Difference between revisions of "North Carolina"

From Privacy Wiki
Jump to navigation Jump to search
(Created page with "{|class="wikitable sortable collapsible" !Name of Article !Specific Clauses or the Law !Scope !Mapping |- |75-66 (Identity Theft Protection Act) |(a) It shall be a viola...")
 
(Replaced content with "{|class="wikitable sortable collapsible" !Name of Article !Specific Clauses or the Law !Scope !Mapping |- |Identity Theft Protection Act | |Health/Genetic |§75.66-(...")
Tag: Replaced
Line 5: Line 5:
 
!Mapping
 
!Mapping
 
|-
 
|-
|75-66 (Identity Theft Protection Act)
+
|[[Identity Theft Protection Act]] 
|(a)      It shall be a violation of this section for any person to knowingly broadcast or publish to the public on radio, television, cable television, in a writing of any kind, or on the Internet, the personal information of another with actual knowledge that the person whose personal information is disclosed has previously objected to any such disclosure.
+
|
 
|Health/Genetic
 
|Health/Genetic
 
|§75.66-(a)disclosure
 
|§75.66-(a)disclosure
 
|-
 
|-
|N.C. Gen. Stat. §58-2-105 (Confidentiality of Medical and Credentialing Records)
+
|[[N.C. Gen. Stat. §58-2-105]] (Confidentiality of Medical and Credentialing Records)
|(a)        All patient medical records in the possession of the Department are confidential and are not public records pursuant to G.S. 58-2-100 or G.S. 132-1. As used in this section, "patient medical records" includes personal information that relates to an individual's physical or mental condition, medical history, or medical treatment, and that has been obtained from the individual patient, a health care provider, or from the patient's spouse, parent, or legal guardian.
+
|
(b)        Under Part 4 of Article 50 of this Chapter, the Department may disclose patient medical records to an independent review organization, and the organization shall maintain the confidentiality of those records as required by this section, except as allowed by G.S. 58-39-75 and G.S. 58-39-76.
 
(c)        Under Part 4 of Article 50 of this Chapter, all information related to the credentialing of medical professionals that is in the possession of the Commissioner is confidential and is a public record neither under this section nor under Chapter 132 of the General Statutes.
 
 
|Health/Genetic
 
|Health/Genetic
 
|58-2-105-(a)-breach of confidentiality, (b)-disclosure, (c)-breach of confidentiality
 
|58-2-105-(a)-breach of confidentiality, (b)-disclosure, (c)-breach of confidentiality
 
|-
 
|-
|N.C. Gen. Stat. §58-39-45 (Access to Recorded Personal Information)
+
|[[N.C. Gen. Stat. §58-39-45]] (Access to Recorded Personal Information)
|(a)        If any individual, after proper identification, submits a written request to an insurance institution, agent, or insurance-support organization for access to recorded personal information about the individual that is reasonably described by the individual and reasonably locatable and retrievable by the insurance institution, agent, or insurance-support organization, the insurance institution, agent, or insurance-support organization shall within 30 business days from the date such request is received:
+
|
(1)        Inform the individual of the nature and substance of such recorded personal information in writing, by telephone, or by other oral communication, whichever the insurance institution, agent, or insurance-support organization prefers;
 
(2)        Permit the individual to see and copy, in person, such recorded personal information pertaining to him or to obtain a copy of such recorded personal information by mail, whichever the individual prefers, unless such recorded personal information is in coded form, in which case an accurate translation in plain language shall be provided in writing;
 
(3)        Disclose to the individual the identity, if recorded, of those persons to whom the insurance institution, agent, or insurance-support organization has disclosed such personal information within two years prior to such request, and if the identity is not recorded, the names of those insurance institutions, agents, insurance-support organizations or other persons to whom such information is normally disclosed; and
 
(4)        Provide the individual with a summary of the procedures by which he may request correction, amendment, or deletion of recorded personal information.
 
(b)        Any personal information provided pursuant to subsection (a) of this section shall identify the source of the information if such source is an institutional source.
 
(c)        Medical-record information supplied by a medical-care institution or medical professional and requested under subsection (a) of this section together with the identity of the medical professional or medical-care institution that provided such information, shall be supplied either directly to the individual or to a medical professional designated by the individual and licensed to provide medical care with respect to the condition to which the information relates, whichever the insurance institution, agent, or insurance-support organization prefers. If it elects to disclose the information to a medical professional designated by the individual, the insurance institution, agent, or insurance-support organization shall notify the individual, at the time of the disclosure, that it has provided the information to the medical professional.
 
(d)      Except for personal information provided under G.S. 58-39-55, an insurance institution, agent, or insurance-support organization may charge a reasonable fee to cover the costs incurred in providing a copy of recorded personal information to individuals.
 
(e)        The obligations imposed by this section upon an insurance institution or agent may be satisfied by another insurance institution or agent authorized to act on its behalf. With respect to the copying and disclosure of recorded personal information pursuant to a request under subsection (a) of this section, an insurance institution, agent, or insurance-support organization may make arrangements with an insurance-support organization or a consumer reporting agency to copy and disclose recorded personal information on its behalf.
 
(f)        The rights granted to individuals in this section shall extend to all natural persons to the extent information about them is collected and maintained by an insurance institution, agent, or insurance-support organization in connection with an insurance transaction. The rights granted to all natural persons by this subsection shall not extend to information about them that relates to and is collected in connection with or in reasonable anticipation of a claim or civil or criminal proceeding involving them.
 
(g)        For purposes of this section, the term, "insurance-support organization" does not include the term, "consumer reporting agency." (1981, c. 846, s. 1; 2003-262, s. 2(1).)
 
 
|Health/Genetic
 
|Health/Genetic
 
|58-39-45-(a)interrogation, (a)(1)-decisional interference, (a)(2)-exclusion, (a)(3)-identification, disclosure, (a)(4)-exclusion, (f)-aggregation
 
|58-39-45-(a)interrogation, (a)(1)-decisional interference, (a)(2)-exclusion, (a)(3)-identification, disclosure, (a)(4)-exclusion, (f)-aggregation
 
|-
 
|-
|N.C. Gen. Stat. §132-1.10 (Social Security Numbers and other Personal Identification Information)
+
|[[N.C. Gen. Stat. §132-1.10]] (Social Security Numbers and other Personal Identification Information)
|(a)        The General Assembly finds the following:
+
|
(1)        The social security number can be used as a tool to perpetuate fraud against a person and to acquire sensitive personal, financial, medical, and familial information, the release of which could cause great financial or personal harm to an individual. While the social security number was intended to be used solely for the administration of the federal Social Security System, over time this unique numeric identifier has been used extensively for identity verification purposes and other legitimate consensual purposes.
 
(2)        Although there are legitimate reasons for State and local government agencies to collect social security numbers and other personal identifying information from individuals, government should collect the information only for legitimate purposes or when required by law.
 
(3)        When State and local government agencies possess social security numbers or other personal identifying information, the governments should minimize the instances this information is disseminated either internally within government or externally with the general public.
 
(b)        Except as provided in subsections (c) and (d) of this section, no agency of the State or its political subdivisions, or any agent or employee of a government agency, shall do any of the following:
 
(1)        Collect a social security number from an individual unless authorized by law to do so or unless the collection of the social security number is otherwise imperative for the performance of that agency's duties and responsibilities as prescribed by law. Social security numbers collected by an agency must be relevant to the purpose for which collected and shall not be collected until and unless the need for social security numbers has been clearly documented.
 
(2)        Fail, when collecting a social security number from an individual, to segregate that number on a separate page from the rest of the record, or as otherwise appropriate, in order that the social security number can be more easily redacted pursuant to a valid public records request.
 
(3)        Fail, when collecting a social security number from an individual, to provide, at the time of or prior to the actual collection of the social security number by that agency, that individual, upon request, with a statement of the purpose or purposes for which the social security number is being collected and used.
 
(4)        Use the social security number for any purpose other than the purpose stated.
 
(5)        Intentionally communicate or otherwise make available to the general public a person's social security number or other identifying information. "Identifying information", as used in this subdivision, shall have the same meaning as in G.S. 14-113.20(b), except it shall not include electronic identification numbers, electronic mail names or addresses, Internet account numbers, Internet identification names, parent's legal surname prior to marriage, or drivers license numbers appearing on law enforcement records. Identifying information shall be confidential and not be a public record under this Chapter. A record, with identifying information removed or redacted, is a public record if it would otherwise be a public record under this Chapter but for the identifying information. The presence of identifying information in a public record does not change the nature of the public record. If all other public records requirements are met under this Chapter, the agency of the State or its political subdivisions shall respond to a public records request, even if the records contain identifying information, as promptly as possible, by providing the public record with the identifying information removed or redacted.
 
(6)        Intentionally print or imbed an individual's social security number on any card required for the individual to access government services.
 
(7)        Require an individual to transmit the individual's social security number over the Internet, unless the connection is secure or the social security number is encrypted.
 
(8)        Require an individual to use the individual's social security number to access an Internet Web site, unless a password or unique personal identification number or other authentication device is also required to access the Internet Web site.
 
(9)        Print an individual's social security number on any materials that are mailed to the individual, unless state or federal law required that the social security number be on the document to be mailed. A social security number that is permitted to be mailed under this subdivision may not be printed, in whole or in part, on a postcard or other mailer not requiring an envelope, or visible on the envelope or without the envelope having been opened.
 
(c)        Subsection (b) of this section does not apply in the following circumstances:
 
(1)        To social security numbers or other identifying information disclosed to another governmental entity or its agents, employees, or contractors if disclosure is necessary for the receiving entity to perform its duties and responsibilities. The receiving governmental entity and its agents, employees, and contractors shall maintain the confidential and exempt status of such numbers.
 
(2)        To social security numbers or other identifying information disclosed pursuant to a court order, warrant, or subpoena.
 
(3)        To social security numbers or other identifying information disclosed for public health purposes pursuant to and in compliance with Chapter 130A of the General Statutes.
 
(4)        To social security numbers or other identifying information that have been redacted.
 
(5)        To certified copies of vital records issued by the State Registrar and other authorized officials pursuant to G.S. 130A-93(c). The State Registrar may disclose any identifying information other than social security numbers on any uncertified vital record.
 
(6)        To any recorded document in the official records of the register of deeds of the county.
 
(7)        To any document filed in the official records of the courts.
 
(c1)      If an agency of the State or its political subdivisions, or any agent or employee of a government agency, experiences a security breach, as defined in Article 2A of Chapter 75 of the General Statutes, the agency shall comply with the requirements of G.S. 75-65.
 
(d)      No person preparing or filing a document to be recorded or filed in the official records of the register of deeds, the Department of the Secretary of State, or of the courts may include any person's social security, employer taxpayer identification, drivers license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code or passwords in that document, unless otherwise expressly required by law or court order, adopted by the State Registrar on records of vital events, or redacted. Any loan closing instruction that requires the inclusion of a person's social security number on a document to be recorded shall be void. Any person who violates this subsection shall be guilty of an infraction, punishable by a fine not to exceed five hundred dollars ($500.00) for each violation.
 
(e)        The validity of an instrument as between the parties to the instrument is not affected by the inclusion of personal information on a document recorded or filed with the official records of the register of deeds or the Department of the Secretary of State. The register of deeds or the Department of the Secretary of State may not reject an instrument presented for recording because the instrument contains an individual's personal information.
 
(f)        Any person has the right to request that a register of deeds or clerk of court remove, from an image or copy of an official record placed on a register of deeds' or court's Internet Website available to the general public or an Internet Web site available to the general public used by a register of deeds or court to display public records by the register of deeds or clerk of court, the person's social security, employer taxpayer identification, drivers license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code or passwords contained in that official record. The request must be made in writing, legibly signed by the requester, and delivered by mail, facsimile, or electronic transmission, or delivered in person to the register of deeds or clerk of court. The request must specify the personal information to be redacted, information that identifies the document that contains the personal information and unique information that identifies the location within the document that contains the social security, employer taxpayer identification, drivers license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code or passwords to be redacted. The request for redaction shall be considered a public record with access restricted to the register of deeds, the clerk of court, their staff, or upon order of the court. The register of deeds or clerk of court shall have no duty to inquire beyond the written request to verify the identity of a person requesting redaction and shall have no duty to remove redaction for any reason upon subsequent request by an individual or by order of the court, if impossible to do so. No fee will be charged for the redaction pursuant to such request. Any person who requests a redaction without proper authority to do so shall be guilty of an infraction, punishable by a fine not to exceed five hundred dollars ($500.00) for each violation.
 
(f1)      Without a request made pursuant to subsection (f) of this section, a register of deeds, clerk of court, or the Administrative Office of the Courts may remove from images or copies of publicly accessible official records any of the identifying and financial information listed in subsection (f) of this section that is contained in that official record. Registers of deeds, clerks of court, and the Administrative Office of the Courts may apply optical character recognition technology or other reasonably available technology to publicly accessible official records in order to, in good faith, identify and redact any of the identifying and financial information listed in subsection (f) of this section. Notwithstanding the foregoing, law enforcement personnel, judicial officials, and parties to a case and their counsel shall be entitled to access, inspect, and copy unredacted records.
 
(f2)      The Administrative Office of the Courts or a clerk of superior court may keep confidential the names, phone numbers, and e-mail addresses collected for the purpose of a court proceeding notification system.
 
(g)        A register of deeds or clerk of court shall immediately and conspicuously post signs throughout his or her offices for public viewing and shall immediately and conspicuously post a notice on any Internet Web site available to the general public used by a register of deeds or clerk of court a notice stating, in substantially similar form, the following:
 
(1)        Any person preparing or filing a document for recordation or filing in the official records may not include a social security, employer taxpayer identification, drivers license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code or passwords in the document, unless expressly required by law or court order, adopted by the State Registrar on records of vital events, or redacted so that no more than the last four digits of the identification number is included.
 
(2)        Any person has a right to request a register of deeds or clerk of court to remove, from an image or copy of an official record placed on a register of deeds' or clerk of court's Internet Web site available to the general public or on an Internet Web site available to the general public used by a register of deeds or clerk of court to display public records, any social security, employer taxpayer identification, drivers license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code or passwords contained in an official record. The request must be made in writing and delivered by mail, facsimile, or electronic transmission, or delivered in person, to the register of deeds or clerk of court. The request must specify the personal information to be redacted, information that identifies the document that contains the personal information and unique information that identifies the location within the document that contains the social security, employer taxpayer identification, drivers license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code or passwords to be redacted. No fee will be charged for the redaction pursuant to such a request. Any person who requests a redaction without proper authority to do so shall be guilty of an infraction, punishable by a fine not to exceed five hundred dollars ($500.00) for each violation.
 
(h)        Any affected person may petition the court for an order directing compliance with this section. No liability shall accrue to a register of deeds or clerk of court or to his or her agent for any action related to provisions of this section or for any claims or damages that might result from a social security number or other identifying information on the public record or on a register of deeds' or clerk of court's Internet website available to the general public or an Internet Web site available to the general public used by a register of deeds or clerk of court.
 
 
|Health/Genetic
 
|Health/Genetic
 
|(a)(1)-identification, (a)(2)-surveillance, (a)(3)-insecurity, aggregation, (b)(1)-surveillance, (b)(2)-insecurity, (b)(3)-insecurity, (b)(4)-secondary use, (b)(5)-identification, increased accesibility, (b)(6)-insecurity, (b)(7)-interrogation, (b)(8)- interrogation, (b)(9)-insecurity, (c)(1)-disclosure, (c)(2)-disclosure, (c)(3)-disclosure, (c)(4)-identification, (c)(5)-disclosure, (c)(6)-aggregation, (c)(7)-increased accesibility, (d)-interrogation, (e)-insecurity, (f)-decisional interference, insreased accesibility, (f1)-insecurity, (f2)-breach of confidentiality, (g)(1)(2)-insecurity, identification, disclosure, increased accesibility, (h)-increased accesibility
 
|(a)(1)-identification, (a)(2)-surveillance, (a)(3)-insecurity, aggregation, (b)(1)-surveillance, (b)(2)-insecurity, (b)(3)-insecurity, (b)(4)-secondary use, (b)(5)-identification, increased accesibility, (b)(6)-insecurity, (b)(7)-interrogation, (b)(8)- interrogation, (b)(9)-insecurity, (c)(1)-disclosure, (c)(2)-disclosure, (c)(3)-disclosure, (c)(4)-identification, (c)(5)-disclosure, (c)(6)-aggregation, (c)(7)-increased accesibility, (d)-interrogation, (e)-insecurity, (f)-decisional interference, insreased accesibility, (f1)-insecurity, (f2)-breach of confidentiality, (g)(1)(2)-insecurity, identification, disclosure, increased accesibility, (h)-increased accesibility
 
|-
 
|-
|[https://www.ncleg.net/EnactedLegislation/Statutes/PDF/ByArticle/Chapter_90/Article_29.pdf Medical Records (2014)]
+
|[https://www.ncleg.net/EnactedLegislation/Statutes/PDF/ByArticle/Chapter_90/Article_29.pdf Medical Records (2014)] [[Medical Records (2014)]]
|§ 90-410. Definitions.
+
|
As used in this Article:
 
(1) "Health care provider" means any person who is licensed or certified to practice
 
a health profession or occupation under this Chapter or Chapters 90B or 90C of
 
the General Statutes, a health care facility licensed under Chapters 131E or
 
122C of the General Statutes, and a representative or agent of a health care
 
provider.
 
(2) "Medical records" means personal information that relates to an individual's
 
physical or mental condition, medical history, or medical treatment, excluding
 
X rays and fetal monitor records. (1993, c. 529, s. 4.3.)
 
§ 90-411. Record copy fee.
 
A health care provider may charge a reasonable fee to cover the costs incurred in
 
searching, handling, copying, and mailing medical records to the patient or the patient's
 
designated representative. The maximum fee for each request shall be seventy-five cents
 
(75¢) per page for the first 25 pages, fifty cents (50¢) per page for pages 26 through 100,
 
and twenty-five cents (25¢) for each page in excess of 100 pages, provided that the health
 
care provider may impose a minimum fee of up to ten dollars ($10.00), inclusive of copying
 
costs. If requested by the patient or the patient's designated representative, nothing herein
 
shall limit a reasonable professional fee charged by a physician for the review and
 
preparation of a narrative summary of the patient's medical record. Charges for medical
 
records and reports related to claims under Article 1 of Chapter 97 of the General Statutes
 
shall be governed by the fees established by the North Carolina Industrial Commission
 
pursuant to G.S. 97-26.1. This section shall not apply to Department of Health and Human
 
Services Disability Determination Services requests for copies of medical records made on
 
behalf of an applicant for Social Security or Supplemental Security Income disability.
 
(1993, c. 529, s. 4.3; 1993 (Reg. Sess., 1994), c. 679, s. 5.5; 1995 (Reg. Sess., 1996), c.
 
742, s. 36; 1997-443, ss. 11.3, 11A.118(b); 2019-191, s. 42.)
 
§ 90-412. Electronic medical records.
 
(a) Notwithstanding any other provision of law, any health care provider or facility
 
licensed, certified, or registered under the laws of this State or any unit of State or local government
 
may create and maintain medical records in an electronic format. The health care provider, facility,
 
or governmental unit shall not be required to maintain a separate paper copy of the electronic
 
medical record. A health care provider, facility, or governmental unit shall maintain electronic
 
medical records in a legible and retrievable form, including adequate data backup.
 
(b) Notwithstanding any other provision of law, any health care provider or facility
 
licensed, certified, or registered under the laws of this State or any unit of State or local government
 
may permit authorized individuals to authenticate orders and other medical record entries by
 
written signature, or by electronic or digital signature in lieu of a signature in ink. Medical record
 
entries shall be authenticated by the individual who made or authorized the entry. For purposes of
 
NC General Statutes - Chapter 90 Article 29 2
 
this section, "authentication" means identification of the author of an entry by that author and
 
confirmation that the contents of the entry are what the author intended.
 
(c) The legal rights and responsibilities of patients, health care providers, facilities, and
 
governmental units shall apply to records created or maintained in electronic form to the same
 
extent as those rights and responsibilities apply to medical records embodied in paper or other
 
media. This subsection applies with respect to the security, confidentiality, accuracy, integrity,
 
access to, and disclosure of medical records. (1999-247, s. 2; 2007-248, s. 3.)
 
 
|Health
 
|Health
 
|§90-411-surveillance, §90-412-a-increased accesibility, b-decisional interference
 
|§90-411-surveillance, §90-412-a-increased accesibility, b-decisional interference

Revision as of 07:12, 22 March 2020

Name of Article Specific Clauses or the Law Scope Mapping
Identity Theft Protection Act Health/Genetic §75.66-(a)disclosure
N.C. Gen. Stat. §58-2-105 (Confidentiality of Medical and Credentialing Records) Health/Genetic 58-2-105-(a)-breach of confidentiality, (b)-disclosure, (c)-breach of confidentiality
N.C. Gen. Stat. §58-39-45 (Access to Recorded Personal Information) Health/Genetic 58-39-45-(a)interrogation, (a)(1)-decisional interference, (a)(2)-exclusion, (a)(3)-identification, disclosure, (a)(4)-exclusion, (f)-aggregation
N.C. Gen. Stat. §132-1.10 (Social Security Numbers and other Personal Identification Information) Health/Genetic (a)(1)-identification, (a)(2)-surveillance, (a)(3)-insecurity, aggregation, (b)(1)-surveillance, (b)(2)-insecurity, (b)(3)-insecurity, (b)(4)-secondary use, (b)(5)-identification, increased accesibility, (b)(6)-insecurity, (b)(7)-interrogation, (b)(8)- interrogation, (b)(9)-insecurity, (c)(1)-disclosure, (c)(2)-disclosure, (c)(3)-disclosure, (c)(4)-identification, (c)(5)-disclosure, (c)(6)-aggregation, (c)(7)-increased accesibility, (d)-interrogation, (e)-insecurity, (f)-decisional interference, insreased accesibility, (f1)-insecurity, (f2)-breach of confidentiality, (g)(1)(2)-insecurity, identification, disclosure, increased accesibility, (h)-increased accesibility
Medical Records (2014) Medical Records (2014) Health §90-411-surveillance, §90-412-a-increased accesibility, b-decisional interference
Retrieved from "https://privacy.wiki/index.php?title=North_Carolina&oldid=942"