(a) A business associate is defined as an individual or entity who:
- (1) performs on behalf of Oklahoma Department of Human Services (OKDHS) any function or activity involving the use or disclosure of protected health information (PHI); and
- (2) is not a member of the OKDHS workforce.
(b) The definition of "function or activity" includes:
- (1) claims processing or administration;
- (2) data analysis and data processing;
- (3) utilization review;
- (4) quality assurance; and
- (5) billing, actuarial accounting, and other financial services.
(c) OKDHS discloses a client's PHI to a business associate, and allows a business associate to create or receive PHI on behalf of OKDHS.
(d) OKDHS enters into a contractual agreement with a business associate. The contract includes the appropriate language and provisions required by the federal Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule regarding the proper use and disclosure of PHI. • 1