Laws and Regulations

The following is a list of federal and NYS laws and regulations, that is not exhaustive, that govern the use of MCD:

  • All New York State Information Technology Services (ITS) policies and standards
  • The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule
  • Section 367–b(4) of the NY Social Services Law (Medicaid)
  • New York State Social Services Law Section 369(4) (Medicaid)
  • Social Security Act, 42 USC 1396a(a)(7) (Medicaid)
  • Article 27–F of the New York Public Health Law (HIV/AIDS)
  • 18 NYCRR 360–8.1 (HIV/AIDS)
  • NY Civil Rights 79–L (Genetics)
  • Federal regulations at 42 CFR 431.302
  • 42 CFR Part 2 (Substance Use Disorder)
  • NYS Mental Hygiene Law Section 33.13 (Mental Health)
  • 45 CFR Parts 160 and 164 (Privacy related sections for HIPAA)
  • CMS ARS 3.1, Moderate, including Privacy controls
  • All applicable NYS state and federal laws and regulations related to privacy protections