Sec. 10.10.11.03. Definitions  


Latest version.
  • A. In this chapter, the following terms have the meanings indicated.

    B. Terms Defined.

    (1) “Access” means the ability or the means necessary to:

    (a) Read, write, modify, or communicate BAR information; or

    (b) Otherwise make use of any system resource related to BAR information.

    (2) “Access control” means a method of restricting access to a BAR information resource, allowing only an authorized individual access to the resource.

    (3) “Authentication” means the corroboration that a person is the one claimed.

    (4) “BAR” means the Department’s Biological Agents Registry.

    (5) BAR Information.

    (a) “BAR information” means information submitted to the BAR Program by a person required to report a biological agent under this chapter.

    (b) “BAR information” identifies:

    (i) A person in this State who possesses, maintains, transfers, or receives a biological agent; and

    (ii) The biological agents possessed, maintained, transferred, and received by a person in this State.

    (c) “BAR information” includes:

    (i) Information contained in any of the documents and records that the BAR Program collects, requests, maintains, processes, or stores;

    (ii) Information released by the BAR Program, a trusted partner, or a BAR information custodian; and

    (iii) Biological agent incident response plans submitted to a local jurisdiction as required by this chapter.

    (6) BAR Information Custodian.

    (a) “BAR information custodian” means an individual designated by a trusted partner and authorized by the Department in a trusted partner agreement to receive and maintain BAR information.

    (b) “BAR information custodian” may include:

    (i) A health officer or designee;

    (ii) An Emergency Management Director or designee; and

    (iii) Other alternately designated and authorized individuals with a legitimate need to know the BAR information as it relates to the performance of the person's duties.

    (7) “BAR Program” means the Department’s BAR Program within the Laboratories Administration’s Office of Laboratory Emergency Preparedness and Response.

    (8) “Biological agent” means:

    (a) A select agent or toxin listed in 42 CFR §§73.3 and 73.4, 7 CFR §331.3, and 9 CFR §§121.3 and 121.4;

    (b) A genetically modified microorganism or genetic element from an organism listed in 42 CFR §§73.3 and 73.4, 7 CFR §331.3, and 9 CFR §§121.3 and 121.4, shown to produce or encode for a factor associated with disease; or

    (c) A genetically modified microorganism or genetic element that contains nucleic acid sequences coding for a toxin listed in 42 CFR §§73.3 and 73.4, and 9 CFR §§121.3 and 121.4, or the toxin's subunits.

    (9) Biological Agent Incident.

    (a) “Biological agent incident” means a breach of containment or imminent threat of a breach of containment of a biological agent that poses an immediate threat to an individual's health and safety.

    (b) “Biological agent incident” includes any situation that may cause or potentially cause an exposure to or release of a biological agent, as set forth in Regulation .12B of this chapter.

    (10) “Biosafety Level (BSL)” means the level of work practices, facility design, and safety equipment to prevent transmission of biologic agents to workers, other individuals, and the environment, as defined in the BMBL.

    (11) “Biosafety Level-2 (BSL-2)” means the BSL used when:

    (a) Work is done with biological agents associated with human disease; and

    (b) The route of transmission is by:

    (i) Percutaneous injury;

    (ii) Ingestion; or

    (iii) Mucous membrane exposure.

    (12) “Biosafety Level-3 (BSL-3)” means the BSL used when:

    (a) Work is done with indigenous or exotic agents associated with a potentially serious or lethal human disease; and

    (b) The route of transmission is aerosol inhalation.

    (13) Biosafety Level-4 (BSL-4).

    (a) “BSL-4” means the BSL used when work is done with a dangerous and exotic biological agent that poses a high risk of life-threatening or lethal human disease that:

    (i) May be transmitted via the aerosol route;

    (ii) Has an unknown mode of transmission; or

    (iii) Has no available vaccine or therapy.

    (b) “BSL-4” includes the BSL used when the agent has a close or identical antigenic relationship to BSL-4 agents.

    (14) “BMBL” means the “Biosafety in Microbiological and Biomedical Laboratories”, which is incorporated by reference in Regulation .04 of this chapter.

    (15) “Centers for Disease Control and Prevention (CDC)” means the federal Centers for Disease Control and Prevention of the federal Department of Health and Human Services.

    (16) “Compact Disc-Recordable (CD-R)” means a type of write once, read many compact disc format that allows one-time recording of digital information on the disc.

    (17) Contingency Plan.

    (a) “Contingency plan” means a plan for responding to an information system emergency.

    (b) “Contingency plan” includes:

    (i) Installing system information from backups;

    (ii) Preparing critical facilities that can be used to facilitate continuity of operations in the event of an emergency; and

    (iii) Recovering from a disaster.

    (18) “Decryption” means reversing the protective encryption algorithm process to make the previously unintelligible plaintext available for further processing as intelligible plaintext.

    (19) “Deficiency” means a documented lack of compliance with a standard or requirement of the BAR Program set forth in this chapter.

    (20) “Department” means the Maryland Department of Health.

    (21) “Emergency management director” means an individual appointed by the Governor of Maryland, who is directly responsible for the organization, administration, and operation of the local organization for emergency management in the local jurisdiction as set forth in Public Safety Article, §14-109, Annotated Code of Maryland.

    (22) Encryption.

    (a) “Encryption” means transforming confidential plaintext into ciphertext to protect it so that the data can be securely stored.

    (b) “Encryption” includes encrypting with an algorithm that combines plaintext with other values called keys, or ciphers, so the data becomes unintelligible.

    (23) “Etiologic” means disease causing.

    (24) “Exposure” means the condition of being subjected to a biological agent which may have a harmful effect.

    (25) “Facility” means a building or complex of buildings owned by the same person and located at a single mailing address.

    (26) "Genetic element" means a nucleic acid sequence shown to produce or encode for a factor associated with a disease, a toxin, or a toxin's subunits.

    (27) "Local jurisdiction" means a county of the State or Baltimore City.

    (28) "Maintaining a biological agent" means manipulating or holding a biological agent to sustain or enhance viability, infectivity, or toxicity.

    (29) "Maryland Institute for Emergency Medical Services Systems (MIEMSS)" means the unit established by Education Article, §13-503, Annotated Code of Maryland.

    (30) "MDE" means the Maryland Department of the Environment.

    (31) "MEMA" means the Maryland Emergency Management Agency.

    (32) Nature of a Biological Agent.

    (a) "Nature of a biological agent" means the term that describes the kind or type of material or organism the agent is.

    (b) “Nature of a biological agent” includes:

    (i) Toxin;

    (ii) Bacterium;

    (iii) Virus;

    (iv) Rickettsia;

    (v) Fungus;

    (vi) Allergen;

    (vii) Genetic element; or

    (viii) Any combination of §B(32)(b)(i)-(vii) of this regulation.

    (c) "Nature of a biological agent" does not include the name or identity of the biological agent.

    (33) Person.

    (a) "Person" means an individual, receiver, trustee, guardian, personal representative, fiduciary, or representative of any kind and any partnership, firm, association, corporation, or other entity.

    (b) "Person" includes State and federal units of government.

    (34) "Personal identification number (PIN)" means a number or code assigned to an individual and used to provide verification of identity.

    (35) “Personal protective equipment (PPE)” means the type of physical barrier equipment necessary to:

    (a) Protect an individual from contact with a biological agent; or

    (b) Prevent transmission of a biological agent.

    (36) "Possessing a biological agent" means handling, holding, maintaining, owning, or storing a biological agent within the State.

    (37) Responsible Official.

    (a) "Responsible official" means an individual designated by a person required to report under this chapter to act on the person's behalf.

    (b) "Responsible official" includes an individual designated as an alternate responsible official who acts in the responsible official's absence.

    (38) "Role-based access" means a security mechanism for granting user access to a computer information system containing BAR information, based upon the user's job function.

    (39) “Secretary” means the Secretary of Health.

    (40) "Security incident" means a situation when BAR information is:

    (a) Intentionally or unintentionally released to an unauthorized person; or

    (b) Otherwise compromised in a way that allows unauthorized access.

    (41) Security Self-Assessment.

    (a) "Security self-assessment" means a person's formal assessment of the sensitivity, vulnerabilities, and security of the person's operations and programs related to the BAR information the person receives, manipulates, stores, or transmits.

    (b) "Security self-assessment" includes the:

    (i) Procedures and processes for determining a person's compliance with the BAR information security standards in this chapter;

    (ii) Documentation certifying to the BAR Program that a person meets the BAR information security standards;

    (iii) Identification and management of security risks; and

    (iv) Security standards self-assessment check list provided by the BAR Program.

    (42) "Technical security measure" means a process that is put in place to protect information and control individual access to information in order to guard data integrity, confidentiality, and availability.

    (43) "Token" means an electronic device for authenticating user identification and allowing access to a door or computer information system.

    (44) Toxin.

    (a) "Toxin" means a biologically active poisonous substance that is:

    (i) Produced by a living cell or an organism; and

    (ii) Harmful to another organism.

    (b) "Toxin" does not include:

    (i) A poisonous substance produced by a living organism for medical purposes, inactivated for use as a vaccine; or

    (ii) A toxin preparation for biomedical research use at a lethal dose of 50 percent (LD50) for vertebrates of more than 100 nanograms per kilogram body weight.

    (45) "Transfer" means the physical relocation of a biological agent from one facility or person to another.

    (46) Trusted Partner.

    (a) "Trusted partner" means a person with whom the Department has a valid trusted partner agreement to receive, possess, maintain, and transfer or share BAR information, as set forth in this chapter.

    (b) "Trusted partner" includes only MDE, MEMA, MIEMSS, and a local jurisdiction where a biological agent is located.

    (47) Trusted Partner Agreement.

    (a) "Trusted partner agreement" means a document describing the arrangement between the Department and a trusted partner regarding how, when, and to whom information is released from the BAR.

    (b) "Trusted partner agreement" includes the documentation that describes all the policies, procedures, and mechanisms agreed upon to protect the integrity, confidentiality, and availability of BAR information.

    (48) "User-based access" means a security mechanism used to grant system access to users, based upon the identity of the user.