Please consider making a donation to keep this project's resources available at no cost to the public. Your donation will support new research, updates to current resources, and website maintenance for HealthInfoLaw.org.
Access rules for confidential personal information – Ohio Rev. Code Ann. § 1347.15
Link to the law
This will open in a new window
Current as of June 2015
This will open in a new window
Each state agency must adopt rules regulating access to the confidential personal information the agency keeps, electronically or on paper. The rules must include the following:
- Criteria for determining which employees of the agency may access confidential personal information;
- A list of the valid reasons, directly related to the state agency’s exercise of its powers or duties, for which employees of the agency may access confidential personal information;
- A procedure that requires the agency to provide a mechanism for recording specific access of the information system by employees;
- A procedure that requires the agency to comply with a written request from an individual for a list of confidential personal information about the individual that the agency keeps, unless the information relates to an investigation about the individual;
- A procedure that requires the agency to notify each person whose confidential personal information has been accessed for an invalid reason; and
- A requirement that an authentication measure be used to access confidential personal information that is kept electronically.
Knowingly accessing confidential personal information in violation of a rule of a state agency, or knowingly using or disclosing confidential personal information in a manner prohibited by law is considered a violation of a state statute.
Current as of June 2015
.png)