Recently, the Ohio Department of Medicaid (ODM) finalized Ohio Administrative Code 5160-1-32.1 (the Final Rule) which provides two standard authorization forms for the use and disclosure of protected health information (PHI). The standard forms are designed to comply with both the HIPAA Privacy Rule (45 C.F.R. § 164.508) and 45 C.F.R. Part 2, which covers certain substance abuse treatment information. According to ODM, the purpose of the Final Rule is to improve care coordination across multiple providers by making it easier to share PHI in a secure manner. The Final Rule went into effect on January 3, 2019.

While the Final Rule does not require the standard authorization forms to be used by covered entities, properly executed standard authorization forms must be accepted. The requirement to accept properly executed standard authorization forms goes into effect on February 2, 2019. 

The Final Rule is located here and the related appendices containing the ODM standard authorization forms are available here. The instructions for completing the standard authorization forms are available here. ODM has also published a fact sheet regarding the use of standard authorization forms and compliance with the Final Rule which is available here.