Skip to Content

Security of Health Information in Michigan

Under Michigan law, outpatient facilities and insurers are required to safeguard medical records from access by unauthorized individuals.1 Insurers or health plans are required to create an information security program that provides security of consumer information from unauthorized access, but also protects against any anticipated threats against the security of the information.2  Additionally, Michigan has established a Health Information Technology Commission to address the area of security of consumer information.3

 

Footnotes

  • 1. MI ADC R. 325.3848; MI ADC R. 500.553
  • 2. MI ADC R. 500.554
  • 3. MCLA § 333.2503; MCLA § 333.2505

 

Security of Health Information in Michigan

Subtopic Statute/Regulation Description
Unauthorized access or disclosure of health information (Cross reference Privacy & Confidentiality) Mich. Admin. Code r. 325.3848 - Medical records; storage Outpatient facilities must ensure that there is adequate storage of medical records to protect confidentiality and to prevent access by unauthorized...
Storage of health information in a secure location (Cross reference Medical Record Collection) Mich. Admin. Code r. 325.6810 - Clinical patient records; confidentiality; disclosure; availability; storage and preservation Information from a patient’s clinical record in the possession of an insurance company is confidential and can only be disclosed to authorized...
Mich. Admin. Code r. 500.554 - Objectives of information security program The insurer or health plan’s information security program must ensure the security and confidentiality of consumer information, protect against...
Mich. Comp. Laws Ann. § 333.16213 - Retention of records Retention of records   All patient records are considered to be the property of and are held in the custody of the health care provider. A...
Mich. Comp. Laws Ann. § 400.111b - Requirements as condition of participation by provider As a condition of participation to provide Medicaid services, a provider must meet the following requirements: Comply with all state licensing...
Mich. Comp. Laws Ann. § 750.492a - Placing misleading or inaccurate information in medical records or charts; alteration or destruction of medical records or charts; penalties Placing misleading or inaccurate information in medical records or charts; alteration or destruction of medical records or charts; penalties;...
Security of Health Information Mich. Admin. Code r. 500.553 - Information security program Each insurer or health plan must implement an information security program that safeguards consumer information.  
Mich. Comp. Laws Ann. § 333.2505 - Commission; duties; strategic plan The Health Information Technology Commission must do the following: Develop a plan to establish an interoperable system that reduces medical...