(2) A health care facility shall file with the Oregon Health Authority a protection of health information report no later than 120 days following the close of each fiscal year. The report may be in the form of a letter, must be signed by the chief executive officer of the facility and must:
(a) State the responsibility of the health care facility’s management to establish and maintain adequate safeguards and procedures for protecting the confidentiality of personally identifiable and protected health information that the facility retains in electronic and hard copy form;
(b) Contain an assurance that there is ongoing evaluation and monitoring of the effectiveness of the safeguards and procedures in protecting the confidentiality of personally identifiable and protected health information;
(c) Contain assurances that the signing officer has disclosed to the board of directors of the facility:
(A) All significant deficiencies in the design or operation of recordkeeping systems or controls that could adversely affect the facility’s ability to protect the confidentiality of personally identifiable and protected health information;
(B) Any breaches of the security of personally identifiable and protected health information, whether material or not, that involve management, staff or employees of the facility who have a significant role in the facility’s recordkeeping systems or controls; and
(C) All necessary steps that have been taken to address deficiencies in the design or operation of recordkeeping systems or controls and to resolve any material weaknesses identified by the facility; and
(d) Contain assurances that the signing officer has identified for the board any material weaknesses in the recordkeeping systems or controls.
(3) The authority may adopt all rules necessary to carry out the provisions of this section.
(4) The protection of health information report is confidential and not subject to disclosure under ORS 192.311 to 192.478. [2015 c.133 §4]
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal plans you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with easy access to affordable legal services through a network of independent law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our network law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your network law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal plans, and access to the LegalFix networks of law firms are subject to the LegalFix Terms of Service and Privacy Policy.