Effective Date: September 23, 2009
Last Reviewed: July 1, 2015
Interim Date: July 21, 2015
To provide for notification in the case of breaches of unsecured protected health information. For purposes of these requirements, set forth in section 13402(h) of the HITECH Act (“Act”).
MMC is required by law to protect the privacy of health information that may reveal
the identity of a patient. If a breach of certain types of individually identifiable
health information occurs, MMC is required to provide notification to certain individuals
and entities pursuant to Subtitle D of the Health Information Technology for Economic
and Clinical Health Act (HITECH), which is Title XIII of the American Recovery and
Reinvestment Act of 2009 (ARRA) and any regulations promulgated there under.
Therefore, MMC, will implement reasonable and appropriate technologies and methodologies designed to secure protected health information from unauthorized disclosure.
MMC may also have additional reporting obligations under other federal laws and state breach notification laws. Those obligations are not addressed in this policy.
This policy is currently awaiting approval. You can view the interim policy to the right or by clicking here.