OAR 407-120-0110
Purpose
(1)
These rules establish requirements applicable to providers, PHPs, and allied agencies that want to conduct electronic data transactions with the Department. These rules govern the conduct of all web portal or EDI transactions with the Department. These rules only apply to services or items that are paid for by the Department. If the service or item is paid for by a plan or an allied agency, these rules do not apply.(2)
These rules establish the Department’s electronic data transaction requirements for purposes of the Health Insurance Portability and Accountability Act of 1996, 42 USC 1320d–1320d-8, Public Law 104-191, sec. 262 and sec. 264, and the implementing standards for electronic transactions rules. Where a federal HIPAA standard has been adopted for an electronic data transaction, this rule implements and does not alter the federal standard.(3)
These rules establish procedures that must be followed by any provider, PHP, or allied agency in the event of a security or privacy incident, regardless of whether the incident is related to the use of an electronic data transaction.
Source:
Rule 407-120-0110 — Purpose, https://secure.sos.state.or.us/oard/view.action?ruleNumber=407-120-0110
.