(1) The Director of the Department of Consumer and Business Services shall adopt rules implementing ORS 746.607. In adopting rules under this section, the director shall consider the information privacy provisions of the federal Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191) and the federal Gramm-Leach-Bliley Act (P.L. 106-102).
(2) The rules adopted under subsection (1) of this section shall include but are not limited to:
(a) Permitted uses and disclosures of:
(A) Personal financial information for business, professional or insurance purposes; and
(B) Protected health information for treatment, payment and health care operations.
(b) Requirements for notice of privacy practices for protected health information and notice of information practices for personal financial information. [2003 c.87 §4]
Section: Previous 746.515 746.525 746.530 746.600 746.605 746.606 746.607 746.608 746.609 746.610 746.611 746.612 746.615 746.620 746.625 NextLast modified: August 7, 2008