Code of Maine Rules
90 - INDEPENDENT AGENCIES
590 - MAINE HEALTH DATA ORGANIZATION
Chapter 120 - RELEASE OF DATA TO THE PUBLIC
Section 590-120-4 - MHDO DATA USE AGREEMENT (MHDO DUA)

A. The Data Recipient will only use the MHDO released data for the approved purposes that were specified in the data request application.

B. The Data Recipient will not release, furnish, disclose, publish or otherwise disseminate MHDO released data to any person unless authorized in writing by the MHDO.

C. The MHDO shall retain all ownership rights to the data.

D. The Data Recipient will reference the MHDO as the source of the data in all reports, publications, tables, graphs, or other products produced from the data.

E. Unless authorized in writing by the MHDO, the Data Recipient will not use the MHDO Data, or link these data to other records or data bases, if the result allows for identifying individuals.

F. MHDO Data may not be used to take legal, administrative, or other actions against individual subjects of data or to contact or assist others to contact any individual patients and/or physicians.

G. Maine law controls the confidentiality, release, and use of MHDO Data.

H. Data recipients shall be responsible for reporting any potential or actual data breaches to the MHDO. Data recipients shall indemnify MHDO for any damages resulting from a data recipient's data breach or other violation of law, and mitigate to the extent practicable, all harmful effects resulting from misuse of MHDO data.

I. MHDO shall retain rights to track any person's use of or access to MHDO Data, and to deny access to data, when in the opinion of the MHDO Executive Director that is necessary to protect the privacy, security, or integrity of the data.

J. At least twenty (20) business days prior to releasing any manuscript, report, or any other type of document or data compilation intended for dissemination or publication beyond the data recipient and that contains and/or uses MHDO Data, the Data Recipient agrees to provide the MHDO with a copy of such document. If the MHDO Data includes Cancer-Incidence Registry Data, the MHDO will forward a copy of the document to the Maine Cancer Registry. If the document contains/uses CancerIncidence Registry Data, that shall be sourced as follows: The Cancer-Incidence Registry Data was collected by the Maine Cancer Registry which participates in the National Program of Cancer Registries (NPCR) of the Centers for Disease Control and Prevention. If the MHDO determines that the manuscript, report, or any other type of document violates the MHDO DUA or does not provide adequate data suppression, the Data Recipient will be notified and must modify the report prior to its release.

K. The MHDO DUA will specify the term of use, and identify the individual responsible for ensuring compliance with the DUA and specify the people who will have access to the data.

L. MHDO DUA's shall make appropriate provision for the destruction of MHDO Data when use is complete, or when directed to by the MHDO Executive Director.

M. Data Recipients shall immediately inform the MHDO of any legal process by which third parties try to obtain access to MHDO data held by entities authorized through an approved MHDO DUA and shall not turn over any data except as permitted by MHDO.

N. MHDO may develop a memorandum of understanding and MHDO DUA with the Maine Center for Disease Control and Prevention (Maine CDC) for the ongoing release of Level I and Level II data to the Maine CDC for their purposes of conducting investigations as described in its MHDO application or evaluating the completeness or quality of data submitted to the Department of Health and Human Services disease surveillance programs.