Laws and Regulations

The following is a list of federal and NYS laws and regulations, that is not exhaustive, that govern the use of MCD:

• All New York State Information Technology Services (ITS) policies and standards
• The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule
• Section 367–b(4) of the NY Social Services Law (Medicaid)
• New York State Social Services Law Section 369(4) (Medicaid)
• Social Security Act, 42 USC 1396a(a)(7) (Medicaid)
• Article 27–F of the New York Public Health Law (HIV/AIDS)
• 18 NYCRR 360–8.1 (HIV/AIDS)
• NY Civil Rights 79–L (Genetics)
• Federal regulations at 42 CFR 431.302
• 42 CFR Part 2 (Substance Use Disorder)
• NYS Mental Hygiene Law Section 33.13 (Mental Health)
• 45 CFR Parts 160 and 164 (Privacy related sections for HIPAA)
• CMS ARS 3.1, Moderate, including Privacy controls
• New York State Department of Health Offshoring Policy
• All applicable NYS state and federal laws and regulations related to privacy protections