Md. Code Regs. 09.12.22.07

Current through Register Vol. 51, No. 25, December 13, 2024
Section 09.12.22.07 - Security Procedures
A. MOSH Files.
(1) MOSH files containing personally identifiable employee medical information shall be segregated from other MOSH files.
(2) When not in active use, files containing personally identifiable employee medical information shall be kept secured in a locked cabinet or vault.
B. Except for necessary use by staff under their direct personal supervision, both the medical records officer and the principal investigator shall maintain a log of:
(1) Uses and transfers of personally identifiable employee medical information; and
(2) Lists of coded direct personal identifiers.
C. Photocopying or other duplication of personally identifiable employee medical information shall be kept to the minimum necessary to accomplish the purposes for which the information was obtained.
D. The protective measures established by this regulation apply to all:
(1) Worksheets;
(2) Duplicate copies; or
(3) Other documents containing personally identifiable employee medical information.
E. Intra-Agency Transfers.
(1) Intra-agency transfers of personally identifiable employee medical information shall be by:
(a) Hand delivery;
(b) United States mail; or
(c) An equally protective means.
(2) Inter-office mailing channels may not be used.

Md. Code Regs. 09.12.22.07