Businesses and Professions

CHAPTER 5-37.7
Rhode Island Health Information Exchange Act of 2008

SECTION 5-37.7-8

§ 5-37.7-8. Security.

The HIE must be subject to at least the following security procedures:

(1) Authenticate the recipient of any confidential health care information disclosed by the HIE pursuant to this chapter pursuant to rules and regulations promulgated by the agency.

(2) Limit authorized access to personally identifiable confidential health care information to persons having a need to know that information; additional employees or agents may have access to de-identified information;

(3) Identify an individual or individuals who have responsibility for maintaining security procedures for the HIE;

(4) Provide an electronic or written statement to each employee or agent as to the necessity of maintaining the security and confidentiality of confidential health care information, and of the penalties provided for in this chapter for the unauthorized access, release, transfer, use, or disclosure of this information;

(5) Take no disciplinary or punitive action against any employee or agent for bringing evidence of violation of this chapter to the attention of any person.

History of Section.
(P.L. 2008, ch. 171, § 2; P.L. 2008, ch. 466, § 2; P.L. 2009, ch. 310, § 33.)