1.Permitted use and disclosure to public health authorities. The organization may disclose protected health information, without an individual's authorization, to a public health authority for public health purposes mandated by state or federal law. [2013, c. 528, §10(NEW); 2013, c. 528, §12(AFF).]
2.Use by public health authority. A state or federal public health authority to which protected health information has been disclosed under subsection 1 may use that information for public health activities and may disclose that information for public health activities as allowed by state or federal law and in accordance with board rules on data release adopted pursuant to section 8714. [2013, c. 528, §10(NEW); 2013, c. 528, §12(AFF).]
3.Data use agreement. Prior to disclosing any data under subsection 1, the organization shall enter into a data use agreement with a public health authority. The agreement must include protocols that have been approved by the board for safeguarding confidential information and for ensuring there will be no disclosures of protected health information. The protocols must include appropriate accountability and notification requirements as in the business associate agreements under HIPAA. [2013, c. 528, §10(NEW); 2013, c. 528, §12(AFF).]
Added by 2014, c. 528,§ 10, eff. upon the final adoption of major substantive rules required to implement the provisions of 2014, c. 528.