Skip to main content

Oklahoma Department of
Human Services
Oklahoma Department of Human Services
75th Anniversary
Stronger Families Grow
Brighter Futures
Oklahoma Department of Human Services
Sequoyah Memorial Office Building, 2400 N. Lincoln Blvd. • Oklahoma City, OK 73105
(405) 521-3646 • Fax (405) 521-6684 • Internet: www.okdhs.org
 
Careers    Calendar   Contact Us    Newsroom   
 
Programs and Services    County Offices    Divisions and Offices     Online Services     Library
 
OKDHS Hotlines
Document Readers
OKDHS Home > Library > Policy > OAC 340 > Chapter 2. Administrative Components > 8. Health Insurance Portability and Accountability Act (HIPAA) Privacy rule > 4. Client privacy rights
340:2-8-4. Client privacy rights
Back 
|
Next

Issued 8-21-03


(a) Oklahoma Department of Human Services (OKDHS) clients have the right to:

  • (1) access, inspect, and obtain a copy of their own protected health information (PHI) in OKDHS files or records consistent with federal and state law except for:
    • (A) psychotherapy notes that are not specifically released by the originator of the notes;
    • (B) information compiled for use in civil, criminal, or administrative proceedings; and
    • (C) information that OKDHS believes can cause harm to the client or to any other person.  For this exception, clients have the right to have the decision reviewed by a licensed health care professional or other designated staff not directly involved in making the original denial decision;   • 1
  • (2) receive an accounting of disclosures OKDHS has made of their PHI for up to six years prior to the requesting date, except for disclosures made for the purposes of treatment, payment, or health care operations activities; and  • 2
  • (3) submit complaints if they believe or suspect that OKDHS has improperly used or disclosed their PHI.  • 3

(b) Clients may ask OKDHS to take specific actions regarding the use or disclosure of their PHI and OKDHS may either approve or deny the request.  Specifically, clients have the right to request:

  • (1) that OKDHS restrict uses and disclosures of their PHI to those activities related to treatment, payment, and operations, unless the restriction adversely affects the quality of the client's care or prevents OKDHS from making or obtaining payment for services;  • 4
  • (2) to receive information from OKDHS by alternative means, such as mail, e-mail, fax, or telephone, or at alternative locations; and  • 5
  • (3) that OKDHS amend their PHI.  • 6

(c) Clients have the right to receive Form HIPPA-1, Privacy Notice.  • 7

INSTRUCTIONS TO STAFF 340:2-8-4

 

1.  (a) The client may rebut the denial to the suspected harmful information by requesting a review in writing.

(b) All requests for review are made to the Oklahoma Department of Human Services (OKDHS) privacy officer who promptly acts on the requests and arranges for the review.

2.  (a) This right does not apply to disclosures made prior to April 14, 2003.

(b) The accounting includes only protected health information (PHI) not previously authorized by the client for use or disclosure.

(c) The client makes the request by completing Form HIPAA-4, Request for Accounting of Disclosures.

(d) OKDHS completes Form HIPAA-5, Accounting of Disclosures, and issues to the client within 60 days of receiving the request.  A copy is kept in the client's file for at least six years.

3.  If a client asks to file a complaint regarding the use or disclosure of PHI, he or she is given the name and phone number of the privacy officer. See OAC 340:2-8-9.  The privacy officer:

(1) reviews all complaints;

(2) makes a decision regarding the complaint;

(3) documents the decision;

(4) informs the client of the decision in writing; and

(5) forwards copies of the decision and all pertinent documentation to the case file.

4.  (a) OKDHS documents the client's request, and the reasons for granting or denying the request in the client's file.

(b) The client may request termination of the agreement, either orally or in writing.  Documentation of termination is filed in the client's file and kept for six years.

5.  (a) A client completes Form HIPAA-6, Request for Alternate Means of Communication, which is kept in the client's file for six years.

(b) The agreement to communicate by alternate means or location is terminated by OKDHS if:

(1) the client agrees to or requests termination; or

(2) OKDHS is unable to contact the client at the designated location or by the method requested.

(c) Documentation of termination is kept in the client's file for six years.

6.  (a) A client uses Form HIPAA-7, Request for Amendment of Protected Health Information, which is reviewed by the OKDHS staff involved in the client's care.

(b) OKDHS denies the client's request for amendment if the information:

(1) was not originated by OKDHS, unless the client provides a reasonable basis to believe that the originator of such information is no longer available to act on the requested amendment; or

(2) is accurate and complete.

(c) A written denial explaining the reason is sent within 60 days of the request for an amendment.  The denial explains the client's right to submit a written statement disagreeing with the denial and how to file such a statement.  If the client files such a statement, OKDHS:

(1) enters the written statement into the client's file; and

(2) has the right to enter a written rebuttal of the client's statement, which is placed in the client's file and also sent to the client.

(d) If the amendment request is granted, OKDHS must:

(1) make the appropriate amendment to the PHI, and document the amendment in the client's file;

(2) provide timely notice to the client that the amendment has been accepted; and

(3) seek the client's agreement to notify other relevant persons or agencies with whom OKDHS has cause to share the amended information.

7.  (a) OKDHS posts a copy of Form HIPAA-1, Privacy Notice, for public viewing at each worksite and on the OKDHS website.  A copy is given to any client upon request.

(b) OKDHS staff who provide direct health care treatment or services for clients give Form HIPAA-1 to each client no later than the date of first service delivery after April 14, 2003, and, except in an emergency treatment situation, obtain the client's written acknowledgement of receipt of the notice by having the client sign Form HIPAA-2, Privacy Notice Acknowledgment. 

(c) The signed Form HIPAA-2 is kept in the client's file.  If a good faith effort was made to have Form HIPAA-2 signed, but the client refuses, OKDHS staff documents the circumstances on the form and places it in the client's file.
Back
|
Next


Last Updated:  9/13/2011
Oklahoma Department of Human Services
Street address: Sequoyah Memorial Office Building, 2400 N. Lincoln Blvd., Oklahoma City, OK 73105
Mailing address: P.O. Box 25352, Oklahoma City, OK 73125
(405) 521-3646
Help | Web site Policies | Feedback | Accessibility