Current through Register Vol. 63, No. 12, December 1, 2024
Section 125-055-0100 - Purpose - HIPAA Privacy and Security Rule Implementation; HITECH Act Implementation(1) The purpose of these rules is to set forth the requirements that a contractor who is a Business Associate of an Agency must abide by in order to comply with the Business Associate provisions of HIPAA and the implementing Privacy Rule and Security Rule and of the HITECH Act. The Privacy Rule and Security Rule, as amended by the HITECH Act, require an Agency, to obtain certain written assurances from a Business Associate, that the Business Associate will comply with the Business Associate requirements set forth in 45 CFR 164.502(e) and 164.504(e). The Privacy Rule requires that a Covered Entity obtain certain written assurances before the Business Associate may create, receive, maintain or transmit Protected Health Information. The requirements contained in this Rule apply both to Contracts for trade services and personal services, as defined in OAR 125-246-0110. (2) This Rule will be interpreted as broadly as necessary to implement and comply with HIPAA, the Privacy Rule and the Security Rule, and the HITECH Act. Any ambiguity in this Rule shall be resolved in favor of a meaning that complies and is consistent with HIPAA, the Privacy Rule and the Security Rule, and the HITECH Act. Or. Admin. Code § 125-055-0100
DAS 9-2002(Temp), f. & cert. ef. 12-31-02 thru 6-28-03; DAS 3-2003, f. & cert. ef. 6-27-03; DAS 5-2005(Temp), f. & cert. ef. 4-20-05 thru 10-17-05; DAS 12-2005, f. 10-21-05, cert. ef. 10-22-05; DAS 2-2010(Temp), f. & cert. ef. 7-26-10 thru 1-17-11; DAS 4-2010, f. & cert. ef. 11-15-10; DAS 4-2013, f. 12-17-13, cert. ef. 1-1-14Stat. Auth.: ORS 184.305, 184.340 & 279A.140
Stats. Implemented: ORS 279A.140 & The Health Insurance Portability and Accountability Act of 1996, 42 USC 1320 d -1320d-8, PL 104-191, sec. 262& sec. 264