Section 23-202-10 - Confidentiality of information and records(a) The department shall create and maintain both paper and computer data files of the qualifying patients and primary caregivers to whom the department has issued registry identification certificates. The data files will include all information collected on the registration forms or equivalent information from other written documentation, the date of issue, and the expiration date. Except as provided in subsection (b), the maintained information shall be confidential and not subject to public disclosure.(b) Names and other identifying information from the data file established pursuant to subsection (a) may be released to: (1) Authorized employees of the department as necessary to perform official duties of the department, including the production of any reports of aggregate (i.e., non-identifying) data or statistics; and(2) Authorized employees of state or local law enforcement agencies when they provide a specific name or address. Information will be supplied as necessary to verify that a patient is a lawful possessor of a registry identification certificate, that a person is the designated primary caregiver of such a patient that a person has submitted an application for a registry identification certificate that is pending verification by the department, that the persons registry identification certificate was denied but the denial is being appealed or to supply optional information provided on the registration forms, or as provided in section 23-202-11.[Eff DEC 28 2000] (Auth: HRS §§ 329-31, 353C-2) (Imp: HRS §§ 329-123, 353C-2)