LAC Department of Mental Health Public Portal

	LOS ANGELES COUNTY DEPARTMENT OF MENTAL HEALTH
	Policy 555.01 Data Security Documentation Requirements

Policy Category: Administrative

Distribution Level: Directly Operated Programs and Contracted Agencies

Responsible Party: Chief Information Office

Reviewed and Approved on November 5, 2025

I. POLICY STATEMENT

The purpose of this policy is to establish documentation requirements for data security policies and procedures in accord with standards, implementation specifications, or other requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. (45 CFR § 164.316)

Contracted agencies shall develop an internal policy and associated procedures that are consistent with their organizational practices and meet the requirements set forth in this policy.

II. DEFINITIONS

Information Technology and Security Glossary

III. POLICY

The Departmental Information Security Officer (DISO) shall maintain documentation standards and requirements of reasonable and appropriate data security policies and procedures to comply with the provisions of the HIPAA Security Rule.

IV. PROCEDURES

Procedures - Data Security Documentation Requirements

V. AUTHORITIES

Code of Federal Regulations Title 45 Section 164.316, Policies and Procedures and Documentation Requirements
Los Angeles County Board of Supervisors Policy No. 3.040, Records Management and Archive of County Records
Los Angeles County Board of Supervisors Policy No. 6.100, Information Security Policy
Los Angeles County Board of Supervisors Policy No. 6.101, Use of County Information Assets
Los Angeles County Department of Mental Health Record Retention Schedule