Statutes, codes, and regulations
Laws of Puerto Rico
TITLE TWENTY-SIX InsuranceSubtitle 3 Puerto Rico Health Insurance Code
Chapter 112. Health Information Protection
§ 9235. Health information policies, standards and procedures

P.R. Laws tit. 26, § 9235

Download
PDF
2019-02-20 00:00:00+00
§ 9235. Health information policies, standards and procedures

(a) A health insurance organization or issuer shall develop and implement written policies, standards, and procedures for the management of health information, in order to guard against the unauthorized collection, use, or disclosure of protected health information. It shall meet the applicable requirements of the Federal Privacy and Security Rules issued in accordance to HIPAA. Such policies, standards, and procedures shall include:

(1) Limitation on access to health information based on the functions of its employees;

(2) appropriate training for all employees;

(3) disciplinary measures for violations of the health information policies, standards, and procedures;

(4) identification of the job titles and job descriptions of persons that are authorized to disclose protected health information;

(5) procedures for authorizing and restricting the collection, use, or disclosure of protected health information;

(6) methods for exercising the right to access and amend protected health information, as provided in §§ 9237 and 9238 of this title;

(7) methods for handling, disclosing, storing, and disposing of health information;

(8) periodic monitoring of the employees' compliance with the health insurance organization or issuer's policies, standards, and procedures, and

(9) methods for informing and allowing an individual who is the subject of protected health information to request specialized disclosure or nondisclosure of protected health information, as required under § 9244 of this title.

(b)

(1) A health insurance organization or issuer shall take the necessary measures to assure that any person or entity with which it contracts to carry out functions related to the collection, disclosure, management, or use of protected health information complies with the following:

(A) Has policies, standards, and procedures that meet the requirements of this chapter regarding health information, and

(B) knows its obligation to meet any applicable Commonwealth and federal statutory and regulatory requirements governing the collection, use or disclosure of protected health information.

(2) In any contractual arrangement between the health insurance organization or issuer and a provider, the health insurance organization or issuer shall require that the healthcare provider have health information privacy policies, standards and procedures.

(c) A health insurance organization or issuer shall make the health information policies, standards and procedures developed pursuant to this section available for review and inspection by the Commissioner.

History —Aug. 29, 2011, No. 194, added as § 14.050 on Aug. 23, 2012, No. 203, § 1, eff. 90 days after Aug. 23, 2012.