Statutes, codes, and regulations
Maryland Administrative code
Title 10 - MARYLAND DEPARTMENT OF HEALTHPart 3Subtitle 10 - LABORATORIES
Chapter 10.10.11 - Biological Agents Registry Program
Section 10.10.11.23 - Trusted Partner Agreement

Md. Code Regs. 10.10.11.23

Download
PDF
Current through Register Vol. 51, No. 25, December 13, 2024
Section 10.10.11.23 - Trusted Partner Agreement
A. Requirement. The Department may not share BAR information with a person until the person becomes a trusted partner by entering into a trusted partner agreement, using the form developed by the Department.
B. The Department shall develop and use a trusted partner form that contains, as applicable, separate clauses that:
(1) Establish the length of time that the trusted partner agreement is in effect;
(2) Address that confidentiality will survive the termination, expiration, or cancellation of the trusted partner agreement and state that the trusted partner:
(a) May not use BAR information in a way that is detrimental to the Department;
(b) Shall keep BAR information confidential;
(c) Shall limit disclosure of BAR information only:
(i) To individuals with a legitimate need in performance of the individuals' duties; and
(ii) On a need-to-know basis as prescribed by this chapter; and
(d) Shall employ security policies that:
(i) Protect the confidentiality of BAR information; and
(ii) Prevent improper disclosures or access to BAR information;
(3) Require the trusted partner to notify the Department whenever the trusted partner discloses BAR information as allowed by this chapter;
(4) Warrant and represent that the trusted partner is in compliance with all applicable State and federal laws and regulations regarding BAR information;
(5) Require the trusted partner to execute a trusted partner agreement that upholds the standards and requirements in the trusted partner agreement that the trusted partner has with the Department;
(6) Require the trusted partner to notify the Department when there is:
(a) An improper or unauthorized:
(i) Disclosure of BAR information; or
(ii) Access to BAR information;
(b) A misuse of BAR information;
(c) A computer information system compromise that affects BAR information; or
(d) An authorized release of BAR information as set forth in this chapter;
(7) Address corrective action by stating:
(a) The steps necessary to prevent any further unauthorized disclosure and misuse of BAR information;
(b) That the trusted partner shall maintain an incident log of all unauthorized disclosures and misuse of BAR information; and
(c) That the trusted partner shall send a copy of incident log entries to the BAR Program;
(8) Require the trusted partner to:
(a) Return the BAR information that was provided to the trusted partner; and
(b) Exercise due diligence to destroy all material based on BAR information in a manner that renders nonidentifiable all documents, memoranda, notes, or other writings created or prepared by or for the trusted partner or BAR information custodian;
(9) Require the trusted partner to make available on demand to the Department all policies and procedures relevant to safeguarding BAR information;
(10) Address the authority of the individuals signing the trusted partner agreement that state that:
(a) The individuals signing the trusted partner agreement have the right and authority to execute the agreement on behalf of their respective entity; and
(b) No further approvals are necessary to make the trusted partner agreement binding;
(11) State that the trusted partner agreement is the entire agreement between the Department and the trusted partner;
(12) State that the trusted partner agreement may not be amended, except as agreed to by the Department in writing;
(13) State that no provision or clause in the trusted partner agreement may be waived unless approved in writing by the Department;
(14) Identify the individual designated by the trusted partner and authorized by the Department to receive, maintain, and if provided by this chapter, release BAR information;
(15) Attest that the BAR information custodian has the trusted partner's agency clearance to receive BAR information;
(16) Address a trusted partner's security policy that states the:
(a) Value of BAR information;
(b) Protection responsibilities; and
(c) Organizational commitment for a system to protect the integrity, confidentiality, and availability of BAR information; and
(17) State that if a provision, section, subsection, sentence, clause, or phrase of the trusted partner agreement is held invalid, the remaining portions of the trusted partner agreement remain valid.

Md. Code Regs. 10.10.11.23