PURPOSE: This rule requires local public health agencies to establish confidentiality policies and procedures which are as stringent as Missouri Department of Health (MDOH) policies and procedures for information obtained for reporting of communicable, environmental and occupational diseases. It also requires establishment of security policies and procedures for access to MDOH information systems. (1) Local public health agencies shall adopt and abide by confidentiality policies and procedures which are as stringent as Missouri Department of Health (MDOH) policies and procedures for information obtained for the reporting of communicable, environmental and occupational diseases defined in 19 CSR 20-20.020. (2) Such information may be used only for investigation to determine the source of exposure and/or potential for spread; follow-up screening to monitor disease, exposure status, or communicability; counseling and patient education regarding the disease or condition and its prevention; administration of immunizations and/or prophylactic medications to the case or contacts; isolation and/or restriction of the client's or contact's activities; environmental assessment and other activities undertaken to eliminate the source of exposure; or epidemiologic analysis to determine trends in incidence, prevalence, treatment, disease progression, and/or risk factors associated with diseases. (3) Local public health agencies shall forward reports to MDOH in accordance with 19 CSR 20-20.020. Otherwise, such information shall be released only in a statistical aggregate form that precludes and prevents the identification of an individual, physician, or medical facility except when such release is specifically authorized by law. (4) Local public health agencies that access MDOH information systems shall establish security policies and procedures which are as stringent as MDOH policies and procedures to protect information systems against unauthorized data disclosure, modification, or destruction and to protect the integrity of the information system. Local public health agencies and employees who use MDOH information systems to perform their duties shall abide by MDOH policies and procedures for access to and use of information systems. (5) Local public health agencies shall provide comprehensive training to employees on confidentiality and security policies, laws, and the administrative, civil, and criminal penalties for violations. Local public health agencies shall monitor employees to assure compliance with confidentiality laws, rules, policies and procedures. Local public health agencies shall immediately report to MDOH any breaches of confidentiality and security as specified by MDOH policy. (6) Contractors performing work for MDOH or local public health agencies that involves access to information obtained for the reporting of communicable, environmental and occupational diseases shall be required, through their contracts, to abide by sections (1)-(5) of this rule.
AUTHORITY: sections 191.656, 192.006, 701.328, RSMo Supp. 1998 and 167.183, 192.020, 192.067 and 192.802, RSMo 1994.* Original rule filed Aug. 4, 1999, effective Jan. 30, 2000.
*Original authority: 167.183, RSMo 1992; 191.656, RSMo 1988, amended 1992, 1993, 1996; 192.006, RSMo 1993, amended 1995; 192.020, RSMo 1939, amended 1945, 1951; 192.067, RSMo 1988; 192.802, RSMo 1992; and 701.328, RSMo 1993, amended 1998.