ODJFS eManuals > Local Administration > Administrative Procedure Manual > APM Chapter 9 Rules > 5101:9-9-20 Treatment of Health Insurance Portability and Accountability Act (HIPAA) Inquiries to a County Agency

eManuals has a new look and a new home! Please visit the new Program Rules and Resources site for all future needs related to the program area rules. This old site will only be available for a limited time.

prev page next page

view clean (no strike-throughs or underlines)

print get notified of updates to this manual

APM Chapter 9 Rules

5101:9-9-20 Treatment of Health Insurance Portability and Accountability Act (HIPAA) Inquiries to a County Agency

APMTL 379

Effective Date: May 26, 2020

Most Current Prior Effective Date: February 1, 2015

(A)HIPAA is a federal law that, among other regulations, requiresrequiring the protection of confidentiality and security of health data including the safeguarding, privacy, and release of protected health information (PHI).

(B)PHI includes, but is not limited to, the following individually identifiable health information, including genetic information of public assistance applicants, recipients, and former recipients:

(1)Information relating to past, present, or future physical or mental health or condition of an individual;

(2)Provision of health care to an individual;

(3)Past, present, or future payment for health care to an individual; and

(4)Eligibility information of an individual for the medicaid buy-in for workers with disabilities, disability medical assistance, or refugee medical assistance program, or any other plan or program that provides medical assistance or pays the cost of medical care.

(C)All current and future recipients of medicaid buy-in for workers with disabilities, disability medical assistance, refugee medical assistance, or any other plan or program that provides medical assistance or pays the cost of medical care, received or will receive a privacy notice outlining the following descriptions of uses and disclosures, and recipient procedures:

(1)A description of the types of uses and disclosures of PHI the Ohio department of job and family services (ODJFS)medicaid (ODM) or its delegated entity is permitted to make, with examples to include payment, treatment, and healthcare operations;

(2)A description of other uses and disclosures permitted under HIPAA without written consent or authorization to include examples such as required by law;

(3)A statement that other uses and disclosures will be made only with the individual's written authorization;

(4)Complaint procedure;

(5)Request for restriction procedure;

(6)Request for amendment procedure; and

(7)Request for accounting procedure.

(D)If a recipient of benefits identified in paragraph (C) of this rule requests any of the procedures outlined in paragraphs (C)(4) to (C)(7) of this rule from the county agency or entity acting on behalf of ODJFS who collects and maintains the information identified in paragraph (B) of this rule through which the recipient participates, the county agency or entity acting on behalf of ODJFS shall do one of the following:

(1)Refer the recipient to the ODJFSODM privacy official by providing the recipient with the appropriate phone number; or

(2)Provide the recipient with a copy of the HIPAA privacy notice outlining the procedures set out in paragraphs (C)(4) to (C)(7) of this rule and notice identifying whom the recipient may contact to initiate those procedures.

http://medicaid.ohio.gov/FOROHIOANS/AlreadyCovered/NoticeofPrivacyPractices.aspx

Effective: 5/26/2020

Certification: CERTIFIED ELECTRONICALLY

Date: 05/14/2020

Promulgated Under: 111.15

Statutory Authority: 5101.02

Rule Amplifies: 5101.02

Prior Effective Dates: 04/14/2003, 05/23/2008, 02/01/2015

top