Agents and information Managers
In case when a custodian retains the services of an agent for the collection, use, disclosure or retention of personal health information then they (custodian) shall enter into a written agreement with the agent requiring the agent to comply with the obligation of custodian pertaining to the handling of personal health information.
In a similar way a custodian may provide personal health information to an information manager for the purpose of processing, storing or destroying the personal health information in order to provide the custodian with information management or information technology services. Further, when custodian is willing to provide the personal health information to an information manager then they shall enter into an agreement, in accordance with the regulations under PHIPAA.
Section 52 further mandates that an information manager shall comply with the imposed duty and fulfil the requirements concerning the protection, retention and secure destruction of personal health information that the custodian is required to comply with under PHIPAA.
Accuracy of Information
Before using or disclosing personal health information, a custodian shall take reasonable steps in order to ensure that the information is accurate, up-to-date and complete and information to be disclosed to the person intended and authorized to receive.
Ceasing operation as Custodian
Under section 54 of PHIPAA except under section 54, a custodian does not cease to be a custodian with respect to a record of personal health information until the complete custody and control of the record passes to another person who is legally authorized to hold the record. After such legal authorization the custodian ceases to operate as a custodian and successor is obliged to do the following-
- Notify the subject of the information about the personal health information held by the custodian or custodian’s successor.
- Provide an indication by which person may make a written request for access to the personal health information.
- The quantum of period for which the personal health information will be retained.
In case if a custodian ( if a custodian is an individual) dies then the duties, power of a custodian under PHIPAA shall be performed by the personal representative of the deceased (as per the Devolution of Estate Act) till the time custody does not passes to another persona who is legally authorized to hold the record.
Requirement for retention, storage, and secure destruction of information
Section 55 of PHIPAA mandates that the Custodian must establish a written policy for the retention, archival storage, access and secure destruction of personal health information that protects the privacy of the individual, and keep a record of the individual whose personal health information is destroyed, a summary of the contents of record, the time period to which the information relates, the methods of destruction and the name of the person responsible for supervising the secure destruction.
To Be Continued……………………………………
Picture Credit- https://www.ibi.com/