Code of Maryland Regulations
Title 10 - MARYLAND DEPARTMENT OF HEALTH
Part 3
Subtitle 10 - LABORATORIES
Chapter 10.10.11 - Biological Agents Registry Program
Section 10.10.11.23 - Trusted Partner Agreement
Universal Citation: MD Code Reg 10.10.11.23
Current through Register Vol. 51, No. 19, September 20, 2024
A. Requirement. The Department may not share BAR information with a person until the person becomes a trusted partner by entering into a trusted partner agreement, using the form developed by the Department.
B. The Department shall develop and use a trusted partner form that contains, as applicable, separate clauses that:
(1) Establish the length of time that the
trusted partner agreement is in effect;
(2) Address that confidentiality will survive
the termination, expiration, or cancellation of the trusted partner agreement
and state that the trusted partner:
(a) May
not use BAR information in a way that is detrimental to the
Department;
(b) Shall keep BAR
information confidential;
(c) Shall
limit disclosure of BAR information only:
(i)
To individuals with a legitimate need in performance of the individuals'
duties; and
(ii) On a need-to-know
basis as prescribed by this chapter; and
(d) Shall employ security policies that:
(i) Protect the confidentiality of BAR
information; and
(ii) Prevent
improper disclosures or access to BAR information;
(3) Require the trusted partner to
notify the Department whenever the trusted partner discloses BAR information as
allowed by this chapter;
(4)
Warrant and represent that the trusted partner is in compliance with all
applicable State and federal laws and regulations regarding BAR
information;
(5) Require the
trusted partner to execute a trusted partner agreement that upholds the
standards and requirements in the trusted partner agreement that the trusted
partner has with the Department;
(6) Require the trusted partner to notify the
Department when there is:
(a) An improper or
unauthorized:
(i) Disclosure of BAR
information; or
(ii) Access to BAR
information;
(b) A
misuse of BAR information;
(c) A
computer information system compromise that affects BAR information;
or
(d) An authorized release of BAR
information as set forth in this chapter;
(7) Address corrective action by stating:
(a) The steps necessary to prevent any
further unauthorized disclosure and misuse of BAR information;
(b) That the trusted partner shall maintain
an incident log of all unauthorized disclosures and misuse of BAR information;
and
(c) That the trusted partner
shall send a copy of incident log entries to the BAR Program;
(8) Require the trusted partner
to:
(a) Return the BAR information that was
provided to the trusted partner; and
(b) Exercise due diligence to destroy all
material based on BAR information in a manner that renders nonidentifiable all
documents, memoranda, notes, or other writings created or prepared by or for
the trusted partner or BAR information custodian;
(9) Require the trusted partner to make
available on demand to the Department all policies and procedures relevant to
safeguarding BAR information;
(10)
Address the authority of the individuals signing the trusted partner agreement
that state that:
(a) The individuals signing
the trusted partner agreement have the right and authority to execute the
agreement on behalf of their respective entity; and
(b) No further approvals are necessary to
make the trusted partner agreement binding;
(11) State that the trusted partner agreement
is the entire agreement between the Department and the trusted
partner;
(12) State that the
trusted partner agreement may not be amended, except as agreed to by the
Department in writing;
(13) State
that no provision or clause in the trusted partner agreement may be waived
unless approved in writing by the Department;
(14) Identify the individual designated by
the trusted partner and authorized by the Department to receive, maintain, and
if provided by this chapter, release BAR information;
(15) Attest that the BAR information
custodian has the trusted partner's agency clearance to receive BAR
information;
(16) Address a trusted
partner's security policy that states the:
(a)
Value of BAR information;
(b)
Protection responsibilities; and
(c) Organizational commitment for a system to
protect the integrity, confidentiality, and availability of BAR information;
and
(17) State that if a
provision, section, subsection, sentence, clause, or phrase of the trusted
partner agreement is held invalid, the remaining portions of the trusted
partner agreement remain valid.
Disclaimer: These regulations may not be the most recent version. Maryland may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
