(1) The director shall adopt any rules necessary to implement this chapter, including:
(a) Definitions of claim and data files that data suppliers must submit to the database, including: Files for covered medical services, pharmacy claims, and dental claims; member eligibility and enrollment data; and provider data with necessary identifiers;
(b) Deadlines for submission of claim files;
(c) Penalties for failure to submit claim files as required;
(d) Procedures for ensuring that all data received from data suppliers are securely collected and stored in compliance with state and federal law;
(e) Procedures for ensuring compliance with state and federal privacy laws;
(f) Procedures for establishing appropriate fees;
(g) Procedures for data release;
(h) Penalties associated with the inappropriate disclosures or uses of direct patient identifiers, indirect patient identifiers, and proprietary financial information; and
(i) A minimum reporting threshold below which a data supplier is not required to submit data.
(2) The director may not adopt rules, policies, or procedures beyond the authority granted in this chapter.