PDFWAC 182-70-230
Review of data requests.
(1) The lead organization must establish a transparent process for the review of data requests, which includes a process for public review for specific requests. The process must include a timeline for processing requests, and notification procedures to keep the requestor updated on the progress of the review. The process must also include the ability for the public to comment on requests that include the release of protected health information or proprietary financial information or both. The authority shall have final approval over the process and criteria used for review of data requests and all subsequent changes.
(2) The lead organization must post on the WA-APCD website all requests that include the release of protected health information or proprietary financial information, and the schedule for the receipt of public comment on the request. The time frame for public comment should not be less than fourteen calendar days. The lead organization must post the final decision for the request within seven days after the decision is made.
(3) The lead organization has the responsibility to convene the DRC when needed to review data requests and make a recommendation to the lead organization as to whether to approve or deny a data request. The lead organization must establish an annual meeting schedule for DRC and post the schedule on the website. The DRC must review requests for identifiable data and provide a recommendation regarding data release. The lead organization may request the DRC to review other data requests. The review must include a technical review of the data management plan by an expert on the DRC, staff from the office of chief information officer, or other technical expert. The DRC may recommend that the requestor provide additional information before a final decision can be rendered, approve the data release in whole or in part, or deny the release. For researchers who are required in RCW 43.371.050 (4)(a) to have IRB approval, the DRC may recommend provisional approval subject to the receipt of an IRB approval letter and protocol and submittal of a copy of the IRB letter to the lead organization.
(4) The lead organization may only deny a data request based on a reason set forth in WAC 182-70-280.
(5) The lead organization must notify the requestor of the final decision. The notification should include the process available for review or appeal of the decision.
(6) The lead organization must post all data requests and final decisions on the WA-APCD website maintained by the lead organization.
[Statutory Authority: RCW 41.05.021, 41.05.160 and 43.371.020. WSR 20-08-059, § 182-70-230, filed 3/25/20, effective 4/25/20. WSR 19-24-090, recodified as § 182-70-230, filed 12/3/19, effective 1/1/20. Statutory Authority: Chapter 43.371 RCW. WSR 16-22-062, § 82-75-230, filed 11/1/16, effective 12/2/16.]