Current through Register 71, No. 45, November 7, 2024
Rule 29-3002 - DATA-SHARING AGREEMENT BETWEEN AGENCIES3002.1A District Agency seeking to use another District Agency's HHSI or seeking to disclose HHSI to another District Agency shall, consistent with the District-wide HIPAA Policy, enter into a data-sharing agreement (Agreement). Any Agency or Provider seeking to enter into an Agreement must follow any applicable Agency or Provider HIPAA policies and procedures.
3002.2At a minimum, the Agreement shall include the following information:
(a) The legal authority which authorizes the sharing of HHSI between the two Agencies including the Act's legal citation;(b) A listing of the specific HHSI each Agency is requesting from the other along with a statement of the Agency's purpose for requesting each piece of HHSI on that list, which shall be limited to the minimum amount of HHSI necessary to accomplish the purpose of the disclosure;(c) A provision stating that the requested HHSI shall be safeguarded and protected from improper access, use, or dissemination in accordance with the Act, and any other applicable District and Federal laws;(d) A provision stating that any unlawful use or disclosure of HHSI shall be subject to penalties outlined in the Act, and any other applicable District and Federal laws;(e) Procedures for notifying an Agency of an actual or suspected unauthorized access, use, or dissemination of the HHSI.D.C. Mun. Regs. tit. 29, r. 29-3002
As amended by Final Rulemaking published at 61 DCR 8497 (August 15, 2014)Authority: Section 108 of the Data-Sharing and Information Coordination Amendment Act of 2010 (Act), effective December 4, 2010 (D.C. Law 18-273; D.C. Official Code § 7-248 (2012 Repl.)), and Mayor's Order 2011-169, dated October 5, 2011.