eLaws | eCases | State of Maryland |
 Code of Maryland Regulations (Last Updated: April 6, 2021)
 Title 10. Maryland Department of Health
 Part 3.
 Subtitle 10. LABORATORIES
 Chapter 10.10.11. Biological Agents Registry Program

  Sec. 10.10.11.23. Trusted Partner Agreement  

Latest version.

  • A. Requirement. The Department may not share BAR information with a person until the person becomes a trusted partner by entering into a trusted partner agreement, using the form developed by the Department.

    B. The Department shall develop and use a trusted partner form that contains, as applicable, separate clauses that:

    (1) Establish the length of time that the trusted partner agreement is in effect;

    (2) Address that confidentiality will survive the termination, expiration, or cancellation of the trusted partner agreement and state that the trusted partner:

    (a) May not use BAR information in a way that is detrimental to the Department;

    (b) Shall keep BAR information confidential;

    (c) Shall limit disclosure of BAR information only:

    (i) To individuals with a legitimate need in performance of the individuals' duties; and

    (ii) On a need-to-know basis as prescribed by this chapter; and

    (d) Shall employ security policies that:

    (i) Protect the confidentiality of BAR information; and

    (ii) Prevent improper disclosures or access to BAR information;

    (3) Require the trusted partner to notify the Department whenever the trusted partner discloses BAR information as allowed by this chapter;

    (4) Warrant and represent that the trusted partner is in compliance with all applicable State and federal laws and regulations regarding BAR information;

    (5) Require the trusted partner to execute a trusted partner agreement that upholds the standards and requirements in the trusted partner agreement that the trusted partner has with the Department;

    (6) Require the trusted partner to notify the Department when there is:

    (a) An improper or unauthorized:

    (i) Disclosure of BAR information; or

    (ii) Access to BAR information;

    (b) A misuse of BAR information;

    (c) A computer information system compromise that affects BAR information; or

    (d) An authorized release of BAR information as set forth in this chapter;

    (7) Address corrective action by stating:

    (a) The steps necessary to prevent any further unauthorized disclosure and misuse of BAR information;

    (b) That the trusted partner shall maintain an incident log of all unauthorized disclosures and misuse of BAR information; and

    (c) That the trusted partner shall send a copy of incident log entries to the BAR Program;

    (8) Require the trusted partner to:

    (a) Return the BAR information that was provided to the trusted partner; and

    (b) Exercise due diligence to destroy all material based on BAR information in a manner that renders nonidentifiable all documents, memoranda, notes, or other writings created or prepared by or for the trusted partner or BAR information custodian;

    (9) Require the trusted partner to make available on demand to the Department all policies and procedures relevant to safeguarding BAR information;

    (10) Address the authority of the individuals signing the trusted partner agreement that state that:

    (a) The individuals signing the trusted partner agreement have the right and authority to execute the agreement on behalf of their respective entity; and

    (b) No further approvals are necessary to make the trusted partner agreement binding;

    (11) State that the trusted partner agreement is the entire agreement between the Department and the trusted partner;

    (12) State that the trusted partner agreement may not be amended, except as agreed to by the Department in writing;

    (13) State that no provision or clause in the trusted partner agreement may be waived unless approved in writing by the Department;

    (14) Identify the individual designated by the trusted partner and authorized by the Department to receive, maintain, and if provided by this chapter, release BAR information;

    (15) Attest that the BAR information custodian has the trusted partner's agency clearance to receive BAR information;

    (16) Address a trusted partner's security policy that states the:

    (a) Value of BAR information;

    (b) Protection responsibilities; and

    (c) Organizational commitment for a system to protect the integrity, confidentiality, and availability of BAR information; and

    (17) State that if a provision, section, subsection, sentence, clause, or phrase of the trusted partner agreement is held invalid, the remaining portions of the trusted partner agreement remain valid.