Data Classification Policy Template
The Hawaii Health Information Corporation has a good data classification policy template here.
A very helpful part of this template is the classification labels section. Here’s an excerpt:
CLASSIFICATION LABELS
Public: This classification applies to information that is available to the general public and intended for distribution outside the organizations. This information may be freely disseminated without potential harm. Examples include product and service brochures, advertisements, job opening announcements, and press releases.
For Internal Use Only: This classification applies to all other information that does not clearly fit into the other classifications. The unauthorized disclosure, modification or destruction of this information is not expected to seriously or adversely impact the organization, its patients, its employees, or its business partners. Examples include the company telephone directory, new employee training materials, and internal policy manuals.
Confidential: This classification applies to information that is intended for use within the organization. Its unauthorized disclosure could adversely impact the organization, its patients, its employees and its business partners. Information that some people would consider private is included in this classification. Examples include medical information (except that which is restricted confidential), patient medical charts, appointment schedules, patient account records, department financial data, purchasing information, vendor contracts.
Restricted Confidential: This classification applies to the most sensitive medical and business information that is intended strictly for use within the organization. Its unauthorized disclosure could seriously and adversely impact the organization, its patients, its employees and its business partners. For example, statutorily protected medical information such as, mental health treatment, HIV testing, sexually transmitted diseases, abortion, and alcoholism or substance abuse treatment data. Other examples are merger and acquisition documents, corporate level strategic plans, and litigation strategy memos.
An archive of the template is here: Data Classification Policy Template
Check it out!