Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · Arizona · Title 36 — Public Contracts

36-3806. Required policies

268 words·~1 min read·/az/title-36/36-3806

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A health information organization must implement and enforce policies governing the privacy and security of individually identifiable health information and compliance with this chapter. These policies must:
1. Implement the individual rights prescribed in section 36-3802.
2. Address the individual's right to opt out of having the individual's individually identifiable health information accessible through the health information organization pursuant to section 36-3803.
3. Address the content and distribution of the notice of health information practices prescribed in section 36-3804.
4. Implement the restrictions on disclosure of individually identifiable health information through the health information organization as prescribed in section 36-3805.
5. Address security safeguards to protect individually identifiable health information as required by the health insurance portability and accountability act security rule (45 Code of Federal Regulations part 164, subpart C).
6. Prescribe the appointment and responsibilities of a person or persons who have responsibility for maintaining privacy and security procedures for the health information organization.
7. Require training of each employee and agent of the health information organization about the health information organization's policies, including the need to maintain the privacy and security of individually identifiable health information and the penalties for the unauthorized access, release, transfer, use or disclosure of individually identifiable health information. The health information organization must initially provide this training before an employee or agent may have access to individually identifiable health information available through the health information organization, and at a later time as reasonable and appropriate in accordance with the training implementation specifications required by the health insurance portability and accountability act privacy rule (45 Code of Federal Regulations section 164.530(b)).
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.