Statutes, codes, and regulations
West Virginia Administrative Code
Agency 114A - Secretary Of DHHR; Insurance Commissioner; And Chair Of The Health Care AuthorityTitle 114A - LEGISLATIVE RULE DEPARTMENT OF HEALTH AND HUMAN RESOURCES AND OFFICES OF THE INSURANCE COMMISSIONER
Series 114A-02 - All-Payer Claims Database Program's Privacy and Security Rule
Section 114A-2-4 - Data Retention and Initial Use and Disclosure Privacy and Security Requirements

W. Va. Code R. § 114A-2-4

Download
PDF
Current through Register Vol. XLII, No. 1, January 3, 2025
Section 114A-2-4 - Data Retention and Initial Use and Disclosure Privacy and Security Requirements
4.1. The APCD program shall retain the data in a secure manner that prevents unauthorized access and ensures confidentiality, integrity and availability of all data transmitted to the APCD, at the levels required by the HIPAA Security and Privacy Rules, 45 CFR § 164.102et seq. and shall be encrypted per NIST Special Publication 800-111, Guide to Storage Encryption Technologies for End User Devices, November 2007, as amended or superseded.
4.2. The MOU parties shall only use the data to assess the completeness and quality of data submitters' submissions in order to determine compliance with established data reporting requirements and standards. The MOU parties shall only disclose data back to the respective data submitter, where the completeness and quality review indicates a problem with the data, and such disclosure is required to facilitate the data collection process. For purposes of this initial use, all personal identifiers shall remain encrypted and not visible to the MOU parties. Results of the completeness and quality assessments may be shared with the APCD's Advisory Board.
4.3. No additional uses or disclosures contemplated by this program shall be made until such time as the MOU parties promulgate rules specifically delineating the same.

W. Va. Code R. § 114A-2-4