Skip to main content Skip to office menu Skip to footer
Capital IconMinnesota Legislature

SF 3202

1st Engrossment - 91st Legislature (2019 - 2020) Posted on 03/10/2020 08:34am

KEY: stricken = removed, old language.
underscored = added, new language.

Current Version - 1st Engrossment

Line numbers 1.1 1.2 1.3 1.4 1.5 1.6
1.7 1.8 1.9 1.10 1.11 1.12 1.13 1.14 1.15 1.16 1.17 1.18 1.19 1.20 1.21 1.22 2.1 2.2 2.3 2.4 2.5 2.6
2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 2.19 2.20 2.21 2.22 2.23 2.24 2.25 2.26 2.27 2.28 2.29 2.30 2.31 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 3.20 3.21 3.22 3.23 3.24 3.25
3.26 3.27

A bill for an act
relating to human services; requiring a license holder to destroy personal
information upon closure; providing remedies; amending Minnesota Statutes 2018,
section 245A.04, subdivision 15a; proposing coding for new law in Minnesota
Statutes, chapter 245A.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:

Section 1.

Minnesota Statutes 2018, section 245A.04, subdivision 15a, is amended to read:


Subd. 15a.

Plan for transfer of clients and records upon closure.

(a) Except for license
holders who reside on the premises and child care providers, an applicant for initial or
continuing licensure or certification must submit a written plan indicating how the program
will ensure the transfer of clients and records for both open and closed cases if the program
closes. The plan must provide for managing private and confidential information concerning
program clients. The plan must also provide for notifying affected clients of the closure at
least 25 days prior to closure, including information on how to access their records. new text beginFor
licensed residential programs, the plan must also indicate how the program will ensure
compliance with destruction of personal information as required under section 245A.0415.
new text end A controlling individual of the program must annually review and sign the plan.

(b) Plans for the transfer of open cases and case records must specify arrangements the
program will make to transfer clients to another provider or county agency for continuation
of services and to transfer the case record with the client.

(c) Plans for the transfer of closed case records must be accompanied by a signed
agreement or other documentation indicating that a county or a similarly licensed provider
has agreed to accept and maintain the program's closed case records and to provide follow-up
services as necessary to affected clients.

new text begin (d) Plans for destruction of personal information must be accompanied by a signed
agreement or other documentation indicating that the licensed residential program or
responsible third party will ensure compliance with section 245A.0415 and any other
applicable state or federal law regarding destruction of personal information.
new text end

Sec. 2.

new text begin [245A.0415] TREATMENT OF PERSONAL INFORMATION UPON
CLOSURE.
new text end

new text begin Subdivision 1. new text end

new text begin Application. new text end

new text begin This section applies to license holders that operate and
former license holders that operated a residential program.
new text end

new text begin Subd. 2. new text end

new text begin Definition; license holder. new text end

new text begin For purposes of this section, "license holder"
includes former license holders.
new text end

new text begin Subd. 3. new text end

new text begin Definition; personal information. new text end

new text begin (a) For purposes of this section, "personal
information" means the following information about a person that received services in a
residential program: a person's first name or first initial and last name combined with:
new text end

new text begin (1) a Social Security number, part of a Social Security number, or tax identification
number;
new text end

new text begin (2) a nontruncated driver's license number, state-issued identification card number,
passport number, military identification number, or other unique identification number
issued on a government document used to verify the identity of a specific individual;
new text end

new text begin (3) a financial account number, including a bank account number, credit card number,
or debit card number, in combination with any security code, access code, password,
expiration date, or personal identification number, that is necessary to access the financial
account or to conduct a transaction that will credit or debit the financial account;
new text end

new text begin (4) any information regarding an individual's medical history, mental or physical
condition, or medical treatment or diagnosis by a health care professional;
new text end

new text begin (5) an individual's health insurance policy number, subscriber identification number, or
any unique identifier used by a health insurer to identify the individual;
new text end

new text begin (6) a username or e-mail address, in combination with a password or security question
and answer that would permit access to an online account; or
new text end

new text begin (7) any other information maintained by the program.
new text end

new text begin (b) Personal information does not include information that is encrypted or modified by
any other method or technology that removes elements that identify an individual or that
otherwise renders the information unusable, including encryption of the data, document, or
device containing the personal information, unless the license holder or responsible third
party knows or has reason to know that the encryption key or security credential that could
render the personal information readable or useable has been breached.
new text end

new text begin Subd. 4. new text end

new text begin Duty to destroy. new text end

new text begin A license holder who ceases to provide services under this
chapter, or the responsible third party under section 245A.041, subdivision 3, paragraph
(b), must destroy all personal information within the license holder's or third party's custody
or control when retention of the information is no longer required by section 245A.041 or
any other applicable state or federal requirement, whichever is latest. A license holder or
the responsible third party must destroy personal information stored in paper, electronic, or
any other format in a manner that renders the information unreadable or undecipherable by
any reasonable means consistent with industry standards. A license holder or the responsible
third party must submit a certificate of destruction to the commissioner, providing a detailed
description of compliance with this section.
new text end

new text begin Subd. 5. new text end

new text begin Enforcement. new text end

new text begin (a) A person aggrieved by a violation of this section may bring
an action under section 13.08 against a license holder or a responsible third party.
new text end

new text begin (b) The commissioner retains enforcement and oversight jurisdiction over a license
holder who ceases to provide services for purposes of enforcing this section. The
commissioner may seek penalties against a license holder or a responsible third party for a
violation of this section pursuant to any enforcement powers conferred upon the
commissioner.
new text end

new text begin Subd. 6. new text end

new text begin Exemption. new text end

new text begin This section does not apply if the license holder transfers ownership
of all or part of a residential program.
new text end

new text begin EFFECTIVE DATE. new text end

new text begin This section is effective January 1, 2021, and applies to license
holders who cease to provide services on or after that date.
new text end