Skip to main content

Oklahoma Department of
Human Services
Oklahoma Department of Human Services
75th Anniversary
Stronger Families Grow
Brighter Futures
Oklahoma Department of Human Services
Sequoyah Memorial Office Building, 2400 N. Lincoln Blvd. • Oklahoma City, OK 73105
(405) 521-3646 • Fax (405) 521-6684 • Internet: www.okdhs.org
 
Careers    Calendar   Contact Us    Newsroom   
 
Programs and Services    County Offices    Divisions and Offices     Online Services     Library
 
OKDHS Hotlines
Document Readers
OKDHS Home > Library > Policy > OAC 340 > Chapter 2. Administrative Components > 8. Health Insurance Portability and Accountability Act (HIPAA) Privacy rule > 5. Privacy officer
340:2-8-5. Privacy officer
Back 
|
Next

Issued 8-21-03


(a) The Oklahoma Department of Human Services (OKDHS) has designated a privacy officer to perform the required functions as specified in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.  The contact information is: Oklahoma Department of Human Services, Privacy Officer, P.O. Box 53025, Oklahoma City, OK 73152.

(b) The privacy officer is responsible for:

  • (1) the development and implementation of OKDHS privacy policies;
  • (2) making decisions regarding the use and or disclosure of protected health information (PHI) when requested for the purpose of:
    • (A) judicial and administrative proceedings;
    • (B) law enforcement investigations;
    • (C) research; and
    • (D) marketing;
  • (3) reviewing a denial for a client's access to his or her own PHI for reasons indicated in OAC 340:2-8-4(a)(1)(C), and taking appropriate action following the review;
  • (4) receiving complaints regarding the use or disclosure of PHI from external and internal sources, and taking the appropriate action following the review;  • 1
  • (5) ensuring proper business associate agreements contain the appropriate language and provisions as required by the Privacy Rule; and
  • (6) receiving complaints regarding business associate activities or practices, and taking appropriate action following the review.  • 2

INSTRUCTIONS TO STAFF 340:2-8-5

1.  (a) The privacy officer reviews all complaints, makes a decision regarding the appropriate action, documents the decision, informs the client, and forwards copies of all documentations; which are kept in the client's file for six years.

(b) If it is determined that an inappropriate use or disclosure has occurred, the Oklahoma Department of Human Services (OKDHS) will take all practicable steps to mitigate the harmful effects.  The type of mitigation that occurs will be based on the facts and circumstances of each case.

2.  (a) The privacy officer sends a letter to the business associate requesting review of the circumstances related to the alleged conduct.  OKDHS requires the business associate to respond within ten business days.

(b) If the facts known to OKDHS indicate a violation of the business associate agreement, the privacy officer sends a letter outlining required remediation in order for the business associate to attain contract compliance.

(c) If contract compliance cannot be attained, OKDHS must terminate the contract if feasible.  If termination is not feasible, the privacy officer reports the problem to the United States Department of Health and Human Services, Office for Civil Rights.
Back
|
Next


Last Updated:  9/13/2011
Oklahoma Department of Human Services
Street address: Sequoyah Memorial Office Building, 2400 N. Lincoln Blvd., Oklahoma City, OK 73105
Mailing address: P.O. Box 25352, Oklahoma City, OK 73125
(405) 521-3646
Help | Web site Policies | Feedback | Accessibility