Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I ensure that my company is compliant with expanding privacy protections in Oklahoma? What are the requirements?

To ensure that your company is compliant with expanding privacy protections in Oklahoma, you must follow the requirements outlined in the Oklahoma Administrative Code (OKAC) and Oklahoma state law.

Privacy Officer

One of the requirements is to designate a privacy officer who is responsible for developing and implementing privacy policies, making decisions regarding the use and disclosure of protected health information, reviewing denials for a client’s access to their own PHI, receiving complaints regarding the use or disclosure of PHI, ensuring proper business associate agreements, and receiving complaints regarding business associate activities or practices [1.1].

Initial Privacy Notice to Consumers

Another requirement is to provide a clear and conspicuous initial privacy notice that accurately reflects your privacy policies and practices to customers and consumers before disclosing any nonpublic personal financial information about the consumer to any nonaffiliated third party [3.1].

Annual Privacy Notice to Customers

A licensee shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship. Annually means at least once in any period of twelve (12) consecutive months during which that relationship exists. A licensee may define the twelve-consecutive-month period, but the licensee shall apply it to the customer on a consistent basis [3.2].

Minimum Necessary Standards

The Oklahoma Department of Human Services (DHS) limits requests for, use of, and disclosure of protected health information (PHI) to that which is reasonably necessary to accomplish the intended purpose of the use, disclosure, or request, per Section 164.502(b) of Title 45 of the Code of Federal Regulations (45 C.F.R. § 164.502(b)). This minimum necessary standard is not used to impede the essential activities of treatment, payment, or health care operations [1.2].

Therefore, to ensure compliance with expanding privacy protections in Oklahoma, your company must designate a privacy officer, provide an initial privacy notice to consumers, provide an annual privacy notice to customers, follow minimum necessary standards, and incorporate in accordance with state law.

Source(s):
Jurisdiction

Oklahoma