Oklahoma Administrative Code
Title 340 - Department of Human Services
Chapter 2 - Administrative Components
Subchapter 8 - Health Insurance Portability and Accountability Act (Hipaa) Privacy Rule
Section 340:2-8-4 - Client rights to access personal health information (PHI)
Universal Citation: OK Admin Code 340:2-8-4
Current through Vol. 41, No. 13, March 15, 2024
(a) Oklahoma Department of Human Services (DHS) clients, per Section 164.524 of Title 45 of the Code of Federal Regulations ( 45 C.F.R. § 164.524 ), have the right to:
(1) access, inspect, and obtain a copy of
their own PHI in DHS files or records consistent with federal and state law,
except for:
(A) psychotherapy notes that are
not specifically released by the originator of the notes; and
(B) information compiled for use in civil,
criminal, or administrative proceedings;
(2) rebut a denial of access to their PHI by
requesting a review in writing to the DHS privacy officer. When a client
requests a review, the DHS privacy officer promptly acts on his or her request
and arranges for the review;
(3)
receive an accounting of disclosures DHS made of their PHI for up to six years
prior to the requesting date by completing Form 13HI004E, Request for
Accounting of Disclosures. This does not include disclosures made for the
purposes of treatment, payment, or health care operations activities or of PHI
previously authorized by the client for use or disclosure. After receiving Form
13HI004E, DHS staff completes and sends Form 13HI005E, Accounting of
Disclosures, to the client within 60-calendar days of receiving the request;
and
(4) submit complaints if they
believe or suspect that DHS improperly used or disclosed their PHI. When a
client or his or her personal representative submits a complaint, per Oklahoma
Administrative Code
340:2-8-9, DHS staff gives the
client the DHS privacy officer's name and phone number. The privacy officer:
(A) reviews the complaint;
(B) makes a decision regarding the
complaint;
(C) documents the
decision; and
(D) informs the
client of the decision in writing.
(b) Clients may ask DHS to take specific actions regarding the use or disclosure of their PHI, per 45 C.F.R. § 164.522, and DHS may approve or deny the request. Specifically, clients have the right to request that DHS:
(1) restrict uses and disclosures of their
PHI for treatment, payment, and operations;
(2) provide information by alternative means,
such as email, fax, mail, or phone, or at alternative locations by completing
Form 13HI006E, Request for Alternative Means of Communication. DHS terminates
the agreement to communicate by alternative means, when:
(A) the client agrees to or requests
termination; or
(B) DHS is unable
to contact the client by the method requested or at the designated location;
and
(3) amend their PHI,
per
45 C.F.R. §
164.526 by completing Form 13HI007E, Request
for Amendment of Protected Health Information.
(A) When DHS grants the amendment, DHS staff:
(i) makes the appropriate amendment to the
client's PHI;
(ii) provides timely
notice to the client that the amendment was accepted; and
(iii) seeks the client's agreement to notify
other relevant persons or agencies with whom DHS has cause to share the amended
information.
(B) DHS
denies the client's request for amendment, when the information:
(i) did not originate from DHS, unless the
client provides a reasonable basis to believe that the originator of such
information is no longer available to act on the requested amendment;
or
(ii) is accurate and
complete.
(C) When DHS
staff denies the amendment, a written denial is sent to the client explaining
the reason for the denial within 60-calendar days of the request for an
amendment. The denial explains the client's right to submit a written statement
disagreeing with the denial and how to file the statement. When the client
files a statement disagreeing with the denial, DHS staff has the right to
complete a written rebuttal to the client's statement and sends a copy of the
rebuttal to the client.
(c) Clients have the right to receive Form 13HI001E, Privacy Notice.
Added at 20 Ok Reg 2907, eff 8-21-03 (emergency); Added at 21 Ok Reg 784, eff 4-26-04
Disclaimer: These regulations may not be the most recent version. Oklahoma may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
