§ 130A-374. Security of health data.
§130A‑374. Security of health data.
(a) Medical records ofindividual patients shall be confidential and shall not be public records opento inspection. The State Center for Health Statistics may disclose medicalrecords of individual patients which identify the individual described in therecord only if:
(1) The individualdescribed in the medical record has authorized the disclosure; or
(2) The disclosure isfor bona fide research purposes. The Commission shall adopt rules providing forthe use of the medical records for research purposes.
(b) The State Centerfor Health Statistics shall take appropriate measures to protect the securityof health data collected by the Center, including:
(1) Limiting the accessto health data to authorized individuals who have received training in thehandling of this data;
(2) Designating a personto be responsible for physical security; and
(3) Developing andimplementing a system for monitoring security. (1983, c. 891, s. 2.)