Can I collect third-party data from participants in Michigan? What are the requirements?

Based on the provided documents, it is possible to collect third-party data from participants in Michigan under certain circumstances. However, the requirements for collecting and disseminating such data vary depending on the purpose of the collection and dissemination.

Collection of Third-Party Data

The Michigan Compiled Laws (MICL) do not explicitly prohibit the collection of third-party data. However, certain laws and regulations govern the collection of data for specific purposes. For example, MICL 331.531 allows a person, organization, or entity to provide a review entity with information or data relating to the physical or psychological condition of a person, the necessity, appropriateness, or quality of health care rendered to a person, or the qualifications, competence, or performance of a health care provider. The review entity must be duly appointed and qualified under state or federal law.

Dissemination of Third-Party Data

The dissemination of third-party data is subject to more stringent requirements. For example, MIAC R 28.5210 allows the Michigan Department of State Police to disseminate Criminal Justice Information (CJI) for research, statistical, or governmental projects, but only if certain conditions are met. The recipient of the CJI must be an agency or entity listed under R 28.5201, an academic institution, or a government entity. The recipient must also submit a completed user agreement stipulating that the CJI will only be used for the proposed project, will be destroyed immediately after the project is completed, and will comply with all applicable federal and state laws and regulations.

Similarly, MIAC R 28.5211 allows the dissemination of CJI for certain mass casualty, catastrophic, or unforeseen events, but only with the approval of the Chief Security Officer (CSO) and the director of the department. The CSO must ensure that the dissemination of CJI is necessary for the identification of victims and that the department would not be unreasonably burdened by the proposed dissemination.

MICL 333.26271 exempts copies of medical records provided to a third-party payer, insurer, or self-funded plan from certain provisions of the law. However, it is unclear whether this exemption applies to the dissemination of third-party data for purposes other than insurance.

Access to CJIS and CJI

Access to Criminal Justice Information System (CJIS) and Criminal Justice Information (CJI) is restricted to criminal justice agencies, nongovernmental agencies with arrest powers, governmental agencies or private contractors designated to perform criminal justice functions, and agencies authorized by statute ^[2.3]. To obtain approval as an authorized agency to access CJIS, CJI, or both, an agency must complete an application and user agreement as required by the department, assume all costs associated with the agency’s connection to CJIS, agree to pay fees for access or dissemination, and agree to comply with applicable state and federal statutes, rules, and procedures ^[2.3]. The Chief Security Officer (CSO) may deny, limit, or terminate an individual’s or agency’s access to CJIS, CJI, or both for failure to cooperate with a request from the CSO or the department for investigation of misuse of CJIS or CJI, or violation of, or noncompliance with, applicable laws, rules, and procedures ^[2.1].

Conclusion

In conclusion, the collection and dissemination of third-party data in Michigan are subject to various laws and regulations. The requirements for collecting and disseminating such data depend on the purpose of the collection and dissemination. Therefore, it is important to consult the relevant laws and regulations before collecting or disseminating third-party data in Michigan.

Source(s):

• [2.1] CJIS or CJI access; deny, limit, or terminate
• [2.3] Agency authorization for CJIS and CJI access

Jurisdiction

Michigan

• Privacy