Can I use third-party cloud storage services that collect personal information in Kansas? What are the requirements?

Here is your updated answer to the query based on the additional context you provided:

Use of Third-Party Cloud Storage Services in Kansas

Kansas does not have specific laws or regulations that prohibit the use of third-party cloud storage services that collect personal information. However, there are certain restrictions on the use and disclosure of personal information in public documents.

Under KSST 75-3520, no document available for public inspection or copying shall contain an individual’s social security number if such document contains such individual’s personal information, which includes name, address, phone number, or e-mail address. Any document or record that contains all or any portion of an individual’s social security number shall have all portions of all social security numbers redacted before the document or record is made available for public inspection or copying.

Requirements for Using Third-Party Cloud Storage Services

If a covered entity in Kansas uses a third-party cloud storage service to store protected health information, the covered entity must ensure that the service provider complies with the requirements of the Kansas Health Information Technology Act ^[1.1](^[1.1]). The covered entity must also enter into a business associate agreement with the service provider that meets the requirements of the Health Insurance Portability and Accountability Act (HIPAA) ^[1.2](^[1.2]).

Additionally, if a public agency in Kansas uses a third-party cloud storage service to store public records, the agency must prominently display or distribute a brochure that contains basic information about the rights of a requestor, the responsibilities of a public agency, and the procedures for inspecting or obtaining a copy of public records under the open records act ^[3.2](^[3.2]). The agency must also adopt procedures to protect the records from damage and disorganization, prevent excessive disruption of the agency’s essential functions, and ensure efficient and timely action in response to applications for inspection of public records ^[3.3](^[3.3]).

Conclusion

Kansas does not have specific laws or regulations that prohibit the use of third-party cloud storage services that collect personal information. However, covered entities and public agencies must ensure that the service providers comply with applicable laws and regulations and take appropriate measures to protect the information stored in the cloud. Additionally, personal information in public documents must be redacted before the document or record is made available for public inspection or copying.

Source(s):

• [1.1] Kansas health information technology act.
• [1.2] Same; use and disclosure of protected health information.
• [3.2] Brochure concerning public records.
• [3.3] Procedures for obtaining access to or copies of records; request for records; establishing office hours for inspection; custodian of records, duties; provision of information on procedures.

Jurisdiction

Kansas

• Privacy