Chapter 4726-1 General Provisions

4726-1-01 Board organization.

(A) The board shall elect a president, vice president, and treasurer from its membership. Each officer of the board shall serve in his/her respective position for a period of one calendar year. The new officers shall assume their duties on the first day following the board meeting at which they were elected.

(1) The president:

(a) May serve more than a one-year term but the terms cannot be consecutive;

(b) Shall serve as the presiding officer at all meetings; and,

(c) Shall serve as the supervising disciplinary member who shall act on behalf of the full board for review of disciplinary matters. In the event the supervising member has a conflict of interest in a particular case, the board vice-president shall serve as the supervising member for purposes of reviewing that case.

(2) The vice-president:

(a) Shall serve a one-year term;and,

(b) Shall serve as the presiding officer in the absence of the president.

(3) The treasurer may serve as long as five years.

(4) In the event of a vacancy in the elected offices, the board shall fill the vacancy at the next regularly scheduled board meeting.

(B) The board shall meet at least once each calendar year in Columbus. The board shall also meet at such additional times and in such places as are directed by the president, or pursuant to a written request submitted to the executive director by two other officers or by any two members.

(C) A majority of the board shall constitute a quorum for the purpose of conducting the business of the board.

(D) Except as otherwise provided in paragraph (E) of this rule, all meetings of the board shall be conducted in accordance with "Robert's Rules of Order."

(E) The Board may develop and approve written guidelines or policies relating to board governance matters. To the extent that such guidelines or policies conflict with provisions of the "Robert's Rules of Order," the board-approved guidelines or policies shall control.

Replaces: 4726-3-01

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 4725.44 ORC
Rule Amplifies: 4725.42 ORC
Prior Effective Dates: 11/29/79, 8/4/94, 10/14/94, 10/4/02

4726-1-02 Adoption, amendment, or rescission of rules.

(A) The board shall adopt, amend or rescind rules necessary for the successful completion of its assigned mission. Such rules shall be adopted, amended, or rescinded in accordance with the procedures provided in Chapter 119. of the Revised Code.

(B) Prior to the adoption of any rules subject of the requirements of Chapter 119. of the Revised Code, the board shall give public notice of its intention to consider adopting, amending or rescinding of a rule at least thirty days prior to the date set for the public hearing. Notice shall be give by publication on the register of Ohio. The board may also issue any notice of publication to persons who are subject to or affected by the proposed rules. The notice shall include:

(1) A synopsis or general statement of the rule or rules to be adopted, amended or rescinded;

(2) A statement of reason or purpose of adoption, amendment or rescission of rules; and,

(3) Date, time and place of hearing on the proposed action.

Replaces: 4726-3-02

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 4725.44 ORC
Rule Amplifies: 4725.44 ORC
Prior Effective Dates: 11/29/79, 8/4/94 (Emer.), 10/14/94

4726-1-03 Method of notice of meetings.

(A) Any person may receive information concerning the time and place of all regularly scheduled meetings and the time, place and purpose of all special meetings by:

(1) Sending a written request to the board at its business address, email address or by fax;

(2) Calling the board at its business office during normal business hours;

(3) Consulting the posting on the board's web site; or,

(4) Checking the press room at the statehouse.

(B) Any representative of the news media may obtain notice of all special meetings by requesting in writing that such notice be provided and by supplying a postal or electronic address for receipt of the information.

(C) In the event of a special meeting not of an emergency nature, the board shall notify all media who have requested notice of the meeting by doing at least one of the following:

(1) Sending written notice by postal or electronic mail no later than twenty-four hours prior to the special meeting;

(2) Notifying such representatives by telephone no later than twenty-four hours prior to the special meeting. Such telephone messages shall be complete if a message has been left for the representative, or if after reasonable effort, the board has been unable to provide such telephone notice; or,

(3) Informing such representatives personally no later than twenty-four hours prior to the special meeting.

(D) In the event of a special meeting of an emergency nature requiring immediate official action, the board shall notify all media representatives on the list of such meetings by providing either the notice described in paragraph (A)(2) or (A)(3) of this rule. In such event, however, the notice need not be given twenty-four hours prior to the meeting, but shall be given upon completion of the agenda.

(E) For use in complying with the notice requirements of this rule, the board may maintain a mailing list of all persons who have made a prior written request to receive notice of regular or special meetings of the board and its committees.

(F) The board may assess a reasonable fee not to exceed the cost of copying and mailing for notices sent by means other than electronic mail in accordance with the provisions of this rule.

Replaces: 4726-3-04, 4726-3-05

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 4725.44 ORC
Rule Amplifies: 4725.44 ORC
Prior Effective Dates: 11/29/79, 8/4/94(Emer.), 10/14/94

4726-1-04 Board records, documents, fees.

(A) The board shall maintain a record of all applicants for, and holders of, licenses and registrations issued by the board under Chapters 4725.40 to 4725.99 of the Revised Code and any rules adopted under agency 4726 of the Administrative Code. The record shall be maintained in such format as determined by the board.

(B) A change in name shall be submitted to the board in writing within thirty days of the change and shall be accompanied by a notarized form and any other records as required by the board, and the current license or registration card.

(C) A change of address shall be submitted to the board in writing within thirty days of the change. Notice of renewal will be mailed to the last address of record maintained at the board. Failure of the licensed optician, licensed ocularist or registered apprentice to receive an application from the board does not excuse the license holder or the registered apprentice from renewing in a timely manner.

(D) All fee payments shall be made in the form specified by the board. Fees are non-refundable.

(E) Documents issued by the board as evidence of licensure or registrations shall not be reproduced, duplicated, or imaged onto paper or any electronic media. The only exception to this prohibition is that such documents may be photocopied by the individual to whom the document was issued. Immediately after photocopying the document, the individual to whom the document was issued shall write the word "copy" boldly across the front side of the photocopied version of the document with a black permanent ink marker and place the individual's initials after the word "copy."

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 4725.44
Rule Amplifies: 4725.44

4726-1-05 Accessing confidential personal information.

For the purposes of administrative rules promulgated in accordance with section 1347.15 of the Revised Code, the following definitions apply:

(A) "Access" as a noun means an instance of copying, viewing, or otherwise perceiving whereas "access" as a verb means to copy, view or otherwise perceive.

(B) "Acquisition of a new computer system" means the purchase of a "computer system," as defined in this rule, that is not a computer system currently in place nor one for which the acquisition process has been initiated as the effective date of the board rule addressing requirements in section 1347.15 of the Revised Code.

(C) "Board" means the Ohio optical dispensers board.

(D) "Computer system" means a "system," as defined by section 1347.01 of the Revised Code, that stores, maintains, or retrieves personal information using electronic data processing equipment.

(E) "Confidential personal information" (CPI) has the same meaning as defined by division (A)(1) of section 1347.15 of the Revised Code and identified by rules promulgated by the board in accordance with division (B)(3) of section 1347.15 of the Revised Code that reference the federal or state statutes or administrative rules that make personal information maintained by the board confidential.

(F) "Employee of the state board" means each employee of a state board regardless of whether he/she holds an elected or appointed office or position within the state board. "Employee of the state board" is limited to the specific employing state board.

(G) "Incidental contact" means contact with the information that is secondary or tangential to the primary purpose of the activity that resulted in the contact.

(H) "Individual" means natural person or the natural person's authorized representative, legal counsel, legal custodian, or legal guardian.

(I) "Information owner" means the individual appointed in accordance with division (A) of section 1347.05 of the Revised Code to be directly responsible for a system.

(J) "Person" means a natural person.

(K) "Personal information" has the same meaning as defined in division (E) of section 1347.01 of the Revised Code.

(L) "Personal information system" means a "system" that "maintains" "personal information" as those terms are defined in section 1347.01 of the Revised Code. "System" includes manual and computer systems.

(M) "Research" means a methodical investigation into a subject.

(N) "Routine" means common place, regular, habitual, or ordinary.

(O) "Routine information that is maintained for the purpose of internal office administration, the use of which would not adversely affect a person" as that phrase is used in division (F) of section 1347.01 of the Revised Code means personal information relating to the board's employees that is maintained by the board for administrative and human resource purposes.

(P) "System" has the same meaning as defined by division (F) of section 1347.01 of the Revised Code.

(Q) "Upgrade" means a substantial redesign of an existing system for the purpose of providing a substantial amount of new application functionality, or application modifications that would involve substantial administrative or fiscal resources to implement, but not include maintenance, minor updates and patches, or modifications that entail a limited addition of functionality due to changes in business or legal requirements.

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 1347.15
Rule Amplifies: 1347.15

4726-1-06 Procedures for accessing confidential personal information.

For personal information systems, whether manual or computer systems, that contain confidential personal information, the board shall do the following:

(A) Criteria for accessing confidential personal information. Personal information systems of the board are managed on a "need-to-know" basis whereby the information owner determines the level of access required for an employee of the board to fulfill his/her duties. The determination of access to confidential personal information shall be approved by the employee's supervisor and the information owner prior to providing the employee with access to confidential personal information within a personal information system. The board shall establish procedures for determining a revision to an employee's access to confidential personal information upon a change to that employee's job duties including, but not limited to, transfer or termination. Whenever an employee's job duties no longer require access to confidential personal information in a personal information system, the employee's access to confidential personal information shall be removed.

(B) Individual's request for a list of confidential personal information. Upon the signed written request of any individual for a list of confidential personal information about the individual maintained by the board, the board shall do all of the following;

(1) Verify the identity of the individual by a method that provides safeguards commensurate with the risk associated with the confidential personal information;

(2) Provide to the individual the list of confidential personal information that does not relate to an investigation about the individual or is otherwise not excluded from the scope of Chapter 1347. of the Revised Code; and,

(3) If all information relates to an investigation about that individual, inform the individual that the board has no confidential personal information about the individual that is responsive to the individual's request.

(C) Notice of invalid access.

(1) Upon discovery of notification that confidential personal information of a person has been accessed by an employee for an invalid reason, the board shall notify the person whose information was invalidly accessed as soon as practical and to the extent known at the time. However, the board shall delay notification for a period of time necessary to ensure that the notification would not delay or impede an investigation or jeopardize homeland or national security. Additionally, the board may delay the notification consistent with any measures necessary to determine the scope of the invalid access, including which individuals' confidential personal information invalidly was accessed, and to restore the reasonable integrity of the system.

(2) Notification provided by the board shall inform the person of the type of confidential personal information accessed and the date(s) of the invalid access.

(3) Notification may be made by any method reasonably designed to accurately inform the person of the invalid access, including written, electronic, or telephone notice.

(D) Appointment of a data privacy point of contact. The board director shall designate an employee of the board to serve as the data privacy point of contact. The data privacy point of contact shall work with the chief privacy officer within the office of information technology to assist the board with both the implementation of privacy protections for the confidential personal information that the board maintains and compliance with section 1347.15 of the Revised Code and rules adopted pursuant to the authority provided by that chapter.

(E) Completion of a privacy impact assessment. The board director shall designate an employee of the board to serve as the data privacy point of contact who shall timely complete the privacy impact assessment form developed by the department of information technology.

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 1347.15
Rule Amplifies: 1347.15

4726-1-07 Valid reasons for accessing confidential personal information.

(A) Pursuant to the requirements of division (B)(2) of section 1347.15 of the Revised Code, this rule contains a list of valid reasons, directly related to the board's exercise of its powers or duties, for which only employees of the board may access confidential personal information (CPI) regardless of whether the personal information system is a manual system or computer system.

(B) Performing the following functions constitute valid reasons for authorized employees of the board to access confidential personal information:

(1) Responding to a public records request;

(2) Responding to a request from an individual for the list of CPI the board maintains on that individual;

(3) Administering a constitutional provision or duty;

(4) Administering a statutory provision or duty;

(5) Administering an administrative rule provision or duty;

(6) Complying with any state of federal program requirements;

(7) Processing or payment of claims or otherwise administering a program with individual participants or beneficiaries;

(8) Auditing purposes;

(9) Licensure or eligibility for examination processes;

(10) Investigation or law enforcement purposes;

(11) Administrative hearings;

(12) Litigation, complying with an order of the court, or subpoena;

(13) Human resources matters (E.g., hiring, promotion, demotion, discharge, salary/compensation issues, leave requests/issues, time card approvals/issues;

(14) Complying with an executive order or policy;

(15) Complying with a board policy or a state administrative policy issued by the department of administrative services, the office of budget and management or other similar state agency; or,

(16) Complying with a collective bargaining agreement provision.

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 1347.15
Rule Amplifies: 1347.15

4726-1-08 Confidentiality statutes.

The following federal statutes or regulations or state statutes make personal information maintained by the board confidential and identify the confidential personal information within the scope of rules promulgated by this board in accordance with section 1347.15 of the Revised Code;

(A) Social security numbers: 5 U.S.C.a.unless the individual was told that the number would be disclosed;

(B) "Bureau of Criminal Investigation and Information" criminal records check results: section 4776.04 of the Revised Code;

(C) Medical records submitted with requests for and/or continuing education waiver requests: Health Insurance Portability and Accountability Act of 1996 (HIPAA) section 42 U.S.C. 201 ;

(D) College and university transcripts unless the individual consents to the release: Family Education Rights and Privacy Act (FERPA): section 20 U.S.C. 1232g .

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 1347.15
Rule Amplifies: 1347.15

4726-1-09 Restricting and logging access to confidential personal information in computerized personal information systems.

For personal information systems that are computer systems and contain confidential personal information, the board shall do the following:

(A) Access restrictions. Access to confidential personal information that is kept electronically shall require a password or other authentication measures.

(B) Acquisition of a new computer system. When the board acquires a new computer system that stores, manages or contains confidential personal information, the board shall include a mechanism for recording specific access by employees of the board to confidential personal information in the system.

(C) Upgrading existing computer systems. When the board modifies an existing computer system that stores, manages or contains confidential personal information, the board shall make a determination whether the modification constitutes an upgrade. Any upgrades to a computer system shall include a mechanism for recording specific access by employees of the board confidential personal information in the system.

(D) Logging requirements regarding confidential personal information in existing computer systems.

(1) The agency shall require employees of the board who access confidential personal information within computer systems to maintain a log that records that access.

(2) Access to confidential information is not required to be entered into the log under the following circumstances:

(a) The employee of the board is accessing confidential personal information for official board purposes, including research, and the access is not specifically directed toward a specifically named individual or a group of specifically named individuals;

(b) The employee of the board is accessing confidential personal information for routine office procedures and the access is not specifically directed toward a specifically named individual or a group of specifically named individuals;

(c) The employee of the board comes into incidental contact with confidential personal information and the access of the information is not specifically directed toward a specifically named individual or a group of specifically named individuals;

(d) The employee of the board accesses confidential personal information about an individual based upon a request made under either of the following circumstances:

(i) The individual requests confidential personal information about himself/herself;

(ii) The individual makes a request that the board takes some action on that individual's behalf and accessing the confidential personal information is required in order to consider or process that request.

(3) For purposes of this paragraph, the board may choose the form or forms of logging, whether in electronic or paper formats.

(E) Log management. The board shall issue a policy that specified the following:

(1) Who shall maintain the log;

(2) What information shall be captured in the log;

(3) How the log is to be stored; and,

(4) How long information kept in the log is to be retained.

Nothing in this rule limits the board from requiring logging in any circumstance that it deems necessary.

Effective: 02/01/2011
R.C. 119.032 review dates: 10/29/2015
Promulgated Under: 119.03
Statutory Authority: 1347.15
Rule Amplifies: 1347.15