August 21, 2019

August 20, 2019

Subscribe to Latest Legal News and Analysis

August 19, 2019

Subscribe to Latest Legal News and Analysis

New Ohio Standard Authorization Forms for Use and Disclosure of Protected Health Information

Recently, the Ohio Department of Medicaid (ODM) finalized Ohio Administrative Code 5160-1-32.1 (the Final Rule) which provides two standard authorization forms for the use and disclosure of protected health information (PHI). The standard forms are designed to comply with both the HIPAA Privacy Rule (45 C.F.R. § 164.508) and 45 C.F.R. Part 2, which covers certain substance abuse treatment information. According to ODM, the purpose of the Final Rule is to improve care coordination across multiple providers by making it easier to share PHI in a secure manner. The Final Rule went into effect on January 3, 2019.

While the Final Rule does not require the standard authorization forms to be used by covered entities, properly executed standard authorization forms must be accepted. The requirement to accept properly executed standard authorization forms goes into effect on February 2, 2019. 

The Final Rule is located here and the related appendices containing the ODM standard authorization forms are available here. The instructions for completing the standard authorization forms are available here. ODM has also published a fact sheet regarding the use of standard authorization forms and compliance with the Final Rule which is available here.

© 2019 Dinsmore & Shohl LLP. All rights reserved.


About this Author

Jennifer Mitchell, health care practice group partner, Dinsmore Shohl, law firm,

Jennifer is a Partner in the Health Care Practice Group and leads the firm’s HIPAA Privacy and Security practice and initiatives. In her HIPAA practice, she works with clients to minimize the risk of privacy and data security issues, assisting with all aspects of HIPAA privacy and security compliance, governance, audits/investigations, breach analyses, training and strategic planning. She has a thorough understanding of federal and state privacy and confidentiality laws and has served as a health care privacy expert witness. 

Within the...

Jared Bruce, Dinsmore Law Firm, Cincinnati, Corporate and Health Care Law Attorney

Jared focuses his practice on various health care law matters, including regulatory compliance, transactional matters and cybersecurity.  His prior experience includes serving as in-house counsel for a large non-profit managed care plan.

He drafts and negotiates complex health care-related contracts involving information technology (software licenses and professional service agreements), provider agreements, data sharing agreements and Business Associate Agreements. Jared’s practice includes advising payers, hospitals and providers on compliance and transactional matters related to government-sponsored health insurance plans such as Medicare and Medicaid. Additionally, he has experience representing clients in administrative appeals, Ohio Medicaid State hearings and provider reimbursement disputes.