OAR 859-045-0010
Public Records Use and Disclosure; Confidentiality
(1)
Definitions: In addition to the definitions in OAR 859-010-0005 (Definitions), the following terms apply to this rule:(a)
“Authorization” means written permission form from a patient or patient’s representative giving the Board, and others named on the form, authorization to obtain, release, or use information about the patient from third parties for specified purposes or to disclose information to a third party specified by the patient.(b)
“Disclosure” means the release, transfer, relay, provision of access to, or conveying of protected patient information to any individual or entity outside the Board.(c)
“Non-Protected Patient Information” means patient information that the Board may have in its records or files that is not protected or otherwise exempt from disclosure under state or federal law.(d)
“Protected Patient Information” means patient information that the Board may have in its records or files that is exempt from disclosure under state or federal law, including, but not limited to, individually identifiable health information relating to mental health records, alcohol and drug treatment records, and genetic information.(e)
“Re-disclosure” means the disclosure of information to a person or other entity other than the person or entity to whom disclosure was originally authorized.(f)
“Representative” means a person who has authority to act on behalf of a patient, including, but not limited to, the patient’s attorney or legal guardian.(2)
Use and disclosure of non-protected patient information. Non-protected patient information is subject to disclosure under the Public Records Law. All requests for patient information must be made in writing. The Board will determine whether the requested information is non-protected patient information or protected patient information. The Board may charge a reasonable fee to cover the actual costs of making the public records available to the requestor.(3)
Use and disclosure of protected patient information with patient authorization:(a)
The Board may disclose protected patient information to an identified individual or entity in accordance with the signed, written authorization of the patient or the patient’s representative.(b)
A patient or patient representative may revoke an authorization at any time. No revocation will apply to information released while the authorization was valid and in effect.(4)
Use and disclosure of protected patient information without authorization. The Board may use or disclose protected patient information without authorization under the following circumstances:(a)
The Board may use or disclose protected patient information without authorization to notify those whose immediate need to know preserves or protects public safety. Individuals with a need to know include, but are not limited to, first responders and victims.(b)
The Board may use or disclose protected patient information without authorization if required to or permitted to disclose the information under state and federal law, including but not limited to mandatory abuse reporting laws, offender reporting requirements under ORS chapter 163A, and court orders. The Board’s use or disclosure of the protected patient information must comply with, and be limited in scope to, the requirements of the applicable state and federal laws.(c)
The Board will disclose relevant protected patient information to the parties (the state and the patient) in a pending or scheduled PSRB hearing for the sole purpose of representing the parties in the hearing. Persons other than the patient or the patient’s representative who are granted access under this rule may not re-disclose protected patient information for any other purpose or use, unless it is otherwise authorized under state or federal law.(d)
The Board may use or disclose protected patient information without authorization in connection with the performance of its official duties, or in defense of the Board in a legal action or other proceeding against the Board brought by the patient or patient representative.(e)
The Board may use or disclose protected patient information without authorization as necessary to protect potential victims from specific threats made by the patient against one or more named persons. If the Board receives information indicating that an individual has been threatened directly, the Board will respond as appropriate and as consistent with state law, including the need to protect the public.(f)
The Board may use or disclose protected patient information without authorization as necessary to ensure continuity of care, conditional release evaluation, monitoring and supervision of those being considered for or placed on conditional release.(5)
The Board will protect and will not release personally identifiable information including, but not limited to, home addresses, telephone numbers, and e-mail addresses about the victims of the patients under the Board’s jurisdiction. Under these rules, victims have the same protections from disclosure as do those under Board jurisdiction.
Source:
Rule 859-045-0010 — Public Records Use and Disclosure; Confidentiality, https://secure.sos.state.or.us/oard/view.action?ruleNumber=859-045-0010.