Section 29-3002. DATA-SHARING AGREEMENT BETWEEN AGENCIES  

3002.1A District Agency seeking to use another District Agency’s HHSI or seeking to disclose HHSI to another District Agency shall, consistent with the District-wide HIPAA Policy, enter into a data-sharing agreement (Agreement).  Any Agency or Provider seeking to enter into an Agreement must follow any applicable Agency or Provider HIPAA policies and procedures. 

3002.2At a minimum, the Agreement shall include the following information:

(a) The legal authority which authorizes the sharing of HHSI between the two Agencies including the Act’s legal citation;

(b) A listing of the specific HHSI each Agency is requesting from the other along with a statement of the Agency’s purpose for requesting each piece of HHSI on that list, which shall be limited to the minimum amount of HHSI necessary to accomplish the purpose of the disclosure;

(c) A provision stating that the requested HHSI shall be safeguarded and protected from improper access, use, or dissemination in accordance with the Act, and any other applicable District and Federal laws;

(d) A provision stating that any unlawful use or disclosure of HHSI shall be subject to penalties outlined in the Act, and any other applicable District and Federal laws;

(e) Procedures for notifying an Agency of an actual or suspected unauthorized access, use, or dissemination of the HHSI.