New Healthcare Privacy Law in the State of Oregon

New Healthcare Privacy Law in the State of Oregon

Oregon’s House Bill 3284 is an online healthcare website privacy law that was recently amended in 2021. As stated in the law, HB 3284 was enacted for the purpose of “protecting the privacy of the personal health data of residents of this state.” Subsequently, the law outlines the various steps that healthcare providers and organizations are required to take as it concerns protecting the Patient Health Information or PHI of the various patients that they serve on a daily basis, particularly in the midst of the COVID-19 pandemic. Furthermore, the law also sets forth the punishments that healthcare organizations stand to face should they fail to adhere to the sections of the law.

How are covered organizations defined under the law?

Under Oregon’s House Bill 3284, a covered organization is taken to mean “a person that collects, uses or discloses personal health data or that develops or operates a website, web application, mobile application, mobile operating system feature or other electronic method by means of which the person may collect, use or disclose personal health data.” Conversely, the law defines a service provider as “a person that collects, uses or discloses personal health data solely for the purpose of providing business services to, on behalf of, or for the benefit of a covered organization in accordance with instructions or direction from, or under the terms and conditions of a contract with, the covered organization.”

What are the duties of covered organizations under the law?

The responsibilities that covered organizations within the state of Oregon have under HB 3284 as it relates to protecting the health and medical records of the multitude of patients that reside within the state include but are not limited to:

What are the punishments for violating the law?

As it relates to the enforcement of the law, the various sections, and provisions laid out in Oregon’s Website Privacy Law are enforced by the state attorney general. To this point, violations of the law constitute an unlawful trade practice under applicable legislation within the state of Oregon. Some actions that could be considered violations of the law include:

Healthcare information and redaction

As the COVID-19 pandemic placed an enormous strain on healthcare systems and facilities around the world, many healthcare providers have turned to collecting additional information from patients in order to combat the spread of the infectious disease. Nevertheless, while this information can be used to save lives, the privacy of patients must also be upheld. With this being said, one way in which healthcare providers can utilize the healthcare information needed to treat patients while simultaneously protecting their privacy is through redaction software. When using a redaction software program, healthcare professionals can use the personal data of their patients for legitimate and necessary purposes, while also securing this data from bad actors in society.

In response to everything that has happened as it relates to COVID-19 in the past two years, legislation such as Oregon’s House Bill 3284 is all but inevitable, as jurisdictions around the U.S. continue to seek new ways to fight the virus. As it relates to healthcare organizations that serve patients within the state of Oregon, HB 3284 ensures that the frenzy and confusion of living in the midst of a pandemic does not infringe upon the privacy, security, and personal liberties of said patients. As such, residents within the state of Oregon can have the peace of mind that the personal data they submit to their healthcare providers online will be legally protected from unauthorized use.

Related Reads