OAR 407-014-0015
Information Governed by the HIPAA Privacy Rules


(1)

These rules address information that, among other things, may be PHI that is protected by the HIPAA Privacy Rules. For purposes of HIPAA Privacy Rules, the Authority is a covered entity, primarily because of its role as the state Medicaid and Children’s Health Insurance Program.

(2)

The Authority administers many aspects of the medical assistance program with the assistance of the Department, including but not limited to eligibility determinations for the medical assistance program and supervising the long-term and community-based services for seniors and people with disabilities. The Department also provides certain health care operations services for the Authority. In doing so, the Department is a business associate of the Authority. As a business associate of the Authority, the Department is authorized to use and disclose protected health information to perform or assist the Authority in the performance of its covered functions, in a manner consistent with these rules.

(3)

These rules only apply to information maintained by the Department as a business associate of the Authority.

Source: Rule 407-014-0015 — Information Governed by the HIPAA Privacy Rules, https://secure.­sos.­state.­or.­us/oard/view.­action?ruleNumber=407-014-0015.

Last Updated

Jun. 8, 2021

Rule 407-014-0015’s source at or​.us