Skip to Content

Duty of covered entities – Ohio Rev. Code Ann. § 3798.03

Link to the law
This will open in a new window

This section applies to covered entities as they are defined in the HIPAA administrative regulation provisions (at 45 C.F.R. § 160.103). 

A covered entity must provide an individual or the individual's personal representative with access to any of the individual's protected health information that is maintained in a designated record set consistent with the access requirements of HIPAA (at 45 C.F.R. § 164.524). A covered entity must also implement and maintain appropriate administrative, technical, and physical safeguards to protect the privacy of protected health information in a manner consistent with HIPAA requirements (as 45 C.F.R. § 164.530(c)).

Current as of June 2015