Current through Register Vol. 43, No. 49, December 5, 2024
Section 28-67-4 - Health care data release and rerelease(a) Data and information received by the secretary and maintained in the health care database shall be used for: (1) health policy decisions; (3) consumer information; and (4) epidemiological and other public health functions necessary to protect and promote the health of the state. (b) Public use data. (1) Public use data shall be developed and compilation of data shall be made available for general distribution which shall not include: (B) social security numbers; (C) patient or client health insurance identification numbers; or (D) health care provider identifiers. (2) The board shall review and approve the content and format of these public use data and compilation formats. (3) The data and compilation shall be made public information and may be released on magnetic media or any other form. (c) Special studies and analyses. (1) Special studies and analyses may also be conducted by the secretary to: (A) assist in health policy decision-making; (B) fulfill statutory mandates for health policy or public health purposes; or (C) minimize the duplicate collection of similar data elements. (2) Prior to the release of any special studies or analyses conducted by the secretary, the board shall review all products generated and approve those not mandated by statute. (d) Persons or state agencies making requests for data or information from the database other than those from standard reports shall be required to respond to a set of questions developed by the secretary and approved by the board that defines the information needed, description of the project and the intentions for rerelease of the information. Any request which includes record identifiers, social security numbers, patient or client health insurance identification numbers or health care provider identifiers shall be specifically approved by the board. If the request indicates an appropriate use of the data according to the specifications in K.A.R. 28-67-4(a), the data shall be provided to the person making the request. The request shall be denied by the secretary if the request is not consistent with those specifications in K.A.R. 28-67-4(a). A written explanation for the denial shall be filed with the person making the request. (e) Subject to K.S.A. 65-6804(d), when compilation and special studies are generated by the secretary which identify health care providers, the health care providers shall be provided a copy of the data referencing them and given the opportunity to submit written comments to the secretary. When comments are received by the secretary within 30 days of the postmark on the notification from the secretary, such comments received shall be released with the data. (f) Data other than those provided in compilation, public domain and public use data, that includes record or health care provider identifiers may be released to persons or state agencies for research purposes. Any request for these data shall comply with K.A.R. 28-67-4(d) and be approved by the board. These data with record or health care provider identifiers shall not be rereleased by the person or state agency in any form with these identifiers that does not comply with K.A.R. 28-67-6 and approval of the board. (g) Any person or state agency may apply to the secretary for data to be used in a research study. A research protocol shall be submitted which shall include, but not be limited to: (1) a description of the proposed study; (2) the purpose of the study; (3) a description of the data elements needed for the study; (4) a description of the information medium or format requested; (5) where applicable, a statement indicating whether the study protocol has been reviewed and approved by a human subjects review board; (6) a description of data security procedures, including who shall have access to the data; and (7) a description of the proposed use and release of the data. (h) Any person or state agency requesting the data shall agree to the release, confidentiality, and security of data requirements in K.A.R. 28-67-4, K.A.R. 28-67-6 and K.A.R. 28-67-8. (i) Prior to the release of a subset of data or compilation, a statement instructing the user or reader about the meaning and significance of the data and the restrictions about redisclosure of the information shall be included. (j) A data provider may obtain data it has submitted to the database as well as aggregate data. A data provider shall not obtain data submitted by another data provider without approval from that provider. Agreement to grant access to data submitted by another provider shall be filed in writing with the secretary. (k) Unauthorized use of health care data obtained or collected under K.S.A. 65-6805 and amendments thereto by any person or state agency shall result in termination of system access and no further provision of data. (l) The board may delegate the secretary the authority to carry out any of the responsibilities granted to the board under these regulations. Kan. Admin. Regs. § 28-67-4
Authorized by and implementing K.S.A. 65-6804, as amended by L. 1994, Ch. 90, sec. 3; effective Dec. 19, 1994.