36-3806. Required policies
A health information organization must implement and enforce policies governing the privacy and security of individually identifiable health information and compliance with this chapter. These policies must:
1. Implement the individual rights prescribed in section 36-3802.
2. Address the individual's right to opt out of having the individual's individually identifiable health information accessible through the health information organization pursuant to section 36-3803.
3. Address the content and distribution of the notice of health information practices prescribed in section 36-3804.
4. Implement the restrictions on disclosure of individually identifiable health information through the health information organization as prescribed in section 36-3805.
5. Address security safeguards to protect individually identifiable health information as required by the health insurance portability and accountability act security rule (45 Code of Federal Regulations part 164, subpart C).
6. Prescribe the appointment and responsibilities of a person or persons who have responsibility for maintaining privacy and security procedures for the health information organization.
7. Require training of each employee and agent of the health information organization about the health information organization's policies, including the need to maintain the privacy and security of individually identifiable health information and the penalties for the unauthorized access, release, transfer, use or disclosure of individually identifiable health information. The health information organization must initially provide this training before an employee or agent may have access to individually identifiable health information available through the health information organization, and at a later time as reasonable and appropriate in accordance with the training implementation specifications required by the health insurance portability and accountability act privacy rule (45 Code of Federal Regulations section 164.530(b)).
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal plans you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with easy access to affordable legal services through a network of independent law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our network law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your network law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal plans, and access to the LegalFix networks of law firms are subject to the LegalFix Terms of Service and Privacy Policy.