Recently, the Ohio Department of Medicaid (ODM) proposed the adoption of Ohio Administrative Code 5160-1-32.1 (the Proposed Rule), which provides two standard authorization forms for the use and disclosure of protected health information (PHI). The standard forms are designed to comply with both the HIPAA privacy rule (45 C.F.R. § 164.508) and 45 C.F.R. Part 2, which covers certain substance abuse treatment information. The Proposed Rule would require all Ohio providers to accept a properly executed standard authorization form within 30 days after the Proposed Rule’s effective date. The Proposed Rule stems from legislation enacted by the Ohio General Assembly in 2012 to “harmonize state privacy law with federal law.” The legislation included a requirement that ODM develop a standard authorization form for the use and disclosure of PHI (Ohio Revised Code §§ 3798.02 and 3798.10).
According to ODM, the purpose of the standard authorization forms is to improve care coordination for Ohio patients across multiple providers by making it easier to share PHI in a secure manner. Moreover, ODM developed the standard authorization forms as part of a broader statewide initiative to integrate physical and behavioral health care services within Medicaid managed care. Ohio providers would not be required to use the standard forms, but they would be required to accept properly executed standard forms. A public hearing on the Proposed Rule will be held on November 16, 2018. Written comments may be submitted on or before the date of the public hearing.