Ohio Proposed Rule to Require Providers to Accept Standard Form for PHI

November 2018 ~

The Ohio Department of Medicaid (ODM) has proposed the adoption of a proposed rule, Ohio Administrative Code 5160-1-32, which would require two standard authorization forms for the use and disclosure of protected health information (PHI).

The two forms comply with both the HIPAA privacy rule (45 C.F.R. § 164.508) and 45 C.F.R. The proposal, if passed, would require all Ohio providers to accept a properly executed standard authorization form within 30 days after the Proposed Rule’s effective date.

The Proposed Rule stems from legislation enacted by the Ohio General Assembly in 2012 to “harmonize state privacy law with federal law” which included a requirement that ODM develop a standard authorization form for the use and disclosure of PHI (Ohio Revised Code §§ 3798.02 and 3798.10).

According to ODM, the purpose of the standard authorization forms is to improve care coordination for Ohio patients across multiple providers by making it easier to share PHI in a secure manner.  Moreover, ODM developed the standard authorization forms as part of a broader statewide initiative to integrate physical and behavioral health care services within Medicaid managed care.  Ohio providers would not be required to use the standard forms, but they would be required to accept properly executed standard forms.

For more information, see the full text of the Proposed Rule, here.

The ODM proposed standard authorization forms can be accessed here, and instructions for completing the standard authorization forms can be found here.

Source(s): National Law Review; Lexology; Ohio State University Office of the Chief Information Officer;