(A) The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law requiring the administrative agency to issue a notice of privacy practices.
(B) The administrative agency shall:
(1) Ensure appropriate safeguards are taken in accordance with rule 5160-1-32 of the Administrative Code.
(2) Issue all individuals eligible through the medical assistance programs a notice of privacy practices, as described in 45 C.F.R. 164.520 (as in effect October 1, 2016), outlining the following descriptions of uses and disclosures, and procedures:
(a) A description of the types of uses and disclosures of protected health information (PHI) the administrative agency is permitted with examples for each of the following purposes:
(ii) Treatment; and
(iii) Healthcare operations.
(b) A description of the uses and disclosures permitted without the individual's written consent or authorization;
(c) A statement that other uses and disclosures will be made only with the individual's written authorization;
(d) Complaint procedure;
(e) Request for restriction procedure;
(f) Request for amendment procedure;
(g) Request for accounting procedure; and
(h) A name, or title, and telephone number of a person to contact for further information.
Replaces: 5160:1-1- 51.3
Five Year Review (FYR) Dates: 01/01/2022
Promulgated Under: 111.15
Statutory Authority: 5162.031, 5163.02
Rule Amplifies: 5162.031, 5163.02
Prior Effective Dates: 10/1/98, 10/6/03, 11/1/09, 01/01/14