Ask Reggi Your Question Now
Can I collect server log information from participants in New Mexico? What are the requirements?
Based on the context documents provided, you can collect server log information from participants in New Mexico. However, you must ensure that you have implemented and maintained reasonable security procedures and practices appropriate to the nature of the personal identifying information to protect it from unauthorized access, destruction, use, modification or disclosure [57-12C-5 NMSA][2.1][2.3].
Additionally, if you own or license records containing personal identifying information of a New Mexico resident, you must arrange for proper disposal of the records when they are no longer reasonably needed for business purposes [57-12C-3 NMSA][2.2].
If you are transmitting data electronically, you must submit data by electronic media, which includes CD, DVD, or direct electronic transmission by encrypted e-mail or secure file transmission protocol (SFTP), in an ASCII file format, per the most current record layout and instruction provided by the division. You must label all media and data files with the following information: type of data, hospital name and license number, year, file name, point of contact and telephone number, and mail data to “New Mexico department of health epidemiology and response division, attn: division, 1190 St. Francis Drive, Santa Fe, NM 87502.” [7.1.27.10 NMAC][3.1][5.1].
Therefore, if you are collecting personal identifying information from participants in New Mexico, you must ensure that you have implemented and maintained reasonable security procedures and practices to protect the information from unauthorized access, destruction, use, modification or disclosure.
Note that this response is based on the context documents provided and may not be exhaustive or applicable to all situations. It is recommended that you consult with a legal professional for specific guidance on your situation.
Source(s):
- [2.1] State of New Mexico and political subdivisions exempted.
- [2.2] Disposal of personal identifying information.
- [3.1] ELECTRONIC REPORTING REQUIREMENTS
- [2.3] Security measures for storage of personal identifying information.
- [5.1] ACCESS TO ANALYTICAL DATABASE
Jurisdiction
New Mexico