62J.55 PRIVACY OF UNIQUE IDENTIFIERS.
(a) When the unique identifiers specified in section
are used for data collection
purposes, the identifiers must be encrypted, as required in section
62J.321, subdivision 1
Encryption must follow encryption standards set by the National Bureau of Standards and
approved by the American National Standards Institute as ANSIX3. 92-1982/R 1987 to protect the
confidentiality of the data. Social Security numbers must not be maintained in unencrypted form in
the database, and the data must never be released in a form that would allow for the identification
of individuals. The encryption algorithm and hardware used must not use clipper chip technology.
(b) Providers and group purchasers shall treat medical records, including the Social Security
number if it is used as a unique patient identifier, in accordance with sections
. The Social Security number may be disclosed by providers and group purchasers to the
commissioner as necessary to allow performance of those duties set forth in section
History: 1994 c 625 art 9 s 6; 1995 c 234 art 5 s 18; 2007 c 147 art 10 s 15