121085. (a) Confidential research records shall be protected in the course of conducting financial audits or program evaluations, and audit personnel shall not directly or indirectly identify any individual research subject in any report of a financial audit or program evaluation. To the extent it is necessary for audit personnel to know the identity of individual research subjects, authorized disclosure of confidential research records shall be made on a case-by-case basis, and every prudent effort shall be exercised to safeguard the confidentiality of these research records in accordance with this chapter. Information disclosed for audit or evaluation purposes should be used only for audit and evaluation purposes and may not be redisclosed or used in any other way.
(b) Nothing in this section imposes liability or criminal sanction for disclosure of confidential research records in accordance with any reporting requirement for a case of HIV, including AIDS, by the department or the Centers for Disease Control and Prevention under the United States Public Health Services.
(Amended by Stats. 2006, Ch. 20, Sec. 10. Effective April 17, 2006.)