7 Alaska Admin. Code § 27.899

Current through May 31, 2024
Section 7 AAC 27.899 - Security safeguards
(a) A public health agent and other person with access to identifiable health information used or disclosed by the department, other than the individual who is the subject of the information, shall keep the information confidential. The disclosure of identifiable health information received from the department in a manner not permitted by state statute or regulation may be subject to criminal prosecution under AS 18.15.365(c) or (d).
(b) To provide adequate safeguards to protect the security of identifiable health information, the department shall
(1) maintain such information in a physically secure environment, by
(A) minimizing the physical places in which identifiable health information is used or stored; and
(B) prohibiting the use or storage of identifiable health information in places where the security of the information may likely be breached or is otherwise significantly at risk;
(2) maintain identifiable health information in a technologically secure environment;
(3) identify and limit the persons with access to identifiable health information to those who have a demonstrable need to access the information;
(4) limit the length of time that identifiable health information is used or stored to the time necessary for use of the information;
(5) eliminate unnecessary physical or electronic transfers of identifiable health information;
(6) expunge unnecessary copies of identifiable health information;
(7) assign personal responsibility for preserving the security of identifiable health information to persons who acquire, use, disclose, or store the information;
(8) provide security training to all department employees who acquire, use, disclose, or store identifiable health information;
(9) thoroughly investigate any potential or actual breaches of security concerning identifiable health information; and
(10) impose appropriate disciplinary sanctions for any breaches of security related to identifiable health information.
(c) All department employees authorized to access, acquire, use, disclose, or store identifiable health information shall execute a confidentiality statement stating that the employee has had the opportunity to read and ask questions about the provisions of AS 18.15.365 and 7 AAC 27.899 and understands their personal responsibility for preserving the security of identifiable health information.

7 AAC 27.899

Eff. 12/29/2006, Register 180

Authority:AS 18.05.040

AS 18.15.355

AS 18.15.365