Nebraska Statutes 87-1104. Information and records to which act is not applicable
The Data Privacy Act does not apply to the following:
Terms Used In Nebraska Statutes 87-1104
- Fair Credit Reporting Act: A federal law, established in 1971 and revised in 1997, that gives consumers the right to see their credit records and correct any mistakes. Source: OCC
(1) Protected health information under the Health Insurance Portability and Accountability Act;
(2) Health records;
(3) Patient identifying information for purposes of 42 U.S.C. §§ 290dd-2, as such section existed on January 1, 2024;
(4) Identifiable private information:
(a) For purposes of the federal policy for the protection of human subjects under 45 C.F.R. part 46, as such part existed on January 1, 2024;
(b) Collected as part of human subjects research under the good clinical practice guidelines issued by the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use, as such guidelines existed on January 1, 2024, or of the protection of human subjects under 21 C.F.R. § parts 50 and 56, as such parts existed on January 1, 2024; or
(c) That is personal data used or shared in research conducted pursuant to the Data Privacy Act or other research conducted in accordance with applicable Nebraska law;
(5) Information and documents created for purposes of the federal Health Care Quality Improvement Act of 1986, 42 U.S.C. § 11101 et seq., as such act existed on January 1, 2024;
(6) Patient safety work product for purposes of the federal Patient Safety and Quality Improvement Act of 2005, 42 U.S.C. §§ 299b-21 et seq., as such act existed on January 1, 2024;
(7) Information derived from any of the health care-related information listed in this section that is deidentified in accordance with the requirements for deidentification under the Health Insurance Portability and Accountability Act;
(8) Information originating from, and intermingled to be indistinguishable with, or information treated in the same manner as, information exempt under this section that is maintained by a covered entity or business associate as defined by the Health Insurance Portability and Accountability Act or by a program or a qualified service organization as defined by 42 U.S.C. §§ 290dd-2, as such section existed on January 1, 2024;
(9) Information that is included in a limited data set as described by 45 C.F.R. § 164.514(e), to the extent that the information is used, disclosed, and maintained in the manner specified by 45 C.F.R. § 164.514(e), as such regulation existed on January 1, 2024;
(10) Information collected or used only for public health activities and purposes as authorized by the Health Insurance Portability and Accountability Act;
(11) The collection, maintenance, disclosure, sale, communication, or use of any personal information bearing on a consumer’s creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living by a consumer reporting agency or furnisher that provides information for use in a consumer report, and by a user of a consumer report, but only to the extent that the activity is regulated by and authorized under the federal Fair Credit Reporting Act, 15 U.S.C. § 1681 et seq., as such act existed on January 1, 2024;
(12) Personal data collected, processed, sold, or disclosed in compliance with the federal Driver’s Privacy Protection Act of 1994, 18 U.S.C. § 2721 et seq., as such act existed on January 1, 2024;
(13) Personal data regulated by the federal Family Educational Rights and Privacy Act of 1974, 20 U.S.C. § 1232g, as such act existed on January 1, 2024;
(14) Personal data collected, processed, sold, or disclosed in compliance with the federal Farm Credit Act of 1971, 12 U.S.C. § 2001 et seq., as such act existed on January 1, 2024;
(15) Data processed or maintained in the course of an individual applying to, being employed by, or acting as an agent or independent contractor of a controller, processor, or third party, to the extent that the data is collected and used within the context of that role;
(16) Data processed or maintained as the emergency contact information of an individual under the Data Privacy Act that is used for emergency contact purposes; or
(17) Data that is processed or maintained and is necessary to retain to administer benefits for another individual that relates to an individual described by subdivision (15) of this section and used for the purposes of administering such benefits.