Md. Code Regs. 09.12.22.07 - Security Procedures
A. MOSH
Files.
(1) MOSH files containing personally
identifiable employee medical information shall be segregated from other MOSH
files.
(2) When not in active use,
files containing personally identifiable employee medical information shall be
kept secured in a locked cabinet or vault.
B. Except for necessary use by staff under
their direct personal supervision, both the medical records officer and the
principal investigator shall maintain a log of:
(1) Uses and transfers of personally
identifiable employee medical information; and
(2) Lists of coded direct personal
identifiers.
C.
Photocopying or other duplication of personally identifiable employee medical
information shall be kept to the minimum necessary to accomplish the purposes
for which the information was obtained.
D. The protective measures established by
this regulation apply to all:
(1)
Worksheets;
(2) Duplicate copies;
or
(3) Other documents containing
personally identifiable employee medical information.
E. Intra-Agency Transfers.
(1) Intra-agency transfers of personally
identifiable employee medical information shall be by:
(a) Hand delivery;
(b) United States mail; or
(c) An equally protective means.
(2) Inter-office mailing channels
may not be used.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.