§ 23-6.3-8. Protection of records.
(a) Providers of health care, public health officials, and any other person who maintains records containing information on HIV test results of individuals are responsible for maintaining full confidentiality of this data and shall take appropriate steps for their protection, including:
(1) Keeping records secure at all times and establishing adequate confidentiality safeguards for any records electronically stored;
(2) Establishing and enforcing reasonable rules limiting access to these records; and
(3) Training persons who handle records in security objectives and technique.
(b) The department shall evaluate reports of HIV/AIDS for completeness and potential referrals for service. All case reports shall be kept in a confidential and secure setting. An HIV/AIDS policy and protocol for security shall be developed and implemented by the department for this purpose.
(c) The department shall evaluate its procedures for HIV/AIDS reporting on a continuous basis for timeliness, completeness of reporting, and security of confidential information.
(d) The department shall develop a protocol that shall be in accordance with the most recent recommendations of the CDC's Guidelines for National Human Immunodeficiency Virus Case Surveillance, including monitoring for Human Immunodeficiency Virus infection and Acquired Immunodeficiency Syndrome, pertaining to patient records and confidentiality; provided, however, that in no event shall the protocol be less protective than that required by state law.
(e) All reports and notifications made pursuant to this section shall be confidential and protected from release except under the provisions of law. Any person aggrieved by a violation of this section shall have a right of action in the superior court and may recover for each violation.
(P.L. 2009, ch. 196, § 1; P.L. 2009, ch. 289, § 1.)