14.29 Duty to Mitigate
14.29.1 POLICY STATEMENT
The Health Plan will mitigate, to the extent practicable, any harmful effect that is known to the Health Plan of a use or disclosure of protected health information (PHI) in violation of its policies and procedures by the Health Plan or its business associates.
14.29.2 POLICY INTERPRETATION AND IMPLEMENTATION
|Mitigation Actions||When a violation of the Health Plan’s policies and procedures are brought to the attention of the Health Plan, the following action will be taken:The Privacy Officer will be notified and will start an immediate investigation into the violation;The Health Plan will identify the extent of the breach and will take reasonable steps to mitigate or correct the violation;The Health Plan will document the steps taken to mitigate.|
|Record Retention||A copy of all HIPAA covered information and any revisions shall be maintained for a period of at least six (6) years. Such retention may be in printed or electronic format, or both.|
|Privacy Officer||The Privacy Officer is responsible for the development and implementation of the HIPAA policies and procedures. The Privacy Officer is also the contact person for any questions or complaints regarding HIPAA. Questions or concerns about HIPAA rights should be directed to the Privacy Officer during regular business office hours Monday through Friday, except holidays, at (651) 696-6280.|
|Violations||Violations of this policy will be subject to discipline.|