Current through Register Vol. 63, No. 3, March 1, 2024
(1) Definitions: In addition to the
definitions in OAR 859-010-0005, the following terms apply to this rule:
(a) "Authorization" means written permission
form from a patient or patient's representative giving the Board, and others
named on the form, authorization to obtain, release, or use information about
the patient from third parties for specified purposes or to disclose
information to a third party specified by the patient.
(b) "Disclosure" means the release, transfer,
relay, provision of access to, or conveying of protected patient information to
any individual or entity outside the Board.
(c) "Non-Protected Patient Information" means
patient information that the Board may have in its records or files that is not
protected or otherwise exempt from disclosure under state or federal law.
(d) "Protected Patient
Information" means patient information that the Board may have in its records
or files that is exempt from disclosure under state or federal law, including,
but not limited to, individually identifiable health information relating to
mental health records, alcohol and drug treatment records, and genetic
information.
(e) "Re-disclosure"
means the disclosure of information to a person or other entity other than the
person or entity to whom disclosure was originally authorized.
(f) "Representative" means a person who has
authority to act on behalf of a patient, including, but not limited to, the
patient's attorney or legal guardian.
(2) Use and disclosure of non-protected
patient information. Non-protected patient information is subject to disclosure
under the Public Records Law. All requests for patient information must be made
in writing. The Board will determine whether the requested information is
non-protected patient information or protected patient information. The Board
may charge a reasonable fee to cover the actual costs of making the public
records available to the requestor.
(3) Use and disclosure of protected patient
information with patient authorization:
(a)
The Board may disclose protected patient information to an identified
individual or entity in accordance with the signed, written authorization of
the patient or the patient's representative.
(b) A patient or patient representative may
revoke an authorization at any time. No revocation will apply to information
released while the authorization was valid and in effect.
(4) Use and disclosure of protected patient
information without authorization. The Board may use or disclose protected
patient information without authorization under the following circumstances:
(a) The Board may use or disclose protected
patient information without authorization to notify those whose immediate need
to know preserves or protects public safety. Individuals with a need to know
include, but are not limited to, first responders and victims.
(b) The Board may use or disclose protected
patient information without authorization if required to or permitted to
disclose the information under state and federal law, including but not limited
to mandatory abuse reporting laws, offender reporting requirements under ORS
chapter 181, and court orders. The Board's use or disclosure of the protected
patient information must comply with, and be limited in scope to, the
requirements of the applicable state and federal laws.
(c) The Board will disclose relevant
protected patient information to the parties (the state and the patient) in a
pending or scheduled PSRB hearing for the sole purpose of representing the
parties in the hearing. Persons other than the patient or the patient's
representative who are granted access under this rule may not re-disclose
protected patient information for any other purpose or use, unless it is
otherwise authorized under state or federal law.
(d) The Board may use or disclose protected
patient information without authorization in connection with the performance of
its official duties, or in defense of the Board in a legal action or other
proceeding against the Board brought by the patient or patient representative.
(e) The Board may use or disclose
protected patient information without authorization as necessary to protect
potential victims from specific threats made by the patient against one or more
named persons. If the Board receives information indicating that an individual
has been threatened directly, the Board will respond as appropriate and as
consistent with state law, including the need to protect the public.
(f) The Board may use or disclose protected
patient information without authorization as necessary to ensure continuity of
care, conditional release evaluation, monitoring and supervision of those being
considered for or placed on conditional release.
(5) The Board will protect and will not
release personally identifiable information including, but not limited to, home
addresses, telephone numbers, and e-mail addresses about the victims of the
patients under the Board's jurisdiction. Under these rules, victims have the
same protections from disclosure as do those under Board
jurisdiction.
Stat. Auth.: ORS
161.387,
179.505(14)
Stats. Implemented: ORS
161.336,
161.390,
179.505,
192.496,
192.502