 |
Oklahoma Administrative Code (Last Updated: March 11, 2021) |
 |
TITLE 260. Office of Management and Enterprise Services |
|
Chapter 45. Employees Group Insurance Division - Administrative and General Provisions |
|
Subchapter 3. Records and Information |
SECTION 260:45-3-2. Confidentiality of medical records
Latest version.
- (a) All information, documents, medical reports and copies thereof contained in a member's insurance file held by EGID shall be confidential and shall not be reviewed by unauthorized parties, without permission of the individual or provider, or by court order. The confidentiality of a member's information is maintained when the member's information held by EGID is utilized for health management and communicated among:(1) employees of EGID;(2) EGID's contracted third party administrators and consultants;(3) providers to the member and(4) the member, according to statutory provisions for privilege and confidentiality or written agreements to protect the confidentiality and non-disclosure of the information.(b) Authorizations to use or share protected health information will remain valid until termination of the member's or dependent's enrollment in HealthChoice, unless a shorter period of time has been specified, or unless rescinded.(c) A member's health information is protected by this rule and the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy regulations as codified in 45 Code of Federal Regulations Parts 160 and 164.(1) EGID requires a signed HIPAA compliant authorization from a member or dependent before any confidential information is released to a person, company, or law firm.(2) When individual circumstances arise in specific cases, EGID has authority to ask the member or dependent to independently confirm that EGID has permission to disclose confidential information before responding to any pending request.(3) EGID's obligation to respond to record requests is discharged when EGID has responded to the original request, or if permission of the member or dependent is withdrawn. EGID requires a new authorization or subpoena if more records are requested after EGID has responded.