The federal and state statutes, regulations, acts, and administrative rules listed in this rule are available for inspection and copying at most public libraries and "The State Library of Ohio." For materials subject to change, the material listed in this rule shall be as of the most current publication of the Ohio Revised Code, the United States Code, and the Ohio Administrative Code.
(A) The following federal and state statutes, regulations, acts, and administrative rules make personal information maintained by the "Department" confidential, and identify confidential personal information within the scope of rules promulgated by this "Department" in accordance with section 1347.15 of the Revised Code:
(1) Social security numbers: 5 U.S.C. 552(a), federal Privacy Act of 1974, unless the individual was told that the number would be disclosed;
(2) Section 4776.04 of the Revised Code, bureau of criminal investigation and information criminal records check results;
(3) Any personal information that is considered confidential under section 149.43 of the Revised Code;
(B) In addition, the following is a non-exhaustive list of federal statutes or regulations or state statutes and administrative rules making personal information maintained by each division confidential:
(a) Health Insurance Portability and Accountability Act (HIPAA) of 1996, Pub. L. No. 104-191, 29 U.S.C. 1181 ;
(b) The Americans with Disabilities Act (ADA) of 1990, 5 U.S.C. 8905a ;
(c) The Family and Medical Leave Act (FMLA) of 1993, 29 U.S.C. 2601.
(2) Ohio bureau of motor vehicles:
(a) The federal Driver's Privacy Protection Act (DPPA), 18 U.S.C. 2721 - 2725 ;
(c) Section 4501.15 of the Revised Code, social security and credit information obtained in connection with a driver's license or vehicle registration;
(e) Section 4507.20 of the Revised Code, physicians' statements submitted to the registrar;
(f) Section 4507.53 of the Revised Code, digitalized photographic records of the "Department;"
(h) Section 4517.43 of the Revised Code, motor vehicle dealer, motor vehicle auction owner, motor vehicle distributor, and motor vehicle salesperson license applications and copies of contracts;
(3) Ohio emergency management agency:
(a) The federal Freedom of Information/Privacy Act, 5 U.S.C. 552a, applies to all federal and disaster assistance grants administered by the agency;
(b) Public assistance and individuals and households disaster grant programs administered by the federal emergency management agency (FEMA), 42 U.S.C. Chapter 68;
(c) The Robert T. Stafford Disaster Relief and Emergency Assistance Act, 42 U.S.C. 5121, et seq.;
(d) Applicable secure areas and communications systems regulations, including but not limited to 49 C.F.R. Part 1520 and 32 C.F.R. Part 2001;
(e) Health Insurance Portability and Accountability Act (HIPAA) of 1996, Pub. L. No. 104-191, 29 U.S.C. 1181.
(4) Ohio emergency medical services:
(a) Section 149.43 of the Revised Code, Ohio public records act, makes specific exemptions for:
(i) Medical records;
(ii) EMT and firefighter residential and familial information;
(iii) Confidential law enforcement investigatory records.
(b) Section 4765.102 of the Revised Code makes specific exemptions for information received by the state board of emergency medical services pursuant to an investigation or a complaint;
(c) Section 4765.06 of the Revised Code makes specific exemptions for information that identifies or tends to identify a specific recipient or provider of emergency medical services or adult or pediatric trauma care;
(d) Health Insurance Portability and Accountability Act (HIPAA) of 1996, Pub. L. No. 104-191, 29 U.S.C. 1181 ;
(e) The Americans with Disabilities Act (ADA) of 1990, 5 U.S.C. 8905a.
(5) Ohio homeland security:
(a) Protections of criminal intelligence, 28 C.F.R. part 23;
(b) Section 109.57 of the Revised Code, protection of information provided to government agencies from the bureau of criminal investigation and information;
(c) Section 149.43 of the Revised Code, confidential law enforcement investigatory records;
(d) Section 149.433 of the Revised Code, security records and infrastructure records;
(e) Section 1347.12 of the Revised Code, no requirement to notify an individual of a system breach if notification jeopardizing national security.