Section 414.607 - Use and disclosure of member information; access by member to personal health information.

OR Rev Stat § 414.607 (2019) (N/A)
Copy with citation
Copy as parenthetical citation

(2) A member of a coordinated care organization must have access to the member’s personal health information in the manner provided in 45 C.F.R. 164.524 so the member can share the information with others involved in the member’s care and make better health care and lifestyle choices.

(3) Notwithstanding ORS 179.505, a coordinated care organization, its provider network and programs administered by the Department of Human Services for seniors and persons with disabilities shall use and disclose member information for purposes of service and care delivery, coordination, service planning, transitional services and reimbursement, in order to improve the safety and quality of care, lower the cost of care and improve the health and well-being of the organization’s members.

(4) A coordinated care organization and its provider network shall use and disclose sensitive diagnosis information including blood-borne infections and other health and mental health diagnoses, within the coordinated care organization for the purpose of providing whole-person care. Individually identifiable health information must be treated as confidential and privileged information subject to ORS 192.553 to 192.581 and applicable federal privacy requirements. Redisclosure of individually identifiable information outside of the coordinated care organization and the organization’s providers for purposes unrelated to this section or the requirements of ORS 413.032, 414.572, 414.598, 414.605, 414.632, 414.638 or 414.655 remains subject to any applicable federal or state privacy requirements.

(5) This section does not prohibit the disclosure of information between a coordinated care organization and the organization’s provider network, and the Oregon Health Authority and the Department of Human Services for the purpose of administering the laws of Oregon.

(6) The Health Information Technology Oversight Council shall develop readily available informational materials that can be used by coordinated care organizations and providers to inform all participants in the health care workforce about the appropriate uses and limitations on disclosure of electronic health records, including need-based access and privacy mandates. [Formerly 414.679]