Can I collect third-party data from participants in North Carolina? What are the requirements?

Based on the documents provided, collecting third-party data from participants in North Carolina is allowed, but there are specific requirements that must be met to ensure the privacy and security of the data.

Requirements for Collecting Third-Party Data in North Carolina

• Public-School Units (PSUs) and the Department of Public Instruction (DPI) are required to protect student data under Article 29 of NC General Statute 115C ^[1].
• Third-party vendors must provide the necessary documentation to meet all applicable security standards before data exchange can begin ^[1].
• Electronic Visit Verification (EVV) data collected from third-party vendors must be done through NC Medicaid’s procured Aggregator ^[2].
• The North Carolina Department of Information Technology has data classification roles and classes that determine the level of security required for the data ^[3].
• To collect patient data from third-party providers, participants must complete a third-party preference form ^[4].

Therefore, to collect third-party data in North Carolina, it is important to ensure that all applicable security standards are met and that the necessary documentation is obtained before data exchange can begin. Additionally, it is important to follow the specific requirements outlined by NC Medicaid and the North Carolina Department of Information Technology.

Source(s):

• [1] Third Party Data Integration | NC DPI
• [2] NC Medicaid – Frequently Asked Questions Electronic Visit …
• [3] North Carolina Department of Information Technology Data …
• [4] NC*Notify | NC HIEA

Jurisdiction

North Carolina

• Privacy