(a)  Access to patient-level information collected by the monitoring program shall be limited to program staff authorized by the doctor.

(b)  All program staff shall be required to sign an agreement to actively protect the confidentiality of patient information collected through the monitoring program.

(c)  All identifying or potentially identifying information collected by the monitoring program, including abstracts, case reports, computer printouts, notes and other material shall be stored in locked offices or in locked file cabinets at all times.

(d)  Central registry files stored in electronic format shall be maintained in a password-protected local area computer network. Only authorized program staff shall have access to this information.  Access to the data is controlled by the network administrator.  Back up data files shall be maintained at the State Computer Center.  This computer system is protected by the Resource Allocation Control Facility (RACF) system.

(e)  A publicly accessible data file containing limited patient-level information from the central registry may be made available.  This file may contain the following data items only: county of residence, county of birth, year of birth, sex of infant, race of infant, age of mother, and birth defect diagnoses.  All other patient information contained in the central registry shall be considered confidential and not open to public inspection, except as specified in Paragraph (f) of this Rule.

(f)  Confidential information maintained in the central registry may be disclosed in the following circumstances, when authorized by the Director:

(1)           A patient shall have access to review or obtain copies of his/her own records; or

(2)           Information may be disclosed as provided in Rule .0106 of this Section.


History Note:        Authority G.S. 130A-131.17;

Eff. August 1, 2000;

Pursuant to G.S. 150B-21.3A, rule is necessary without substantive public interest Eff. December 20, 2015.