OAR 943-120-0110


These rules establish requirements applicable to providers, CCOs, PHPs, and allied agencies that want to conduct electronic data transactions with the Authority. These rules govern the conduct of all web portal or EDI transactions with the Authority. These rules only apply to services or items that are paid for by the Authority. If the service or item is paid for by a plan or an allied agency, these rules do not apply.


These rules establish the Authority’s electronic data transaction requirements for purposes of the Health Insurance Portability and Accountability Act of 1996, 42 USC 1320d–1320d-8, Public Law 104-191, sec. 262 and sec. 264, and the implementing standards for electronic transactions rules. Where a federal HIPAA standard has been adopted for an electronic data transaction, this rule implements and does not alter the federal standard.


These rules establish procedures that must be followed by any provider, CCO, PHP, or allied agency in the event of a security or privacy incident, regardless of whether the incident is related to the use of an electronic data transaction.
Last Updated

Jun. 8, 2021

Rule 943-120-0110’s source at or​.us