A health care provider or state health plan:
(1) May use or disclose protected health information of an individual in a manner that is consistent with an authorization provided by the individual or a personal representative of the individual.
(2) May use or disclose protected health information of an individual without obtaining an authorization from the individual or a personal representative of the individual:
(a) For the provider’s or plan’s own treatment, payment or health care operations; or
(b) As otherwise permitted or required by state or federal law or by order of the court.
(3) May disclose protected health information of an individual without obtaining an authorization from the individual or a personal representative of the individual:
(a) To another covered entity for health care operations activities of the entity that receives the information if:
(A) Each entity has or had a relationship with the individual who is the subject of the protected health information; and
(B) The protected health information pertains to the relationship and the disclosure is for the purpose of:
(i) Health care operations as listed in ORS 192.519 (4)(a) or (b); or
(ii) Health care fraud and abuse detection or compliance;
(b) To another covered entity or any other health care provider for treatment activities of a health care provider; or
(c) To another covered entity or any other health care provider for the payment activities of the entity that receives that information. [2003 c.86 §3]
Note: See note under 192.518.
Section: Previous 192.502 192.503 192.505 192.515 192.517 192.518 192.519 192.520 192.521 192.522 192.523 192.524 192.525 192.526 192.527 NextLast modified: August 7, 2008