Utah Administrative Code (Current through November 1, 2019) |
R428. Health, Center for Health Data, Health Care Statistics |
R428-2. Health Data Authority Standards for Health Data |
R428-2-5. Data Classification and Access
-
(1) Data collected by the committee are not public, and as such are exempt from the classification and release requirements specified in Title 63g, Chapter 2, Government Records Access and Management Act.
(2) Any person having access to data collected or produced by the committee or the Office under Title 26, Chapter 33a shall not:
(a) take any action that might provide information to any unauthorized individual or agency;
(b) scan, copy, remove, or review any information to which specific authorization has not been granted;
(c) discuss information with unauthorized persons which could lead to identification of individuals;
(d) give access to any information by sharing passwords or file access codes.
(3) Any person having access to data collected or produced by the committee or the Office under Title 26, Chapter 33a shall:
(a) maintain the data in a safe manner which restricts unauthorized access;
(b) limit use of the data to the purposes for which access is authorized;
(c) report immediately any unauthorized access to the Office or its designated security officer.
(4) A failure to report known violations by others is subject to the same punishment as a personal violation.
(5) The Office shall deny a person access to the facilities, services and data as a consequence of any violation of the responsibilities specified in this section.