The department shall protect the security of identifiable health data by use of the following measures and any other measures adopted by rule:
- (1) limit access to identifiable health data to authorized individuals who have received training in the handling of such data;
- (2) designate a person to be responsible for physical security;
- (3) develop and implement a system for monitoring security; and
- (4) review periodically all identifiable health data to determine whether identifying characteristics should be removed from the data.
Renumbered and Amended by Chapter 306, 2023 General Session