216.2927 Types of data not to be published, released, or subject to inspection -- Public-use data agreements and privacy rules -- Confidentiality of raw data -- Penalty for violation.
Loading PDF...
Penalty for violation. (1) The following types of data shall be deemed as relating to personal privacy and, except by court order, shall not be published or otherwise released by the cabinet or
its staff and shall not be subject to inspection under KRS 61.870 to 61.884:
(a) Any data, summary of data, correspondence, or notes that identify or could be used to identify any individual patient or member of the general public, unless
the identified individual gives written permission to release the data or
correspondence; (b) Any correspondence or related notes from or to any employee or employees of a provider if the correspondence or notes identify or could be used to identify
any individual employee of a provider, unless the corresponding persons grant
permission to release the correspondence; and (c) Data considered by the cabinet to be incomplete, preliminary, substantially in error, or not representative, the release of which could produce misleading
information. (2) Health-care providers submitting required data to the cabinet shall not be required to obtain individual permission to release the data, except as specified in subsection
(1) of this section, and, if submission of the data to the cabinet complies with
pertinent administrative regulations promulgated pursuant to KRS Chapter 13A,
shall not be deemed as having violated any statute or administrative regulation
protecting individual privacy. (3) (a) No less than sixty (60) days after the annual report or reports are published and except as otherwise provided, the cabinet shall make all aggregate data
which does not allow disclosure of the identity of any individual patient, and
which was obtained for the annual period covered by the reports, available to
the public. (b) Persons or organizations requesting use of the data shall agree to abide by a public-use data agreement and by HIPPA privacy rules referenced in 45
C.F.R. Part 164. The public-use data agreement shall include, at a minimum, a
prohibition against the sale or further release of data, and guidelines for the
use and analysis of the data released to the public related to provider quality,
outcomes, or charges. (c) Single copies of the printed data shall be made available to individuals at no cost. The cabinet may impose a fee for providing electronic or multiple
printed copies of the data. At least one (1) printed and one (1) electronic copy
of the aggregate data shall be provided without charge to the Legislative
Research Commission. (d) The Health Services Data Advisory Committee shall review at least annually current protocols related to the release of data under this subsection and shall
make recommendations to the cabinet advisory committee established under
KRS 216.2923. Page 2 of 2 (4) Collection of data about individual patients shall be in a nonidentifying numeric form and shall not include a patient's name or Social Security number. Any person
who receives information identifying a patient through error or any other means
shall return all copies of the information immediately. (5) All data and information collected shall be kept in a secure location and under lock and key when specifically responsible personnel are absent. (6) Only designated cabinet staff shall have access to raw data and information. The designated staff shall be made aware of their responsibilities to maintain
confidentiality. Staff with access to raw data and information shall sign a statement
indicating that the staff person accepts responsibility to hold that data or identifying
information in confidence and is aware of penalties under state or federal law for
breach of confidentiality. Data which, because of small sample size, breaches the
confidence of individual patients, shall not be released. (7) Any employee of the cabinet who violates any provision of this section shall be fined not more than five hundred dollars ($500) for each violation or be confined in
the county jail for not more than six (6) months, or both, and shall be removed and
disqualified from office or employment. Effective: July 15, 2008
History: Amended 2008 Ky. Acts ch. 71, sec. 3, effective July 15, 2008. -- Amended 1996 Ky. Acts ch. 371, sec. 28, effective July 15, 1996. -- Created 1994 Ky. Acts
ch. 512, Pt. 2, sec. 9, effective July 15, 1994. Legislative Research Commission Note (7/15/2008). The internal numbering of subsection (3) of this section has been altered by the Reviser of Statutes from the
numbering in 2008 Ky. Acts ch. 71, sec. 3, under the authority of KRS 7.136.