Requires a 2003 report to the legislature including recommendations on identification of systems to protect confidential personal and medical information of patients for whom electronic prescriptions are issued.
Agencies must establish rules for persons involved in the design, development, operation, disclosure, or maintenance of records containing personal information. Agencies must instruct persons involved as to the established rules and the requirements of this chapter.
Each agency shall establish appropriate and reasonable administrative, technical, and physical safeguards to ensure compliance with the IPA, to ensure the security and confidentiality of records, and to protect against anticipated threats or hazards to security.
Each agency shall either adopt regulations or publish guidelines specifying procedures to be followed in order fully to implement the rights set forth in the IPA.
When customer records that contain personal information (including medical information) are no longer to be retained, a business shall take all reasonable steps to dispose of the records by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.
Every provider of health care, health care service plan, pharmaceutical company, or contractor who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical records shall do so in a manner that preserves the confidentiality of the information contained therein.
An employer that receives medical information shall establish appropriate procedures such as instruction to employees and security systems to ensure the confidentiality and protection from unauthorized use and disclosure of that information.
The Department of Managed Health Care may require fingerprint images and associated information from a prospective employee whose duties would include access to medical information; employees of contractors reviewing medical information shall be subject to criminal record background checks.
State Registrar shall adopt regulations to assure the confidentiality of the confidential portion of the certificate of live birth and to assure the confidentiality of the confidential portion of the certificate of live birth, and access to reports
