Technical safeguards : Access control. Implement technical policies and procedures to restrict access to protected electronic health information to authorized persons
A clinic, health facility, home health agency, or hospice licensed under the Health and Safety Code shall prevent unlawful or unauthorized access to, and use or disclosure of, patients' medical information.
Any health care provider choosing to use an electronic recordkeeping system shall develop and implement policies to include safeguards for confidentiality and unauthorized electronic access.
Any school district, including any county office of education or superintendent of schools, may participate in an interagency data information system that permits access to a computerized database system within and between governmental agencies or districts as to information or records which are nonprivileged, and where release is authorized as to the requesting agency under state or federal law or regulation, if each of the following requirements are met: (1) Each agency and school district shall develop security procedures or devices by which unauthorized personnel cannot access data contain
All information collected for the Parkinson's disease incidence program is confidential, unless otherwise provided in this section. Before disclosing information, the person or entity requesting confidential information must agree in writing to maintain the confidentiality of the information. Disclosure of information should be limited to the stated purpose of the request and only used for such purpose. The Department of Health Services must maintain a record of persons given access to confidential information.
