Oklahoma Administrative Code (Last Updated: March 11, 2021) |
TITLE 75. Attorney General |
Chapter 15. Standards and Criteria for Domestic Violence and Sexual Assault Programs |
Subchapter 5. Client Records and Confidentiality |
SECTION 75:15-5-4. Client confidentiality
Latest version.
- (a) The DVSA program must comply with both state and federal laws governing confidentiality and any exceptions to those laws.(1) State Law: Case or client records, files or notes, of a DVSA program shall be confidential and shall only be released under certain prescribed conditions (74 O.S. § 18p-3):(A) The case records, case files, case notes, client records, or similar records of a domestic violence or sexual assault program certified by the Attorney General or of any employee or trained volunteer of a program regarding an individual who is residing or has resided in such program or who has otherwise utilized or is utilizing the services of any domestic violence or sexual assault program or counselor shall be confidential and shall not be disclosed;(B) For purposes of this subsection, the term "client records" shall include, but not be limited to, all communications, records, and information regarding clients of domestic violence and sexual assault programs; and(C) The case records, case files, or case notes of programs specified in paragraph 1 of this subsection shall be confidential and shall not be disclosed except with the written consent of the individual, or in the case of the individual's death or disability, of the individual's personal representative or other person authorized to sue on the individual's behalf or by court order for good cause shown by the judge in camera.(2) Federal Law:(A) The U.S. Violence Against Women Act (VAWA) at 42 U.S.C. § 13925 (b)(2), mandates programs that receive VAWA funds shall not reveal personally identifying information about victims without "reasonably time-limited," written, and informed consent. Under this provision, VAWA-funded programs are prohibited from disclosing personally identifying victim information to any third party, including to any database operated by any party outside of the domestic violence program. "Reasonably time-limited" is not defined in the statute, but it is determined by the circumstances and the purposes for which the client is requesting the release of information. It could be a few minutes, a few hours, or a few days. In no event should it be for more than 60 days;(B) The Family Violence Prevention and Services Act (FVPSA) at 42 U.S.C. 10406(c)(5), mandates specific confidentiality protections that apply to many programs. In order to ensure the safety of adult, youth and child victims of family violence, domestic violence or dating violence, and their families, FVPSA grantees and subgrantees under this chapter shall protect the confidentiality and privacy of such victims and their families. Grantees and subgrantees shall not:(i) Disclose any personally identifying information collected in connection with services requested, utilized, or denied through grantees' and subgrantees' programs; or(ii) Reveal personally identifying information without the informed, written, reasonably time-limited consent of the person (or in the case of an unemancipated minor, the minor and the parent or guardian or in the case of an individual with a guardian, the individual's guardian) about whom information is sought, whether for this program or any other Federal or State grant program, except that consent for release may not be given by the abuser or suspected abuser of the minor or individual with a guardian, or the abuser or suspected abuser of the other parent of the minor.(C) Housing Assistance Emergency Solutions Grants, at 42 U.S.C. § 11375 (c)(5), require recipients to develop and implement procedures to ensure confidentiality of records pertaining to any individual provided family violence prevention or treatment services under this part and that the address or location of the family violence shelter project assisted under this part will not be made public without written authorization of the person or persons responsible for the operation of such shelter; and(D) Stewart B. McKinney Homeless Assistance Act, at 42 U.S.C.§ 11363, mandates that any victim service provider that is a recipient or subgrantee shall not disclose for purposes of the Homeless Management Information System (HMIS) any personally identifying information about any client. Subgrantees may be required to disclose for purposes of HMIS non-personally identifying information that has been de-identified, encrypted, or otherwise encoded. The Violence Against Women Act also contains a provision that specifies a domestic violence program provider shall not disclose any personally identifying information about any client to the Homeless Management Information System (HMIS).(b) Compliance with 75:15-5-4 shall be determined by a review of the program's policies and procedures; and on-site observation of the handling and review of client records.
[Source: Transferred from 450:19-5-4 by SB 236 (2005), eff 7-1-05 (Editor’s Notice published at 22 Ok Reg 2667); Amended at 23 Ok Reg 339, eff 11-8-05 (emergency); Amended at 23 Ok Reg 2200, eff 7-1-06; Amended at 24 Ok Reg 2508, eff 7-15-07; Amended at 30 Ok Reg 1915, eff 7-25-13; Amended at 31 Ok Reg 804, eff 9-12-14; Amended at 33 Ok Reg 1195, eff 9-11-16; Amended at 36 Ok Reg 1379, eff 9-13-19]