MO :: Section 8, Chapter 3 (Research Protections and Data Requests), Subsection 1 – Research Protections and Request for Release of Data :: 3.1.4 Request for Data Procedures Related to Research

Missouri
2023, 2022, 2021, 2020, 2019 | Administrative process , Reporting requirements

CD staff members are to follow procedures when the request for data involves disclosure of client PHI, i.e. social security number (SSN), Departmental Client Number (DCN), Date of Birth (DOB), or client name. There is no need to obtain authorization to release data when no PHI is being requested.  The Health Insurance Portability and Accountability Act (HIPAA) must be considered before data requests are approved.  All data transfers will be done in compliance with the Information Security Management policy, 6-100http://dssweb/dpl/adman/POLICIES/6-100.pdf (Employee Access Only):

  1.  
    1. All requests for data must be sent to Central Office. The person designated by the Division Director to review all requests for data will complete a Data Transfer Request if applicable http://dsswebapp/grd/DataTransfer/index.asp (Employee Access Only). The designee will consider:
      1. Whether request for data is a bona fide request (from any person who is a tenure-track or full-time research faculty member at an accredited institution of higher education engaged in scholarly research, with the permission of the director).
      2. Whether request for data was made for bona fide, ethical purposes and its intended use is likely to advance child welfare practice in Missouri.
    2. If data to be transferred includes disclosure of client PHI, the designee will forward the Data Transfer Request electronically to the Divisional Privacy Officer. Under comments section of the Data Transfer Request Form, the designee shall describe what data is needed so that the Divisional Privacy Officer has a good understanding of the request
    3. Divisional Privacy Officer will receive the request electronically at which time he/she makes the decision whether to approve the request.
    4. Divisional Privacy Officer signs off on the request which automatically generates an alert to the CD Security Officer.
    5. The CD Security Officer signs off on the request and it automatically goes to Information Technology Services Division (ITSD).
    6. Staff from ITSD sends a notification to everyone involved including the individual who initiated the request.
    7. The Research and Evaluation Unit of DSS will maintain a file for tracking purposes as required when PHI is involved.

Jump to Top | Back to All

Leave a Comment:

Anonymous
The content of this field is kept private and will not be shown publicly.

0 Comments