A. The board shall maintain the data system in a secure environment which complies, at minimum, with all applicable federal laws and regulations providing for the protection of health information.

            B.(1) The board may authorize and facilitate access to data in the system to an outside party only if that party seeks the data for use in a bona fide medical research effort which has been authorized by the institutional review board of the organization conducting the research.

            (2) The board shall have exclusive authority to determine whether an activity qualifies as a bona fide medical research effort in accordance with Paragraph (1) of this Subsection.

            (3) Any disclosure of data in the system shall be subject to the approval of the board.

            Acts 2019, No. 207, §1.