PubLedgeRMA — Data Security Under §63A-19-102
An RMA participant must implement data security measures conforming to Utah Code §63A-19-102 and maintain a cybersecurity framework that is updated on an ongoing basis to address emerging threats and vulnerabilities. No statutory or common-law cybersecurity obligation is waived by the RMA.
What Counts
- Written data security measures aligned with §63A-19-102 baselines
- Reasonable protections against data leaks
- Ongoing review and update of the cybersecurity framework against emerging threats
- Continued compliance with all non-waived statutory and common-law cybersecurity obligations
What Does Not Count
- Unsigned policies never implemented
- One-time security posture snapshot with no review cadence
- Treating RMA participation as a waiver of any other cybersecurity obligation
Implementing Legal Instruments
| Legal Instrument | Scope | Status | Provisions |
|---|---|---|---|
| Utah OAIP × ElizaChat — Teen Mental-Health App RMA (2024) | us-ut | expired | 1 |
| Utah OAIP × Dentacor — AI-Assisted Dental Radiograph Diagnosis RMA (2025) | us-ut | enforcing | 1 |
| Utah OAIP × Doctronic — AI Prescription Renewal RMA (2025) | us-ut | enforcing | 1 |
| Utah OAIP × Legion Health — AI Maintenance Psychiatric Refill RMA (2026) | us-ut | enacted | 1 |