Requires a 2003 report to the legislature including recommendations on identification of systems to protect confidential personal and medical information of patients for whom electronic prescriptions are issued.
Agencies must establish rules for persons involved in the design, development, operation, disclosure, or maintenance of records containing personal information. Agencies must instruct persons involved as to the established rules and the requirements of this chapter.
Each agency shall establish appropriate and reasonable administrative, technical, and physical safeguards to ensure compliance with the IPA, to ensure the security and confidentiality of records, and to protect against anticipated threats or hazards to security.
Each agency shall either adopt regulations or publish guidelines specifying procedures to be followed in order fully to implement the rights set forth in the IPA.
When customer records that contain personal information (including medical information) are no longer to be retained, a business shall take all reasonable steps to dispose of the records by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.
An employer that receives medical information shall establish appropriate procedures such as instruction to employees and security systems to ensure the confidentiality and protection from unauthorized use and disclosure of that information.
The Department of Managed Health Care may require fingerprint images and associated information from a prospective employee whose duties would include access to medical information; employees of contractors reviewing medical information shall be subject to criminal record background checks.
After the coroner's investigation or inquest has terminated, the court shall order the records of confidential communications of deceased person to be sealed as necessary to protect the confidentiality of the decedent's medical or mental health information
