Minn. Stat. § 62V.06
Subd. 1. Applicability.
MNsure is a state agency for purposes of the Minnesota Government Data Practices Act and is subject to all provisions of chapter 13, in addition to the requirements contained in this section.
Subd. 2. Definitions.
As used in this section:
Subd. 3. General data classifications.
The following data collected, created, or maintained by MNsure are classified as private data on individuals, as defined in section 13.02, subdivision 12, or nonpublic data, as defined in section 13.02, subdivision 9:
Subd. 4. Application and certification data.
(a) Data submitted by an insurance producer in an application for certification to sell a health plan through MNsure, or submitted by an applicant seeking permission or a commission to act as a navigator or in-person assister, are classified as follows:
Subd. 5. Data sharing.
(a) MNsure may share or disseminate data classified as private or nonpublic in subdivision 3 as follows:
(b) MNsure may share or disseminate data classified as private or nonpublic in subdivision 4 as follows:
Subd. 6. Notice and disclosures.
(a) In addition to the Tennessen warning required by section 13.04, subdivision 2, MNsure must provide any data subject asked to supply private data with:
Subd. 7. Summary data.
In addition to creation and disclosure of summary data derived from private data on individuals, as permitted by section 13.05, subdivision 7, MNsure may create and disclose summary data derived from data classified as nonpublic under this section.
Subd. 8. Access to data; audit trail.
(a) Only individuals with explicit authorization from the board may enter, update, or access not public data collected, created, or maintained by MNsure. The ability of authorized individuals to enter, update, or access data must be limited through the use of role-based access that corresponds to the official duties or training level of the individual, and the statutory authorization that grants access for that purpose. All queries and responses, and all actions in which data are entered, updated, accessed, or shared or disseminated outside of MNsure, must be recorded in a data audit trail. Data contained in the audit trail are public, to the extent that the data are not otherwise classified by this section.
The board shall immediately and permanently revoke the authorization of any individual determined to have willfully entered, updated, accessed, shared, or disseminated data in violation of this section, or any provision of chapter 13. If an individual is determined to have willfully gained access to data without explicit authorization from the board, the board shall forward the matter to the county attorney for prosecution.
Subd. 9. Sale of data prohibited.
MNsure may not sell any data collected, created, or maintained by MNsure, regardless of its classification, for commercial or any other purposes.
Subd. 10. Gun and firearm ownership.
MNsure shall not collect information that indicates whether or not an individual owns a gun or has a firearm in the individual's home.