ORS 432.033
Duties of state registrar related to confidentiality and security
(1)
The Legislative Assembly finds that:(a)
The system of vital statistics supports civil registration and creates information that is used for public health, health research, national security, statistical and administrative purposes;(b)
Civil registration of each vital event that occurs within this state is carried out primarily for the purpose of establishing legal documents provided by law; and(c)
Due to increased requirements of civil registration in the context of national security and the use of live birth records as the primary document used to identify individuals, the State Registrar of the Center for Health Statistics must:(A)
Take measures to prevent the fraudulent use of vital records for identity theft, terrorism or other purposes;(B)
Maintain the security of personnel, physical environments, electronic systems and preservation methods; and(C)
Perform data assurance and record matching activities to protect the confidentiality and security of vital records and prevent the fraudulent use of vital records.(2)
For the purposes described in subsection (1) of this section, the state registrar shall:(a)
Authenticate all users of the system of vital statistics and document that the users require access to the system of vital statistics for purposes related to the official roles and duties of the users;(b)
Authorize authenticated users of the system of vital statistics to access specific components of the system of vital statistics that are necessary for the users to perform their official roles and duties;(c)
Establish separate duties for staff who have roles that may be susceptible to fraud or misuse and routinely perform audits of staff work for the purpose of identifying fraud or misuse within the system of vital statistics;(d)
Require that authenticated and authorized users maintain a specified level of training related to security and provide written acknowledgment of security procedures and penalties;(e)
Validate data provided in reports submitted for registration through site visits or with sources independent from registration processes at a frequency specified by the state registrar by rule that maximizes the integrity of the data collected;(f)
Protect personally identifiable information and maintain systems that provide for audits of use and include protocols for breach identification and notification;(g)
If the decedent was born in this state or if the decedent was a resident of this state, receive a report from the United States Department of Defense or the United States Department of State of a death occurring outside the United States;(h)
Match death records to live birth records;(i)
Match death records received from the United States Department of Defense or the United States Department of State of a death occurring outside the United States to registered live birth records;(j)
Work with law enforcement to provide evidence for active fraud investigations;(k)
Provide secure workplace, storage and technology environments;(L)
Maintain overt, covert and forensic security measures for certified copies, verifications and automated systems that are part of the system of vital statistics;(m)
Comply with laws, rules and regulations associated with information technology systems and information related to the system of vital statistics; and(n)
Comply with national standards that apply to the system of vital statistics and its components. [2013 c.366 §6]
Source:
Section 432.033 — Duties of state registrar related to confidentiality and security, https://www.oregonlegislature.gov/bills_laws/ors/ors432.html
.