(1) Individually identifiable health information collected for or by a cooperative is subject to HIPAA.
(2) (a) All disclosures of individually identifiable health information shall be restricted to the minimum amount of information necessary to accomplish the purpose for which the information is being disclosed.
(b) Any cooperative shall implement administrative, technical, and physical safeguards for the security of identifiable health information.
(3) (a) Subject to appropriate procedures established by a cooperative, an individual has the right to know whether any individual or entity uses or maintains individually identifiable health information concerning the individual and for what purpose the information may be used or maintained.
(b) Subject to appropriate procedures established by a cooperative, an individual has the right, with respect to identifiable health information concerning the individual that is recorded in any form or medium, to:
See such information;
Copy such information; and
Have a notation made with or in such information including suggestions for amendments or corrections to such information requested by the individual or the individual's representative.
(4) Provider networks and providers in a network shall maintain the confidentiality of medical records as otherwise required by section 18-4-412, C.R.S., or other applicable law.
Source: L. 2004: Entire part added, p. 995, § 14, effective August 4. L. 2019: (1) amended, (SB 19-004), ch. 205, p. 2191, § 4, effective August 2.
Cross references: For the legislative declaration in SB 19-004, see section 1 of chapter 205, Session Laws of Colorado 2019.