Breach Notification

Effective Date: September 23, 2009

Last Reviewed: July 1, 2015

Interim Date: July  21, 2015

Purpose

To provide for notification in the case of breaches of unsecured protected health information. For purposes of these requirements, set forth in section 13402(h) of the HITECH Act (“Act”).

Policy Statement

MMC is required by law to protect the privacy of health information that may reveal the identity of a patient. If a breach of certain types of individually identifiable health information occurs, MMC is required to provide notification to certain individuals and entities pursuant to Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), which is Title XIII of the American Recovery and Reinvestment Act of 2009 (ARRA) and any regulations promulgated there under.

Therefore, MMC, will implement reasonable and appropriate technologies and methodologies designed to secure protected health information from unauthorized disclosure.

MMC may also have additional reporting obligations under other federal laws and state breach notification laws. Those obligations are not addressed in this policy.

This policy is currently awaiting approval. You can view the interim policy to the right or by clicking here.