minnesota department of healthmnfoodsafetycoe.umn.edu/wp-content/uploads/2014/01/data...home...

Minnesota Department of

Health

Minnesota Department of Health - Data Practices Manual October 2005

If you have questions or doubts, ASK your supervisor.

If your supervisor can’t resolve the problem, ask Dave Orren at 651.282.6310. Dave is the MDH Data Practices Coordinator and the MDH Data Practices Compliance Official.

Table of Contents

Life Cycle of Government Data .........................................................................................1 Introduction .......................................................................................................................1

Section I: Data Practices ...............................................................................................3

A. General Data Practices Requirements ...................................................................3 *Government Data Chart ........................................................................................4 *Not Public Data Chart ...........................................................................................5 B. Collecting Data .......................................................................................................6 C. Storing Data to Facilitate Retrieval .........................................................................9 *Releasing Data Flowchart ...................................................................................10 D. Releasing Data .....................................................................................................11

1) Releasing Public Data ..................................................................................11 2) Releasing Private and Nonpublic Data .........................................................12 3) Releasing Confidential or Protected Nonpublic Data....................................15 4) Court Orders and Search Warrants ..............................................................15 5) Subpoenas ...................................................................................................15 6) Complaints and Investigations......................................................................15 7) Applications and Audit Reports ....................................................................16 8) Calendars .....................................................................................................16 9) Employee Home Telephone Numbers..........................................................17 10) Personnel Data.............................................................................................17 11) Attorney/Client Privileged Information ..........................................................17 12) Advisory Boards and Commissions ..............................................................18 13) Security Information......................................................................................18

E. Denying Access to Data .......................................................................................18 F. Correcting Data ....................................................................................................18 G. Fees for Providing Data........................................................................................19 H. Data Practices Disputes and Questions ...............................................................20 I. Sanctions..............................................................................................................20

Section II: Managing Data on Government Records .................................................21

A. Why Government Records are Important .............................................................21 B. Identifying Records...............................................................................................22 C. Preserving records ...............................................................................................24 D. Disposal of Records .............................................................................................27 E. Records Management Policy and Procedures......................................................29

Section III: Data Protection and Security ...................................................................30

A. Why Information is Classified ...............................................................................30 B. Lifecycle of Data ...................................................................................................30 C. MDH Security Policy.............................................................................................33

Appendices

Appendix A: Glossary

Appendix B: Persons with Data Practices Related Responsibilities

Appendix C: The Tennessen Warning Samples of MDH Tennessen Warnings

Appendix D: Note: Attach your Division’s Data Inventory

Minnesota Department of Health Employee Data Practices and Security Checklist

Life Cycle of Government Data/Government Records

The following table provides the statutory cites that apply to government data/government records over the course of the life cycle of the data/record.

Create and Creation of data Official Records Minnesota maintain Act Statutes, section

15.17 Use and disclose Life of the data Data Practices Act Minnesota

Statutes, chapter 13

Dispose End of data Records Minnesota Management Statutes, section Statute 138.17

INTRODUCTION The Life Cycle of Government Data involves data practices, government records, and records retention. Although government data and government records are very similar, they are not identical, and it is important to distinguish between the two issues.

DATA PRACTICES

Section I of this manual will discuss the Minnesota Government Data Practices Act, Minnesota Statutes, chapter 13, which requires public agencies to:

1) Safeguard the privacy rights of data subjects about whom state and local governments collect, store, and use data; and

2) Provide access to government data that may be legally disclosed.

All Minnesota Department of Health (MDH) programs and staff must comply with the Minnesota Government Data Practices Act. The Data Practices Act applies to all MDH programs that collect data. In addition, some MDH programs have specific statutory authority or requirements pertaining to data practices. How you use and maintain the data will vary depending on how the data are classified. Your supervisor is responsible for the security of data your program collects and maintains. When the statutes allow it, your supervisor may authorize data access to you, other MDH staff, and the staff of other agencies or private entities. As staff that may be responsible for program data, you must familiarize yourself with how data are classified and when and to whom data can be released.

This document will help to guide you in collecting, processing, storing, and releasing or not releasing data to those who may request access to data you maintain.


Page 1

GOVERNMENT RECORDS/RECORDS RETENTION

Section II of this manual will discuss government records and records retention, found in the Official Records Act, Minnesota Statutes, section 15.17, and in the Records Management Statute, Minnesota Statutes, section 138.17.

Minnesota Statutes, section 15.17, requires government entities to “make and preserve all records necessary to a full and accurate knowledge of their official activities,” and Minnesota Statutes, section 138.17, requires the establishment of an active, continuing program for economical and efficient management of government records.

DATA PROTECTION AND SECURITY

Section III of this manual will discuss how data are to be properly stored and, if necessary, kept secure. Data protection and security applies to electronic security as well as securing data kept in paper files. Data protection and security is necessary to adequately facilitate retrieval and protect data that are classified as “not public.”

***************************************************************************


Page 2

SECTION I: DATA PRACTICES

A. MDH General Data Practices Requirements

1) All data collected, created, received, maintained, or disseminated by MDH are public unless otherwise classified by statute.

2) Before collecting “not public” data on individuals, you must inform them of their rights using a Tennessen Warning.

3) You must only release “not public” data under the conditions described in this document. If you receive “not public” data that you did not request, or that are not required to be submitted to you, you must destroy the data or return the data to the person or entity that submitted them. Be sure to check with your supervisor about which option is appropriate in the particular situation.

4) If you violate the provisions of the Minnesota Government Data Practices Act, you may be subject to disciplinary action and/or civil penalties.

5) You must complete data practices training as directed by your supervisor. Your training will include specific information about the data maintained by your program. Other MDH staff or staff from the Department of Administration and the Office of the Attorney General may also provide training opportunities.

6) You must refer non-routine data practices questions to your supervisor. Do not guess – get a second or third opinion if you are in doubt of the status of the data in question.

7) Your section or program must maintain a list of the data you collect or maintain that is “not public.” The list must include references to statutes or federal regulations that define the data as private, confidential, nonpublic, or protected nonpublic. The document must also contain copies of the forms you use to collect these data. Your division’s data inventory fulfills this requirement.

otherwise. Data are public UNLESS the law explicitly states


Page 3

GOVERNMENT DATA All data kept in any recorded form, regardless of physical form,

storage media, or conditions of use Classification*

Definition Who has Access

ExamplesData on Individuals

Data not on Individuals

Public Public All government data unless specified by law

Anyone for any reason

**See “Releasing Public Data” for discussion of sensitive public data.

Public Data on Individuals: - Summary Data from targeted

home visiting program

Public Data Not on Individuals: - names and addresses of

WIC Vendors - names of grantees

Private Nonpublic Accessible to data subject and not to the public

Data subject or authorized representative; no public access; and only those MDH employees with a “need to know”

Private Data: - medical records of children

enrolled in the MCSHN treatment program

- Newborn screening data

Nonpublic Data: - proprietary financial data

on corporations that have submitted proposals for RFP

Confidential Protected Nonpublic

Not accessible to the public or to the data subject

Only those MDH employees with a “need to know”

Confidential Data: - active investigative data on

individuals

Protected Nonpublic Data: active investigative data on corporate WIC vendors

“Not Public” data is a broad category of data that includes confidential, private, nonpublic, and protected nonpublic data. Statutory Reference: Minnesota Statutes, section 13.02

*These are the state law classification terms. Federal laws may use the terms “private” or “confidential” differently. The key issue is who has access to the data. For example, WIC data from a participant is referred to in federal law as “confidential” but is classified as “private” in state law because the participant has access to the information. **Page 12 of the manual contains a discussion of both sensitive public data and data that has an unknown classification


Page 4

PUBLIC DATA

Public

Data NOT on Individuals

(Non-human Entities)

Data on Individuals (Humans)

Public

Accessible to anyone

“NOT PUBLIC” DATA

NonpublicPrivate

Accessible only to the subject of the data and authorized

representative

Confidential Protected Nonpublic

Accessible only to authorized government representative


Page 5

Data practices laws are frequently changed. Be aware of the current requirements.

B. Collecting Data Statutory Reference: Minnesota Statutes, section 13.05, subdivision 3.

You must limit the collection and storage of data on individuals and the use of these data to that necessary for the administration of MDH programs or as mandated by law. If you collect private or confidential data from an individual, the data can only be used for the purposes stated to the individual at the time of collection.

1) Collecting Data on an Individual from that IndividualStatutory Reference: Minnesota Statutes, section 13.04, subdivision 2

a. Tennessen Warning. You must give a privacy notice (otherwise known as a Tennessen Warning) to an individual before asking the individual to provide private or confidential data about himself or herself. This includes recording a complaint. Note that before recording any complaint, you must provide a Tennessen Warning to the complainant. All applications for credentials and survey forms and many other documents must contain a Tennessen Warning.

The content of a Tennessen Warning must include the following points:

• The purpose and intended use of the requested data; • Whether the individual may refuse or are legally required to supply the

requested data; • The consequences of supplying or refusing to supply the requested data;

and • The identity of other persons or agencies authorized by law to receive the

data.

You may give the Tennessen Warning either verbally or in writing. If possible it is best to give the warning in writing. The Tennessen Warning should be written at the seventh grade reading level. Where possible, have the individual sign the Tennessen Warning, make a copy for the individual to keep, and file the original.

If it is not possible to provide a written warning, please read from a written text to ensure that all essential items are covered. If you give the warning verbally, what is said should be documented, signed, dated, and filed. To avoid repeating the warning every time additional information is requested, the initial Tennessen Warning must include a reference to future data requests.

Minnesota Department of Health – Data Practices Manual October 2005

Page 6

Interpreters (includes American Sign Language [ASL] interpreters). If an interpreter is used when private data are gathered, you are responsible to make sure that the interpreter is able to understand what the Tennessen Warning is and has the ability to interpret its necessity in a meaningful way. The interpreter also must understand that it is necessary to respect the privacy of the data that are being collected by not revealing either the private data or what took place at the meeting.

b. Minor Children. Generally, the Tennessen Warning is given to the parent or legal guardian of a minor child. However, when you have doubt regarding the giving of the Tennessen Warning to a minor child, ask your supervisor or the MDH Data Practices Coordinator, Dave Orren.

Minors must be given an extra notice when we collect private or confidential data from the minor. The minor must be told that he or she can ask MDH to withhold the data from the minor’s parents and that we will do so if we determine it is in the best interest of the minor.

A minor must be given a Tennessen Warning if he or she is emancipated. An emancipated minor has the same legal rights and obligations as an 18-year-old adult. Minnesota Statutes do not provide either the grounds or a procedure for emancipation, although Minnesota case law has established that a minor can be emancipated by a legal marriage or by parental consent.

If you will be asking a minor to consent to treatment or services, you should give the minor a Tennessen Warning before obtaining private or confidential information from the minor about the minor or the minor’s child. For example, under Minnesota law, a minor who has borne a child can consent to health services for herself and her child. See Minnesota Statutes, section 144.342. If the minor is seeking services from MDH for her child, you should give the minor a Tennessen Warning before collecting information about her or her child.

Some statutes that address emancipated minors: Minnesota Statutes, sections 144.341, 144.342, 144.343, 144.344, 144.345, 144.346, and 144.347.

Additional Information. A guideline for preparing a Tennessen Warning is in Appendix C.


Page 7


2) Collecting Data on an Individual from Someone Other than the Individual

Data on an individual collected from other sources are subject to the Minnesota Government Data Practices Act. For example, MDH receives data on individuals’ primary care providers. These data are subject to Chapter 13 and are classified as private data under Minnesota Statutes, section 62J.321, subdivision 5. You do not need to give a Tennessen Warning when you collect data on an individual from someone other than the individual.

a. Another Government Entity. If you receive data from another government entity, you are required to maintain the classification of the data under that entity’s applicable statute, UNLESS MDH has a statute that specifically classifies the data in our hands. Before you accept data from another government entity, learn the classification of the data and, if applicable, ensure that your use for the data is covered under the Tennessen Warning that was provided.

b. Other Entities. If you receive data from other entities, please refer to your agreement with the entity (e.g., data use agreement, contract, interagency agreement) to determine the classification and appropriate use of the data.

3) Collecting Certification Program Data

All applications for certification and survey forms must contain a Tennessen Warning. Audit reports resulting from routine audits are public and always remain public, unless a judge orders otherwise.

A routine audit is not the same as an investigation. For example, the WIC program conducts investigatory audits of WIC vendors. If you determine that an investigation and/or enforcement action are necessary, the requirements discussed below apply.

4) Collecting Data Related to a Complaint or Investigation Statutory Reference: Minnesota Statutes, sections 13.04 and 13.39

All complaint or investigation forms used to collect data as part of a complaint or investigation must contain a Tennessen Warning. Investigative data are generally protected nonpublic or confidential data as long as the investigation is active. However, the complainant may access any statement that he or she made to you unless this is prohibited by state or federal law. Investigative data presented as evidence in court or made part of a court record are public unless classified differently by state or federal law. Regardless of whether any enforcement ensues, when investigative data become inactive the file becomes public unless classified differently elsewhere in state or federal


Page 8

law, or release of the information would jeopardize other pending civil actions. The one exception is that the identity of the complainant may remain confidential under certain circumstances per Minnesota Statutes, section 13.44. Inactive investigative data that remain “not public” include, for example, inactive investigative data about WIC vendors because those data are classified as “not public” under federal law.

C. Storing Data to Facilitate Retrieval Statutory Reference: Minnesota Statutes, section 13.03, subdivisions 1 and 3.

Remember that all the data we store could be requested. You must store data in a manner that will facilitate retrieval. To determine the appropriate media, consider the characteristics of your data and the size and frequency of the requests you expect to receive. Paper, microfilm, microfiche, or electronic media may be appropriate. It depends on the data.

In order to facilitate easily accessible data, the following should be considered:

• All data should be stored in a way that will keep “not public” data separate from public data. This could save time and expense if data are requested because you cannot charge for separating “not public” from public data.

• In order to keep public and “not public” data separate, data collection forms should be created in a manner that facilitates this separation.

• Grouping public data and “not public” data in separate parts of forms will also help to facilitate efficient retrieval if redaction is ever necessary to release the data.

• Data that are stored electronically should be maintained in a way that public data can be easily disclosed and “not public” data are protected.


Page 9

RELEASING DATA

Are the data public? YES

NO

Release the data. Determine if

Are the data confidential or

protected nonpublic? YES

NO

Is the requestor the data subject or an authorized

representative? YES

NO


Does the requestor YES

NO


Explain to the requestor the

Explain to the requestor the

any fees should be charged.


have authority under law or a court order?


DON’T RELEASE THE DATA!

reason for denying the request.

DON’T RELEASE THE DATA!

reason for denying the request.


Page 10

D. Releasing Data Statutory Reference: Minnesota Statutes, section 13.03, subdivision 2

You must respond to requests for data in an “appropriate and prompt manner.” As required by law, MDH has written access procedures for public access to MDH data. These procedures are in a document titled Minnesota Department Of Health (MDH) Data Practices Policy 607.01: Information for the Public About Public Access to MDH Data and Rights of Data Subjects. A copy of this document can be found on the Intranet at: http://mdh-fyi.health.state.mn.us/policies/policy.cfm?policy=607.01&RequestTimeOut=500 or through the MDH Intranet home page. Click “Policies and procedures” under “Work Resources.” Search by subject (Legal and Legislative); by name (Click on “I” and then on “Information for the Public About Public Access to MDH Data”); or by number (600 Legal and Legislative).

The MDH policy for requesting access to data can also be found on the Intranet at: http://mdh-fyi.health.state.mn.us/policies/policy.cfm?policy=103.01&RequestTimeOut=500 or through the Intranet home page by clicking on “Policies and Procedures” under “Work Resources.” Search by subject (Administration) and the policy is under Public Requests for Access to MDH Data.

Use applicable data classifications and statutes to determine if and how data can be released.

Seek advice from your supervisor when in doubt about data classification or security.

Adhere to the ‘need to know’ concept in order to maintain the highest level of program integrity. That is, “not public” data are accessible to persons within MDH only on a ‘need to know’ basis. We must maintain the trust of those who provide information to us in order for our programs to be effective.

1) Releasing Public DataStatutory Reference: Minnesota Statutes, section 13.03, subdivisions 2 and 3, and section13.05, subdivision 12.

Public data can be released to anyone for any reason. You must release public data if requested as soon as reasonably possible. You cannot require an ID or justification for a request for public data. You may ask questions for clarification but you cannot require an answer before you provide the data. A requester must be allowed to view the data without charge. You may charge for copies of the data.


Page 11

If the requestor wants public data in a different format from the format the data is stored in or wants large quantities of data, a fee may be charged. Employees must explain costs and inform the requestor that payment will be required. It is best to let the requester know the estimated charges and time frame before you respond to the request. If the amount of the fee is large enough, you may ask for the payment in advance.

You must provide all public data on request regardless of the source of the data. You may suggest to the requester that he or she contact the primary source of the data but you must provide the data you have if that is what they prefer.

a. Sensitive Public Data or Data with an Unknown Classification. If a request is made for data that are either sensitive or have an unknown classification, and you feel that the data should not be released, do not release the data. Instead, contact your supervisor. The Data Practices Coordinator will then determine whether the Commissioner of the Department of Administration should be contacted in order to place a temporary classification on the public data that are of such a sensitive nature that it is necessary to classify that data as “not public” data.

b. Summary Data. Summary data are statistical records and reports derived from data on individuals in which the individuals are not identified. Neither the identities nor any other characteristic that could uniquely identify an individual is ascertainable. The release of summary data derived from private or confidential data on individuals is permitted. Unless otherwise classified, summary data are public. Summary data shall be prepared upon a written request, with the cost of preparation borne by the requester.

2) Releasing Private and Nonpublic DataStatutory Reference: Minnesota Statutes, section 13.04, subdivision 3, and section 13.05, subdivision 4.

Individuals or entities about which MDH has data may request access to those data. Access must be granted immediately, if possible, or within 10 working days. As a general rule, unless the data have been classified as confidential or protected nonpublic, the data are available to the data subject or an authorized representative upon request. a. Written, Faxed, or Email Requests. You may release private or nonpublic data

to the data subject if a written, faxed or emailed request includes:

• The requestor’s name and address, • A form of identification or similar identifier that only the data subject should

know, • A written informed consent from the data subject if the writer is an

authorized representative, and • A description of the data requested.

Receiving or sending “not public” data via email is not allowed . Email is not a secure means of transmitting data. If you must transmit “not public” data via


Page 12

email, you should encrypt, deidentify, or mask the data. You can also save the data as a document with a password and then send the document as an attachment, although this only provides weak protection. For encryption instructions, contact your computer support staff.

You must ensure the return fax number is that of the data subject or authorized representative. If you cannot verify this, you must mail the data to the data subject at a verified address or ask the requestor to appear in person.

b. Telephone Requests. If you receive requests for private or nonpublic data via telephone, you must not provide the data over the phone unless you are certain the person is the data subject or an authorized representative. Data must never be left on an answering machine or voice mail system. If you are uncertain, mail the data to the data subject or ask the requestor to appear in person.

c. Drop-In Requests. Upon request, an individual who is the subject of private or public data on individuals must be shown this data without charge. If they desire, we also must inform them of the content and meaning of that data. We are required to comply immediately, if possible, with these types of requests. If we are unable to make the data available to them immediately-for example, the data may be stored off-site and need to be retrieved-or we are working on something else that has to be done now-we have ten working days from the date of the request to make the data available. See Minnesota Statutes, section 13.04, subdivision 3.

Drop-in requests are discouraged. Scheduling an appointment to examine data is preferred. To protect the privacy rights of data subjects, you must allow yourself time to examine the data to ensure it does not contain information the requestor is not authorized to see. The data might be stored off-site and need to be retrieved.

To verify the identity of a requestor, ask to see picture identification (driver’s license, state ID, etc.) before releasing private or nonpublic data to an unknown requestor. If that is not available, ask questions of the requestor to ensure identity. An authorized representative must have a signed statement from the data subject authorizing access. You or another MDH staff member must be present while requestors examine any data to prevent loss or tampering. You cannot charge any type of access or inspection fee. Refer to page 19 for charging for copies.


Page 13

d. Informed consent. If you receive a request for private or nonpublic data from someone other than the data subject, the data subject must give informed consent to release the data to another person or agency. If MDH wants to use the data for uses other than the uses covered in the Tennessen Warning that was given to an individual, informed consent must also be given. The informed consent must:

• Be in writing; • Identify the consequences of giving informed consent; and • Contain the individual’s signature at the end of the document.

More information about informed consent:

• The Minnesota Department of Health Data Practices Policy 608.01: Information for MDH Managers about Public Access to MDH Data and Rights of Data Subjects has an example of a Consent for Release of Information form in Section 4: Duties Relating to Rights of Subjects on pages 37-40.

• A copy of this document can be found on the Intranet at: http://mdh-fyi.health.state.mn.us/policies/policy.cfm?policy=608.01&RequestTimeOut =500

e. Sharing data between MDH programs.

The same considerations for releasing data to persons outside MDH apply when you consider sharing data with other people within MDH. Data that are “not public” can only be shared with another MDH program if this is consistent with the statutory authority and purpose for collecting the data or there is a specific state or federal law permitting this.

f. Sharing data with local and other state public health agencies Statutory Reference: Minnesota Statutes, section 145A.04, subdivision 6

Here again, the same considerations for releasing data to persons outside MDH apply when you are considering releasing data to other state or local public health agencies. Data that are “not public” can only be released to another agency if there is a specific state or federal law permitting the release. There is a state law permitting data to be shared between state and local public health agencies for the purpose of preventing and controling epidemic diseases. The Commissioner also may require boards of health to act together to prevent or control epidemic diseases.

g. NOTE: Requests for medical records information may be directed to the MDH Information Clearinghouse, 651-282-6314, 400 Metro Square, St. Paul, MN 55164.


Page 14

3) Releasing Confidential or Protected Nonpublic Data

Data that are classified as confidential or protected nonpublic are not to be released unless the requestor has authority under the law or a court order. Contact your supervisor immediately if you receive a request for either of these types of data.

4) Court Orders and Search Warrants “Not public” data may be released pursuant to a court order or search warrant. Court orders and search warrants are signed by a judge of either a state or federal court and specify the data to be released. If presented with a court order or search warrant, contact your supervisor immediately. Your supervisor will then contact your manager, the assistant division director and the division director to discuss the release of the data. There may be a basis on which MDH opposes release of the data. If that is the case, your assistant attorney general may provide counsel.

5) SubpoenasRules and Statutory Reference: Minnesota Rules, part 1205.0100, subpart 5, and Minnesota Statutes, section 13.03, subdivision 6.

A subpoena in and of itself is not a court order allowing for the release of “not public” data. If you are served with a subpoena requesting the release of “not public” data, contact your supervisor immediately. The data should not be released and your supervisor should contact the MDH legal unit or your assistant attorney general for assistance.


6) Complaints and Investigations Statutory Reference: Minnesota Statutes, sections 13.39, 13.41, and 14.60.

Investigative data resulting from a complaint are protected nonpublic or confidential data as long as the investigation is active. However, the complainant may access any statement that he or she made to you. Regardless of whether any enforcement ensues, when the investigation becomes inactive the file becomes public unless classified differently elsewhere in state or federal law, or release of the information would jeopardize other pending civil actions. One exception is that the identity of the complainant remains confidential under certain circumstances per Minnesota Statutes, section 13.44. An example of investigative data that remain “not public” after the investigation becomes inactive are investigative data about WIC vendors (grocery stores or pharmacies). Under federal law, all information about a WIC vendor is classified as confidential except the vendor’s name, address, and authorization status. Investigative data about a WIC vendor do not become public after the investigation becomes inactive. See 7 C.F.R. § 246.26(e) (2003).

7) Applications and Audit ReportsAll applications for credentials and survey forms as well as audit reports for routine audits are public and always remain public, unless a judge orders otherwise or a


Page 15

specific statute declares otherwise. (Note that applications for WIC vendor authorization are NOT applications for credentials and are “NOT public.”)

A routine audit is not the same as an investigation. For example, the WIC Program conducts investigatory audits of vendors; information on these audits is “not public.” If you determine that an investigation and/or enforcement action are necessary, the requirements discussed below apply.

8) Calendars Statutory Reference: Minnesota Statutes, section 13.43.

The data in appointment calendars, either paper or electronic, are classified as private personnel data. Your calendar may be released upon your consent to people outside of MDH.1 Access to calendars of other MDH employees is for business purposes only. If there are slightly private or sensitive items on your electronic calendar that you wish to keep unknown, you may lock those items to deny access. If there is something that you do not want anyone to see, do not put it on your calendar. (NOTE: there are certain people that are able to see items on your calendar even if the item or your calendar is locked.) You should be aware of the following information regarding calendars in giving consent to other MDH employees in accessing your calendar:

• MDH calendars are used for keeping track of employee schedules, scheduling meetings, and other business uses. Supervisors also use calendars to monitor employee activities. It is common practice to put personal appointments or reminders on the calendar in order to have your entire schedule in one place.

• Access to the unlocked portion of calendars is available to all MDH employees for purposes of scheduling meetings or contacting another MDH employee.

1 However, if your calendar contains information that you do not have authority to release, then your consent would not be sufficient. For example, if your calendar said you were meeting with “Mary Smith, WIC participant,” you could not consent to release that information.


Page 16

9) Employee Home Telephone Numbers Statutory reference: Minnesota Statutes, section 13.43.

Employee home telephone numbers are private personnel data. For some employees, it may be necessary for a supervisor to be able to contact them outside of regular hours. If this is necessary, a home phone number may be requested. An employee may refuse to release this information, but some other means of reaching the employee outside of regular hours must be established. The only people who will have access to this home phone number will be the MDH employees who have a need to know the phone number.

10) Personnel Data Statutory Reference: Minnesota Statutes, section 13.43.

Refer all requests for personnel data to Human Resource Management (HRM). Release personnel data only as directed by HRM.

Minnesota Statutes, section 13.43, deals with “personnel” data. This section, contrary to the general philosophy of the Data Practices Act that all data are public unless otherwise protected, indicates that ALL personnel data are PRIVATE unless specifically classified as public data. A list of data on employees that are public is incorporated in the act and includes items such as salary, the value of benefits, dates of employment, employee job title, etc. ANYTHING not included in the list of public data is private and may not be released without proper authority.

11) Attorney/Client Privileged InformationStatutory Reference: Minnesota Statutes, section 595.02.

Certain communications between the division and its attorneys at the Attorney General’s Office are subject to the attorney/client privilege and are “not public” data under the Minnesota Government Data Practices Act. Data that may be covered by the attorney/client privilege, such as letters, memos, electronic messages, reports and other documents that may contain either a request for legal advice or legal advice, must not be maintained in public files. If you have a question about whether data are attorney/client data, contact your supervisor. If there is a question about the release of attorney/client data, your supervisor should seek advice either from the MDH legal unit or from the Assistant Attorney General who is handling the matter for the division. Only the MDH Commissioner has authority to waive the attorney/client privilege. Once data has been released, it cannot be claimed as attorney/client privileged information.


Page 17

12) Advisory Boards and CommissionsStatutory Reference: Minnesota Statutes, section 13.43, subdivision 3.

Names and home addresses of applicants for appointment to and members of advisory boards or commissions are public. This includes task force appointments.

13) Security Information Statutory Reference: Minnesota Statutes, section 13.37, subdivisions 1 and 2

The disclosure of government data that would likely substantially jeopardize the security of information, possessions, individuals, or property against theft, tampering, improper use, attempted escape, illegal disclosure, trespass, or physical injury is defined as “security information” and is classified as “not public” data.

Maintain written records of all requests for data.

E. Denying Access to DataStatutory Reference: Minnesota Statutes, section 13.03, subdivision 3, and section 13.081, subdivision 1.

If the requested data are classified in such a way that the requestor must be denied access, you must inform the requestor in writing that the data cannot be released and the statutory provision that prohibits the release of the data. You may do this either at the time of the request or in writing as soon after as possible. Your supervisor or section manager can assist you in preparing this response. A requestor who disagrees with the determination may appeal the decision by writing to the Commissioner, Department of Administration, 201 Administration Building, 50 Sherburne Avenue, St. Paul, MN 55155.

If the requested data have been destroyed according to a retention schedule, give the requester a copy of the retention schedule and, if needed, evidence that the data has been destroyed.

F. Correcting Data Statutory Reference: Minnesota Statutes, section 13.04, subdivision 4.

When a data subject believes his or her file contains inaccurate or incomplete data, the data subject must notify MDH in writing describing the nature of the disagreement. We must respond within 30 days. After consulting with your supervisor, you will either correct the data found to be inaccurate and attempt to notify past recipients of incorrect data, or notify the data subject that MDH believes the data to be correct. The data subject may appeal the decision by writing to the Commissioner, Department of Administration, 201 Administration Building, 50 Sherburne Avenue, St Paul, MN 55155.


Page 18

denied.

When dealing with people from outside MDH on data practices matters, always clearly explain the reasons why the data are being collected or released or why the request for release is being

G. Fees for Providing DataStatutory Reference: Minnesota Statutes, section 13.03, subdivision 3. Charges for data may also be set in statute or rule.

Fees cannot be charged to inspect data. However, when someone wants copies of data, fees must be charged for retrieving and making copies of the data. Look for MDH Policy 117 on the MDH Intranet at:

http://mdh-fyi.health.state.mn.us/policies/number.cfm

Fees are not intended to earn income for MDH, but to offset our incurred costs. MDH has made a decision, however, to waive charges if the cost to provide the copies is less than $10 (the average cost to process a payment).

For 100 or fewer black and white letter or legal size copies, the fee is 25 cents per copy, with no additional charges for search and retrieval or employee time. For more than 100 copies, the following actual costs can be included in the fee:

• Employee time or other costs searching for and retrieving the data, whether the data is kept in hard copy or electronically

• Employee time or other costs for enhancing the data at the request of the person seeking access

• Employee time for electronically transmitting the data • Employee time for making and putting copies together along with photocopying charges

(November 2004: 5 ¢ per image) • Postage

Costs cannot be charged for separating public data from “not public” data.

H. Data Practices Disputes and Questions

If you have a data practices dispute or a data practices question, contact the MDH Data Practice Coordinator, Dave Orren, at 651/282-6310.

Assistance with data practices issues is also available from the Information Policy Analysis Division (IPAD). Opinions issued by the Commissioner of Administration are available on the IPAD web site at www.ipad.state.mn.us. Copies of individual opinions, an opinion summary, and an index to Commissioner’s Opinions are available from IPAD upon request at:


Page 19

Commissioner of Administration c/o Information Policy Analysis Division 201 Administration Building 50 Sherburne Avenue St. Paul, MN 55155 Voice: 651/296-6733 or 1-800-657-3721 Fax: 651/205-4219

I. Sanctions Statutory Reference: Minnesota Statutes, sections 13.08, 13.09, and 13.99.

There are consequences if staff do not comply with the Minnesota Government Data Practices Act including:

• For a willful violation of the Act, an MDH employee could be charged with a misdemeanor.

• A willful violation of the Act could subject an MDH employee to discipline ranging from reprimand up to loss of job.

• Remedies and penalties provided in chapter 13 also apply to other statutes outside chapter 13 providing access to government data.


Page 20

SECTION II: MANAGING DATA ON GOVERNMENT RECORDS

A. Why Government Records are Important

“All (government entities) shall make and preserve all records necessary to a full and accurate knowledge of their official activities.” Minnesota Statutes, section 15.17.

1) Accountability

Records prove that the Minnesota Department of Health is doing what we are “in business” to do. Statutes give us the authority to collect data and create records; records document that we are protecting, maintaining and improving the health of all Minnesotans.

Like government data, government records are assumed to be accessible to the public. Unless the record contains “not public” data, you must make the records available for inspection to anyone who asks. This means that you have to know:

• Which documents and files are records • Where they are located • How long to keep them • Which records contain “not public” data

2) Responsibility to Keep Records

The majority of government records are now created on a computer or received as a digital file. Many “forms” are completed on-line. Using their personal computers, all MDH employees have the ability to author a document that can become an official record. We store large quantities of data (that may be official records) in databases or on spreadsheets.

Electronic data storage means that every employee is now a records custodian and manager. You still have to be able to find the records, no matter where they are located, to prove you are doing your job.

Your record-keeping responsibilities are as important as your other assigned duties.

3) Succession planning


Page 21

“Every legal custodian of government records … shall deliver to a successor … all government records in custody.” – M.S. 15.17, subd. 3.

In order to fulfill the mission of MDH, someone will have to do your job when you leave. In addition to the requisite knowledge, skills, and training, the new employee will also have to have access to the data. The new employee will also need access to the records documenting how the job is done.

Employees are paid to develop the work product (the records) and they are the custodians for those records. However, the MDH owns the records and they must continue to be accessible even when you retire.

4) Retrieving data The most important reason to keep government records is so that you can find the information you need to make the decisions that are a part of your job.

Well-organized official records are an excellent way to protect and preserve the data that MDH uses to make decisions. The data is easily located because the records are labeled and filed (indexed and stored) using a system that is understood by everyone who has a need to access the data.

B. Identifying Records

“…government records include written or printed (material)…, computer-based data, and other records made or received pursuant to law or in connection with the transaction of public business.” Minnesota Statutes, section 15.17, subdivision 2.

1) Definitions of official government records The above quote is from the Official Records Act. It points out that government records are data or information that are part of an official transaction (doing public health business).

This is how the term “government records” is defined in the Records Management Act: “…state…records, including all cards, correspondence, discs, maps, memoranda, microfilms, papers, photographs, recordings, reports, tapes, writings, optical disks, and other data, information, or documentary material, regardless of physical form or characteristics, storage media or conditions of use, made or received by an …agency of the state…pursuant to state law or in connection with the transaction of public business by an …agency.” (M.S. 138.17, subd. 1 (b) (1))


Page 22

From the Uniform Electronic Transactions Act (M.S. 325L.02, (m)): “’Record’ means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.”

IN SUMMARY, the characteristics of a government record are:

• Useful information (content has value to the Department) • Recorded (tangible medium) • Evidence of how we do business (transaction)

2) Content is fundamental

As shown by the definitions in the previous section, it is not the physical medium used to store records that make it a record.

The primary characteristic that makes something a record is the content, which is the data of the document or file. The data must be useful for conducting MDH’s business. This usefulness is called operational or administrative value.

Records can also have fiscal value, legal value, and historical value. The Records Disposition Panel can assist you with determining these values.

3) Convenience copies Extra copies of documents that are kept solely for convenience or reference are not considered government records, although they are government data. If you choose to keep convenience/reference copies, please note the following:

• If MDH receives a request for information related to the topic of your convenience/reference copy, your copy may be provided as part of that request.

• Convenience/reference copies should not include “not public” data. There are times, however, when convenience copies will include “not public” data, such as convenience copies of WIC vendor appeal documents. Keep close track of convenience copies of “not public” data so that all can be destroyed when it comes time to destroy the records. This helps to ensure the protection of the privacy of the data.

• You may delete your convenience/reference copy at any time. If your convenience/reference copy includes any “not public” data, then you must shred it if it’s a paper copy. If it’s an electronic copy, you must destroy it using methods that will not allow the “not public” data to be recovered.

• If you save your convenience/reference copy on your desktop computer’s hard drive, it will not be backed up.

4) Evaluating documents/files as records


Page 23

IN SUMMARY, a piece of data or information IS a government record if all of the following statements are true:

The contents are part of an official transaction; and The contents are not included in another record; and You are the creator, primary recipient, or staff assigned to protect/preserve it.

IN SUMMARY, a piece of data or information IS NOT a government record if any of the following statements is true:

The contents are not part of an official transaction; The contents are included in another record; or You are not the creator, recipient, or assigned staff person.

There will be times when it will be difficult to decide whether or not a particular document or computer file is a record. If the answer is “yes” to any of the following questions it should be analyzed further to determine if it is an official government record:

• Does it describe how you do your job? • Was it used to make a decision that changed how you do your job? • Is it evidence that you did your job? • Are you expected to be able to retrieve the data on it?

C. Preserving Records

“It shall be the duty of the head of each state agency…to establish and maintain an active, continuing program for the economical and efficient management of the records of each agency…” Minnesota Statutes, section 138.17, subdivision 7.


Page 24

1) Storage media choice

The following chart describes the advantages and disadvantages of the three types of media on which records are stored:

PAPER MICROFORM ELECTRONIC (Roll film, microfiche, (Digital, optical, jacket, aperture card) magnetic)

+ Familiar + Archival medium + Quick retrieval + Many tools available + Compact + Easily distributed + No equipment required + Tampering is obvious +/- Easily modified

- Takes up lots of space - Requires conversion - Expensive - Labor intensive - Cumbersome retrieval - Requires equipment - Slow retrieval - Difficult to verify - Requires training to use

When choosing the medium for the record, consider how the record is created, used, and distributed as well as the length of time you must have access to the data on it.

2) Life cycle

Choosing the appropriate storage medium for records early in their life cycle means you will spend less money and time to manage those records for the duration of their retention period.

The following chart shows the typical stages of a record’s life:

Create Use Distribute

Preserve Store

Dispose Receive

Retrieve

Listed below are the important records management considerations in each of the stages:

CREATE – Design of the form, survey, database or spreadsheet affects how easily data can be entered onto the record and retrieved from the record. Do not commingle public and “not public” data.

USE – Electronic records facilitate distribution of the data to multiple locations quickly. It is also quicker to retrieve a record stored electronically. However, there is an increased risk of unintended loss or modification of an electronic record.


Page 25

PRESERVE – Just like paper records, electronic records do not file or archive themselves. Human intervention is required to index/categorize/classify them properly so that the record/data can be located and retrieved.

DISPOSE – The regular, consistent disposal of records when their retention requirements have been met is good business practice. There is no advantage to the Department to keep records longer than they have business value. Keeping a record just because somebody might want to look at it someday cannot be justified.

3) Electronic Records

Official government records stored on electronic media are subject to indexing, migration and conversion issues when they have a long retention period.

INDEXING is assigning identifiers to electronic records and then using a systematic guide to organize them to allow access to specific records in a larger body of records (series).

MIGRATION is moving from one electronic system to another as hardware or software is upgraded. There is some risk of data corruption or loss during the process.

CONVERSION is the process of changing records from one filing system to another or from one storage medium to another. Conversion increases the risk of losing data or having the entire system corrupted.

4) Records inventory A records inventory is the systematic examination and listing of all records created, collected, and maintained by the Department. It does not-indeed, it cannot-involve the scrutiny of every scrap of paper and every computer file. The emphasis is on identifying the groups or “families” of records; these groups are called “records series.”

Having an up to date inventory of the official records in the Department means that we are in compliance with the requirements of Minnesota Rules 1205.1500: “Duties of Responsible Authority in Administering All Entity Data. ” Subpart 3 of this rule states:

“…the responsible authority shall at least provide for the preparation of a list of or index to all data or types of data currently collected, stored, used, or disseminated by the entity.”

5) Backups

To preserve the official government records that are critical to the Department’s mission (vital records) we make duplicate copies (back ups). These backup copies are stored off-site; far enough away from the primary site so that whatever caused the original to be lost does not happen to the duplicate copy.


Page 26

Backup tapes are used to reload the computer system (recovery) after experiencing a disaster. Backup tapes are not a record keeping system (archives) for long-term preservation of official records.

D. Disposal of Records

“Government records shall not be destroyed except by the authority of the records disposition panel.”

“A person who intentionally and unlawfully (“trashes”) a (government) record…is guilty of a misdemeanor.” Minnesota Statutes, section 138.225.

1) Permission to dispose of records The Records Disposition Panel grants authorization to dispose of records when it approves the “Minnesota Records Retention Schedule.”

When the Panel determines that destruction is appropriate for the disposal of a government record the following methods are used:

• Records on paper containing only public data may be recycled • Records on paper with any “not public” data must be shredded • Records on electronic media containing only public data may be deleted or

erased by reformatting the media • Electronic records containing any “not public” data must be destroyed using

methods that will not allow the records to be recovered Statutory Reference: Minnesota Statutes, section 138.17, subdivision 7.

2) “Minnesota Records Retention Schedule”

A retention schedule is not only authorization to dispose of records that have satisfied their retention requirements it is also a catalog of every official government record kept by the Department. It specifies the exact time period for which each should be maintained and tells what should be done when that period has expired.

Disposal is one of the following actions:

• Physical destruction • Transfer to the Minnesota Historical Society • Permanent retention in the Department

3) State Archives When the disposal method is “Transfer to State Archives” the records are physically transferred to the Minnesota Historical Society (MHS). MHS decides whether or not to keep the records for their permanent, historical collection.


Page 27

When transferred, ownership of the records is also transferred to MHS and the records are classified as public unless MHS determines, according to law, that the information should remain “not public.”

The following are examples of data that would remain “not public”:

• Certain law enforcement data • Security information • Proprietary information • Trade secret information • Data that when disclosed would constitute a clearly unwarranted invasion of

personal privacy Statutory Reference: Minnesota Statutes, section 138.17, subdivision 1c.

4) Documenting disposal

By applying the approved Records Retention Schedule, disposing of the records, and then documenting that disposal, you have proof of proper disposal if records are subpoenaed as evidence. Maintaining a (permanent) record of records that you have destroyed is good records management practice. Statutory Reference: Minnesota Statutes, section 138.17, subdivision 7.

5) Drafts

Drafts, or the rough or preliminary form of a document that may become an official record, are usually not listed on a Records Retention Schedule. It is the final copy that becomes the official record and is described on the retention schedule.

Although a draft is usually a convenience copy, it can be obtained during discovery and used as evidence in litigation. That means that drafts should be managed like a scheduled record. Drafts with “not public” data should be accessible to only those who have a business need to see them, copies are limited and controlled, and disposed of as soon as the final copy is declared the official record.

E. Records Management Policy and Procedures

The Department of Health’s policy on the management of government records is Policy Number 112. The policy statement is reproduced below:

official activities.”

“The Department of Health creates, uses, maintains, stores, preserves and disposes of its paper, electronic (digital/optical) and microfilmed records, as required by Minnesota law, to maintain full knowledge of the department’s

1) Roles and responsibilities


Page 28

The roles and responsibilities of division management, division Records Coordinators, computer system administrators, the Records Management Officer, and records “owners” (employees) are listed in the Records Management policy.

2) Records management procedures

The following procedures are described in detail in the MDH Records Management policy document:

• Conducting a records inventory • Establishing a new records retention schedule • Revising an existing records retention schedule • Storing backups of active records off-site • Storing inactive records for long-term retention • Transferring records to State Archives • Transferring records for (special) processing • Retrieving records from storage • Disposing of records

3) Compliance

Following MDH’s records management policy and procedures means that you are in compliance with the requirements for managing your government records as set forth in statute.


Page 29

SECTION III: DATA PROTECTION AND SECURITY

A. Why Information is Classified

Public Data. All government data collected, created, received, maintained or disseminated by a state agency, political subdivision, or statewide system shall be public unless classified by statue, or temporary classification pursuant to section 13.06 or federal law, as nonpublic or protected nonpublic, or with respect to data on individuals, as private or confidential Minnesota Statutes, Section 13.03, subdivision. 1

Use current reliable documentation or applicable statutes to determine data classification and retention schedules and store data accordingly. If in doubt about a data classification, a retention schedule, or required security, seek advice from your supervisor.

**Remember that you will not be able to charge for the separation of “not public” data from public data when the data are requested.

B. Lifecycle of Data

1) Data Creation Design considerations

• Design database tables with classification in mind • Identify who will be accessing the data • Follow state or federal regulations

2) Data Use Accessing data on the network

• Workstation security • “Least-privileged” access to network information • Mobile devices

Security information” means government data the disclosure of which would likely to substantially jeopardize the security of information, possessions, individuals or property against theft, tampering, improper use attempted escape, illegal disclosure, trespass, or physical injury. Minnesota Statutes, Section 13.37

3) Data Storage and Protection


Page 30

a. Data Stored on Paper

• If possible, keep files that contain “not public” data behind two locks, such as the locked entrance or secured door and a locked file cabinet. This includes systems documentation and data dictionaries defining “not public” data. If two locks are not possible, files with “not public” data should at a minimum be kept behind one lock.

• Put away “not public” data when you leave your desk. Close “not public” files when being visited. “Not public” data and files include information that describes “not public” data such as documentation or data dictionaries.

• Pick up print outs and faxes that contain “not public” data immediately. • Print or copy “not public” data only when necessary and shred copies

when they are no longer needed. Please check with your administrative support staff regarding shredding procedures.

b. Data Stored Electronically

• Limit your access to data that you need to do your daily work. Cooperate with the Data Steward in defining the appropriate level of access.

• Two-level passwords should be used for storing data. • Limit the number of copies of a data set or partial data set. Ensure that all

changes to data sets are documented and made on the appropriate version.

• Document data so the potential uses and limitations of the data are clear. • Use passwords (login, screensaver, and GroupWise) that meet or exceed

the standards set by MDH. • Store files in the appropriate location on network drives so that access to

the data will be controlled and the data will be backed up and secure. Do not store “not public” data on your C: drive.

• Use file transfer methods that meet or exceed the standards set by MDH. • If you take a laptop out of the office, know what files are stored on the

laptop and the level of security you must maintain. • If you use a personal digital assistant (PDA), comply with PDA policies set

by MDH.


Page 31

4) Data Disposal

• Type I or Type II media • Disk wiping and degaussing • State surplus http://www.admin.state.mn.us/surplus_computers.html

Media Clear Sanitize Magnetic Tape

Type I a, b a, b, or m Type II a, b b or m

Optical Disk Read Many, Write Many c m Read Only m, n

Memory Dynamic Random Access Memory (DRAM) c or g c, g, or m Electronically Alterable PROM (EAPROM) i j or m Electronically Erasable PROM (EEPROM) i h or m Erasable Programmable (ROM (EPROM) k l then c, or m Flash EPROM (FEPROM) i c then i, or m Programmable ROM (PROM) c m Magnetic Bubble Memory c a, b, c, or m Magnetic Core Memory c a, b, e, or m Magnetic Plated Wire c c and f, or m Magnetic Resistive Memory c m Nonvolatile RAM (NOVRAM) c or g c, g, or m Read Only Memory ROM m

Static Random Access Memory (SRAM) c or g c and f, g, or m

Equipment Cathode Ray Tube (CRT) g q

Printers Impact g p then g Laser g o then g


Page 32

5) Clearing and Sanitization Methods:

a. Degauss with a Type I degausser. b. Degauss with a Type II degausser. c. Overwrite all addressable locations with a single character. d. Overwrite all addressable locations with a character, its complement, then a random

character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.

e. Overwrite all addressable locations with a character, its complement, then a random character.

f. Each overwrite must reside in memory for a period longer than the classified data resided.

g. Remove all power to include battery power. h. Overwrite all locations with a random pattern, all locations with binary zeros, all

locations with binary ones. i. Perform a full chip erase as per manufacturer's data sheets. j. Perform i above, then c above, a total of three times. k. Perform an ultraviolet erase according to manufacturer's recommendation. l. Perform k above, but increase time by a factor of three. m. Destroy - Disintegrate, incinerate, pulverize, shred, or melt. n. Destruction required only if classified information is contained. o. Run five pages of unclassified text (font test acceptable). p. Ribbons must be destroyed. Platens must be cleaned. q. Inspect and/or test screen surface for evidence of burned-in information. If present,

the cathode ray tube must be destroyed.

C. MDH Security Policy

For additional information about information security, refer to the MDH Information Resource Management Security Policy located at:

http://mdh-fyi.health.state.mn.us/comm/irm/sc/infosec/se020621securitypolicy.pdf


Page 33

Appendix AGlossary

Authorized Representative. Any individual authorized in writing by a data subject to receive government data about the data subject.

Confidential Data. Data on an individual that are (a) not public and (b) not available to the individual. Statutory Reference: Minnesota Statutes, section 13.02, subdivision 3.

Data Steward. A MDH staff person who is a contact for a specified data set. The Data Steward controls access to the data set and ensures the integrity and security of the data.

Data Subject. Individual or entity about which data are collected or maintained. One record may have multiple data subjects.

Government Data. All data, information, or records collected, created, received, maintained, or distributed by public agencies regardless of its physical form, storage media, or conditions of use. Government data includes data received from secondary sources including data downloaded from the Internet. Statutory Reference: Minnesota Statutes, section 13.02, subdivision 7.

Government Records. All state and local information or documentary material, regardless of physical form or characteristics, storage media or conditions of use, made or received pursuant to state law or in connection with the transaction of public business by a state or local officer or agency. Statutory Reference: Minnesota Statutes, section 138.17, subdivision 1.

Health Data. Data on individuals created, collected, received, or maintained by the department of health, political subdivisions, or statewide systems relating to the identification, description, prevention, and control of disease or as part of an epidemiologic investigation the commissioner designates as necessary to analyze, describe, or protect the public health. Health data are classified as private. Statutory Reference: Minnesota Statutes, section 13.3805, subdivision 1.

Individual. A person. For a minor (person under 18) or an individual judged mentally incompetent, it can be a parent or guardian. You may withhold data from a parent or guardian if the minor requests and if it is in the best interest of the minor. Statutory Reference: Minnesota Statutes, section 13.02, subdivision 8.

Informed Consent. An individual’s voluntary authorization to release data. Informed consent must include all of the following:

• The agency or person requested to provide data; • The nature of the data to be released; • The party(ies) to whom the data may be released; and • The purpose(s) for which data may be used.


Page 34

You might need informed consent to collect data about an individual from a third party, or you might need informed consent to release to a third party data the MDH has about an individual. Statutory Reference: Minnesota Statutes, section 13.05, subdivision 4.

MDH. The Minnesota Department of Health.

Medical Data. Data collected because an individual was or is a patient or client of a hospital, nursing home, medical center, clinic, health or nursing agency operated by a state agency or political subdivision including business and financial records, data provided by private health care facilities, and data provided by or about relatives of the individual. Medical data are classified as private. Statutory Reference: Minnesota Statutes, section 13.384, subdivision 1.

Nonpublic Data. Data not on individuals that are (a) not public and (b) accessible to the data subject. Also information about information systems and networks that might be used to compromise this data. Statutory Reference: Minnesota Statutes, section 13.02, subdivision 9.

“Not Public” Data. A broad category of data that includes confidential, private, nonpublic, and protected nonpublic data. Statutory Reference: Minnesota Statutes, section 13.02, subdivision 8a.

Personnel Data. Data about:

• Paid government employees; • Applicants for government employment; • Members of, or applicants for, advisory boards or commissions; • Volunteers to government agencies; and • Private individuals under government contract.

Statutory Reference: Minnesota Statutes, section 13.43, subdivision 1.

Private Data. Data on an individual that are (a) not public and (b) accessible to the individual. Statutory Reference: Minnesota Statutes, section 13.02, subdivision 12.

Protected Nonpublic Data. Data not on individuals that are (a) not public (b) not accessible to the data subject. Statutory Reference: Minnesota Statutes, section 13.02, subdivision 13.

Public Data. Data accessible to anyone for any reason. Statutory Reference: Minnesota Statutes, section 13.02, subdivisions 14 and 15.

Records Center. A low-cost, centralized area for storing inactive records whose retrieval rate does not warrant retention in office space. Statutory Reference: Minnesota Statutes, section 138.17, subdivision 7.

Records Coordinator. The designated individual in a division who monitors the division’s activities to ensure that all official records are identified on an approved records retention schedule.


Page 35

Records Disposition Panel. The Legislative Auditor, the Attorney General, and the Director of the Minnesota Historical Society comprise the panel. The panel reviews records retention schedules submitted by the Department. Statutory Reference: Minnesota Statutes, section 138.17, subdivision 1.

Records Inventory. This is a structured analysis of the official records in the Department. The inventory identifies records series. An inventory produces a detailed listing that could include the types, locations, dates, volumes, equipment, classification, and usage data of the Department’s records. Statutory Reference: Minnesota Statutes, section 138.17, subdivision 7.

Records Management Officer. The individual responsible for ensuring that the Department’s Records Management policy and procedures allow for the efficient and effective creation, use, protection, sharing, and disposition of official government records when followed.

Records Retention Schedule. Describes the official records of the Department and lists retention periods, disposal methods, and special preservation requirements such as storage media, access and distribution restrictions, and backup frequency/method. Statutory Reference: Minnesota Statutes, section 138.17, subdivision 7.

Records Series. A group of related records filed or used together as a unit and evaluated as a unit for retention purposes.

Security Information. Government data the disclosure of which would be likely to substantially jeopardize the security of information, possessions, individuals or property against theft, tampering, improper use, attempted escape, illegal disclosure, trespass, or physical injury. Security information includes documentation of MDH computer systems security. Security information is classified as nonpublic (for data not on individuals) and private (for data on individuals). Statutory Reference: Minnesota Statutes, section 13.37, subdivisions 1a and 2.

State Archives. This is both a program at the Minnesota Historical Society that assesses the records of government entities and a physical place in the Minnesota History Center where government records with historical value are retained in a collection. Statutory Reference: Minnesota Statutes, section 138.17, subdivision 1.

Summary Data. Public statistical records and reports derived from data on individuals but in which individuals are not identified and from which an individual cannot be identified. (Also known as “aggregate data.”) Statutory Reference: Minnesota Statutes, section 13.02, subdivision 9, and section 13.05, subdivision 7.

Tennessen Warning. A notice you must give to an individual who is asked to supply private or confidential data about him or herself. Statutory Reference: Minnesota Statutes, section 13.04, subdivision 2.

Trade Secret Information. Government data, including a formula, pattern, compilation, program, device, method, technique, or process that was supplied by an individual or organization. The individual or organization must demonstrate reasonable precautions to maintain the data’s secrecy and must derive independent economic value from the fact that the data is not publicly available. Trade secret information is classified as nonpublic (for data not on individuals) and private (data on individuals) on the request of the individual or organization that supplied the data.


Page 36

Statutory Reference: Minnesota Statutes, section 13.37, subdivisions 1b and 2.

Vital Records. These are records that are essential to the operation of government and to the protection of the rights and interests of persons. Statutory Reference: Minnesota Statutes, section 138.17, subdivision 8.


Page 37

Appendix BPersons with Data Practices Related Responsibilities

Responsible Authority. The responsible authority for MDH is the Commissioner. The responsible authority must ensure the agency complies with the Data Privacy Act. Responsibilities include the collection, use, and dissemination of any set of data on individuals, government data or summary data, and the implementation and administration of the Act. The duties of the responsible authority are detailed in statute and rule. Statutory and Rule Reference: Minnesota Statutes, section 13.02, subdivision 16, and section 13.05, and Minnesota Rules, chapter 1205.

Data Practices Compliance Official. The data practices compliance official is designated by the Responsible Authority to be the agency contact for data practices. Anyone may direct questions or concerns regarding problems in obtaining access to data or other data practices problems to the data practice compliance official. The data practices compliance official will help to establish data practices policies for the agency and provide training. Dave Orren is the MDH Data Practices Compliance Official Statutory Reference: Minnesota Statutes, section 13.05, subdivision 13.

Designee. A designee is a person appointed in writing by the Responsible Authority to be in charge of individual files or systems containing governmental data, and to comply with requests for governmental data. Statutory Reference: Minnesota Statutes, section 13.02, subdivision 6.

Employee. Each employee is responsible for compliance with the Data Privacy Act. Willful violation of chapter 13 by any employee constitutes just cause for suspension without pay or dismissal. Statutory Reference: Minnesota Statutes, section 13.03, subdivision. 6, section 13.08, subdivision 1, and section 13.09.

Commissioner of Administration. In 1993, the legislature granted the Commissioner of the Department of Administration the authority to issue written advisory opinions, upon request of any person, on questions of public access to governmental data, rights of data subjects, and classifications of data. Opinions issued by the Commissioner of Administration are not binding on the state agency, but must be given deference by a court in a proceeding involving the data. The Commissioner of the Department of Administration also grants or denies requests for a temporary classification of data. Statutory Reference: Minnesota Statutes, section 13.072.

The Attorney General. A formal written opinion by the Attorney General takes precedence over an advisory opinion of the Commissioner of the Department of Administration. Agency staff may seek informal advice from attorneys in the Office of the Attorney General on data practices issues but informal advice is not entitled to any precedential value in a legal dispute. Statutory Reference: Minnesota Statutes, section 13.072, subdivision 1, paragraph (c).


Page 38

The Courts. The Act creates a procedure for when data that is “not public” can be released by Court order. The Act affords remedies to individuals who maintain that a governmental agency is violating or not properly administering the provisions of the Act. Agencies that violate the Act and cause damage to an individual can be sued. The individual may recover actual damages, costs and attorney fees. In cases of willful violations, the individual may recover up to $10,000 in exemplary damages. Any person who willfully violates the provisions of chapter 13, or Minnesota Rules, chapter 1205 is guilty of a misdemeanor. Statutory Reference: Minnesota Statutes, section 13.03, subdivision. 6, section 13.08, subdivision 1, and section 13.09.


Page 39

Appendix CThe Tennessen Warning

Minnesota Statutes, Section 13.04, subdivision 2

The notice must be given when: 1. An individual 2. Is asked to supply 3. Private or confidential data 4. Concerning self

All four conditions must be present to trigger the notice requirement.

The notice does not need to be given when:

• The data subject is not an individual, • The subject offers information that has not been

requested by the entity, • The information requested from the subject is

about someone else, • The entity requests or receives information about

the subject from someone else, or • The information requested from the subject is

public data about that subject.

Statements must be included that inform the individual:

(x) (If the individual is a minor (younger than 18)) The minor can request that MDH not give the minor’s parents access to the data.

(a) Why the data are being collected from the individual and how the entity intends to use the data;

(b) Whether the individual may refuse or is legally required to supply the data;

(c) Any consequences to the individual of either supplying or refusing to supply the data; and

(d) The identity of other persons or entities authorized by law to receive the data.

Private or confidential data on individuals may be collected, stored, used and released as described in

Consequences of giving the notice are:

the notice without liability to the entity.

Consequences of giving an incomplete notice, or not giving the notice at all, are:

Private or confidential data on individuals cannot be collected, stored, used or released for any purposes other than those stated in the notice unless: • The individual subject of the data gives informed

consent; • The Commissioner of Administration gives

approval; or • A state or federal law subsequently authorizes or

requires the new use or release.


Page 40

______________________________________________________________________________

Examples of Tennessen Warnings

Each Tennessen Warning must include the following requirements to inform the individual of his or her rights:

a) The purpose and/or use of the data b) Whether the individual can refuse to provide the data or is legally required to provide the

data c) Any consequences for supplying or refusing to supply the data d) Other persons or entities authorized to receive the data

(x) (If the individual is a minor (younger than 18)) The minor can request that MDH not give the minor’s parents access to the data.

****************************************************************************** Tennessen Warning Example:

We are requesting your name, address and phone number so that we may contact you for further information, to request your testimony if needed, and to let you know how your complaint was handled.

You are not required to provide this information. However, without it we will not be able to contact you regarding additional information that may be needed to respond to your complaint. All information you provide which might identify yourself is legally classified as confidential data and can only be released to:

• Department of Health employees, who need it to process your complaint; • Department representatives in the Attorney General’s Office; • Staff of the Office of Administrative Hearings or the courts; and • Anyone having a court order to obtain the information.

Unless you are a witness or an order is issued by the Office of Administrative Hearings or the courts, all personal information you provide will remain confidential at the conclusion of this matter.

Notice given by: ___________________________________________________________

Date: ___________________________________________________________________

__Verbally over the phone __Verbally in person __Other (specify): _________________________________________________________


Page 41

minnesota department of healthmnfoodsafetycoe.umn.edu/wp-content/uploads/2014/01/data...home...

Documents