Breaches of Unsecured Protected Health Information

Effective Date: September 23, 2009

Last Reviewed: July 1, 2015

Review by: June 30, 2016

Purpose

To provide notification in the case of breaches of unsecured protected health information. For purposes of these requirements, set forth in section 13402(h) of the HITECH Act ("Act").

Policy Statement

MMC is required by law to protect the privacy of health information that may reveal the identity of a patient. If a breach of certain types of individually identifiable health information occurs, MMC is required to provide notification to certain individuals and entities pursuant to Subtitle D of the Health Information Technology for Economic and Clinical Health Act (HITECH), which is Title XIII of the American Recovery and Reinvestment Act of 2009 (ARRA) and any regulations promulgated there under.

Therefore, MMC will implement reasonable and appropriate technologies and methodologies designed to secure protected health information from unauthorized disclosure.

MMC may also have additional reporting obligations under other federal laws and state breach notification laws. Those obligations are not addressed in this policy.

You can view the full policy to the right or by clicking here.