Records are confidential – exceptions – Ohio Rev. Code Ann. § 3705.32

Records received and information assembled by the birth defects information system are confidential medical records, accessible only by the director of health and authorized employees of the department of health, subject to the following exceptions:

• The director of health may use the information to notify parents, guardians, and custodians of children with congenital anomalies or abnormal conditions of medical care and other services available for the child and family;
• The director may disclose information with the written consent of the parent or legal guardian of the child who is the subject of the information; 
• The director may provide access to the system to qualified persons or entities engaged in demographic, epidemiological, or similar studies related to health and health care provision, if the person or entity agrees to maintain the system’s confidentiality.

The director must maintain a record of users given access to the system, including:

• The name of the person authorized to access the system;
• The name, title, and organizational affiliation of the person or entity given access;
• The dates the person or entity was given access to the system; and
• The specific purpose for which the person or entity intends to use the information.

The record of users given access to the system is a public record.  

Any user who violates the system’s confidentiality may be denied further access to confidential information maintained by the director.  The director may disclose information assembled by the system in summary, statistical, or other form that does not identify particular individuals or individual sources of information.