policy http://www.dhses.ny.gov/laws-policies/
; New York State Identity Trust Model https://www.its.ny.gov/document/identity-assurance-policy
National Institute of Standards and Technology SP 800-63 Electronic Authentication Guidance and HIPAA privacy and securities rules and regulations.