N.Y. Comp. Codes R. & Regs. tit. 10 § 63.9 - Health Care Provider and Health Facility Policy and Procedures for Maintaining Confidentiality of HIV-Related Information

This regulation requires that health care providers and health facilities employing persons or contracting with persons to render health services implement policies and procedures to maintain the confidentiality of HIV-related information.  The regulation requires that these policies and procedures include the following features:

• The provider/facility must initially educate its employees/contractors about the legal prohibition against disclosure of this confidential information, and the employees must be informed of any changes to the relevant laws.  The regulation requires that the facility maintain a list of all employees who have had training.
• The provider/facility must maintain a list of job titles and specific employee functions for those employees who have authorized access to the information. The list should include any limits on access and must be provided to the employee during education sessions.
• There must be a requirement that only full-time or part-time employees, contractors and medical/nursing students who have received education on confidentiality of HIV-related information are allowed access to this information.
• There must be protocols for ensuring that the records, both the physical records and electronically maintained records, are maintained securely.
• There must be procedures in place for handling requests for this confidential HIV-related information from third-parties.
• There must be protocols prohibiting employees/contractors from discriminating against persons having or suspected of having HIV.
• All the policies and procedures must be reviewed annually.