(1) The lead organization must develop a standard confidentiality agreement, as required, before data may be released. The authority must approve the final form for confidentiality agreement, and all substantial changes to the form.
(2) The confidentiality agreement must be signed by all requestor employees and other third parties who may have access to the data.
(3) In addition to other penalties or regulatory actions that may be taken, including denial of future data requests, breach of a confidentiality agreement may result in immediate termination of the agreement. If an individual breaches the confidentiality agreement, the lead organization must review the circumstances and determine if the requestor's agreement should be terminated or only the agreement with the individual who caused the breach should be terminated. When an agreement is terminated for breach of the confidentiality agreement, the data requestor or individual whose agreement is terminated must immediately destroy all WA-APCD data in his or her possession and provide an attestation of the destruction to the lead organization within seven business days. Attestation of destruction should be in the form as prescribed by the lead organization. Failure to destroy data or provide attestation of the destruction may result in other penalties or regulatory actions.
[Statutory Authority: RCW
41.05.021,
41.05.160 and
43.371.020. WSR 20-08-059, § 182-70-260, filed 3/25/20, effective 4/25/20. WSR 19-24-090, recodified as § 182-70-260, filed 12/3/19, effective 1/1/20. Statutory Authority: Chapter
43.371 RCW. WSR 16-22-062, § 82-75-260, filed 11/1/16, effective 12/2/16.]