§ 130A‑374.  Security of health data.

(a) Medical records of individual patients shall be confidential and shall not be public records open to inspection. The State Center for Health Statistics may disclose medical records of individual patients which identify the individual described in the record only if:

(1) The individual described in the medical record has authorized the disclosure; or

(2) The disclosure is for bona fide research purposes. The Commission shall adopt rules providing for the use of the medical records for research purposes.

(b) The State Center for Health Statistics shall take appropriate measures to protect the security of health data collected by the Center, including:

(1) Limiting the access to health data to authorized individuals who have received training in the handling of this data;

(2) Designating a person to be responsible for physical security; and

(3) Developing and implementing a system for monitoring security. (1983, c. 891, s. 2.)