OAR 409-025-0190
Data Review Committee
(1)
The Authority shall convene a Data Review Committee (DRC) to evaluate completed applications.(2) The Authority may accept nominations for and make appointments to the DRC. The DRC shall include at least one mandatory reporter to serve in an advisory capacity.
(3) The DRC evaluation shall include, but is not limited to:
(a) Whether proposed purpose for accessing APAC data is allowable under Authority policies and state and federal rules, regulations, and statutes;
(b) Whether IRB documentation is required and, if submitted, is sufficient;
(c) Whether the proposed privacy and security protections are sufficient; and
(d) Whether additional clarification is needed to complete the review.
(4) The Authority shall publish a DRC meeting schedule on its website and post applications scheduled to be reviewed, which detail the proposed use of the data and detail the data elements requested to be released at least two weeks prior to the next DRC meeting. The Authority shall receive public comment on applications scheduled for review. The DRC will review and consider all public comments as part of the data request review process.
(5) Consideration of applications for limited data sets:
(a) The Authority shall schedule completed applications for review by the DRC on a first-come-first-served basis.
(b) The DRC shall recommend that The Authority approve or deny the application or defer action pending clarification from the requestor.
(c) The Authority shall accept or reject the DRC’s recommendation and notify the requestor within 10 business days of the review.
(d) The Authority may deny a completed application for reasons which include, but are not limited to:
(A) Requestor or any person who will have access to the data has previously violated a data use agreement with the Authority;
(B) Full payment is not included with the application;
(C) The proposed privacy and security protections are not sufficient;
(D) Information provided is not sufficient to approve the request; and
(E) Proposed purpose for accessing APAC data is not allowable under authority policies or state or federal rules, regulations, or statutes.
(e) If the DRC requests clarification, the requestor shall have 30 calendar days to provide the requested information to the Authority. After 30 calendar days, applications with incomplete requests for clarification shall be discarded without further notification to the requestor.
(f) Upon receipt of the requested clarification the Authority shall schedule re-evaluation with the DRC on a first-come-first-served basis.
(g) If a request is denied, a person may submit a written request for reconsideration that includes the basis upon which the person believes the request should have been granted. If the Authority receives a request for reconsideration, it will determine whether to grant reconsideration and approve the request or whether the denial stands. The Authority shall provide its decision in writing to the person requesting reconsideration.
Source:
Rule 409-025-0190 — Data Review Committee, https://secure.sos.state.or.us/oard/view.action?ruleNumber=409-025-0190.