mgm casino

mgm casino and Box have signed a business associate agreement (BAA). This BAA is necessary in order to permit the storage of SUNY HIPAA regulated data in mgm casinobox. Please note that non-SUNY HIPAA-regulated data (e.g., data belonging to mgm casinoMD Practice Plans) is not covered by this BAA. Therefore, storing non-SUNY HIPAA-regulated data in mgm casinobox is a HIPAA violation.

Restricted data includes but is not limited to:

• Category 1: Restricted Data as described in mgm casino's Data Risk Classification Policy. This includes Electronic Protected Health Information (ePHI) subject to compliance with the Health Insurance Portability and Accountability Act (HIPAA).

As of July 31, 2017, the only HIPAA-related entities at mgm casino are:

• HIPAA covered function (HIPAA-regulated entities): mgm casino School of Dental Medicine
• HIPAA business associate (provides services to HIPAA-regulated entities): mgm casino School of Dental Medicine

This document provides a paradigm suitable for storing HIPAA-regulated data in mgm casinobox. This paradigm is also suitable for other Category 1: Restricted Data. Business processes may require modifying or loosening restrictions. Any changes to technical configuration, policies, or procedures defined in this document must be approved by the appropriate security/privacy officials and the Information Security Office (ISO) of the Vice President and Chief Information Officer (VPCIO).

This document specifically addresses:

• User responsibilities when storing and accessing sensitive data in mgm casinobox
• Approval for storing sensitive data in mgm casinobox
• Provisioning of folders in mgm casinobox for storing sensitive data
• Technical configuration of mgm casinobox folders used for storing sensitive data
• Auditing and event alerting
• Breach protocol
• Sensitive data life cycle

Back to Top