Oregon Bulletin
Rule
Caption: Authorization for Authority
employees to appear on behalf of the Authority in contested case hearings.
Adm.
Order No.: OHA 23-2011
Filed with Sec. of
State: 10-31-2011
Certified to be
Effective: 11-1-11
Notice Publication
Date: 10-1-2011
Rules Adopted: 943-001-0009
Rules Repealed: 943-001-0009(T)
Subject: Provides authorization for Authority employees or
officers (lay representatives) to appear on behalf of the Authority in
contested case hearings. Prohibits Authority lay representatives from making
legal arguments and explains process for submitting legal argument when
necessary.
Rules Coordinator: Evonne Alderete—(503) 932-9663
943-001-0009
Lay Representation in Contested
Case Hearings
(1) Contested case hearings are conducted in accordance
with the Attorney General’s model rules at OAR 137-003-0501 to 0700. Subject to
the approval of the Attorney General, an officer or employee of the Oregon
Health Authority (Authority) is authorized to appear on behalf of the agency in
the following types of hearings conducted by the Authority:
(a) Eligibility and termination determinations related
to medical assistance coverage.
(b) Suspension, reduction, or denial of medical
assistance services, prior authorization, or medical management decisions.
(c) Enrollment or disenrollment decisions related to
managed care plans.
(d) Eligibility for or termination of health insurance
premium assistance, or determination of subsidy levels.
(e) Provider issues including provider enrollment or
denial of enrollment, overpayment determinations, audits, and sanctions.
(f) Other administrative actions including criminal
background checks, hardship waivers related to medical assistance, client
overpayments related to medical assistance.
(g) Oregon State Hospital’s involuntary administration
of a significant procedure to a patient or resident.
(2) The agency representative may not make legal
argument on behalf of the agency.
(a) “Legal argument” includes arguments on:
(A) The jurisdiction of the agency to hear the
contested case;
(B) The constitutionality of a statute or rule or the
application of a constitutional requirement to an agency; and
(C) The application of court precedent to the facts of
the particular contested case proceeding.
(b) “Legal argument” does not include presentation of
motions, evidence, examination and cross-examination of witnesses or
presentation of factual arguments or arguments on:
(A) The application of the statutes or rules to the
facts in the contested case;
(B) Comparison of prior actions of the agency in
handling similar situations;
(C) The literal meaning of the statutes or rules
directly applicable to the issues in the contested case;
(D) The admissibility of evidence;
(E) The correctness of procedures being followed in the
contested case hearing.
(3) When an agency officer or employee appears on
behalf of the Authority, the administrative law judge shall advise the
representative of the manner in which objections may be made and matters
preserved for appeal. Such advice is of a procedural nature and does not change
applicable law on waiver or the duty to make timely objection. Where such
objections involve legal argument, the administrative law judge provide
reasonable opportunity for the agency officer or employee to consult legal
counsel and permit the Authority’s legal counsel to file written legal argument
within a reasonable time after the conclusion of the hearing.
Stat. Auth: ORS 413.042
Stats Implemented: ORS 183.452
Hist.: OHA 2-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 23-2011, f. 10-31-11, cert. ef. 11-1-11
Rule
Caption: Oregon Health Authority Shared
Service and Cooperative Relationships with Department of Human Services.
Adm.
Order No.: OHA 24-2011
Filed with Sec. of
State: 10-31-2011
Certified to be
Effective: 11-1-11
Notice Publication
Date: 10-1-2011
Rules Adopted: 943-001-0020
Rules Repealed: 943-001-0020(T)
Subject: HB 2009 (2009) created the Oregon Health Authority and
transferred to the Authority the Department of Human Services’ (Department)
Divisions with respect to health and health care. The Authority is adopting
this rule to assure continuity as a part of the operational transfer from
functions previously performed by the Department as a result of HB 2009(2009).
The Authority is adopting this rule permanently for continued operational and
business continuity.
Among the
functions transferred to the Authority is the medical assistance program. This
rule provides for continuity in the relationship between the Authority and the Department
when working together in the administration of the medical assistance program
and that the Authority and Department shall work cooperatively in the
administration of the medical assistance program, including making
determinations of eligibility and service e need for medical assistance. This
rule also explains that the Authority designated the Department as the
operating agency for home and community-based waiver services and as an
Organized Health Care Delivery System.
Rules Coordinator: Evonne Alderete—(503) 932-9663
943-001-0020
Oregon Health Authority Shared
Service and Cooperative Relationships with Department of Human Services
(1) The Oregon Health Authority (Authority) will
cooperate and collaborate with the Department of Human Services (Department) in
order to effectively coordinate services to individuals, families and
communities and realize operational efficiencies in the administration of
services that are shared between them (“shared services”).
(2) For all the programs, functions, and duties with
respect to health or health care (generally described in Oregon Laws 2009,
chapter 595, section 19(1)(a)), transferred to the Authority from the
Department (“transferred program”) or for shared services, the Authority
declares that:
(a) All transferred program rules shall remain in
effect until superceded by adoption of Authority rules or adoption of rules by
the Authority coordinating shared services with the Department.
(b) All transferred program administration, policies,
and procedures remain in effect pending the completion of review and adoption
by the Authority or adoption of such policies and procedures related to
coordination of shared services with the Department.
(c) Any judicial or administrative action, proceeding,
contested case hearing, or administrative review matters, or new action,
proceeding, or matter involving or relating to the duties or powers transferred
to the Authority are the responsibility of the Authority.
(d) Rights and obligations legally incurred under
transferred program contracts, leases, and business transactions remain legally
valid and are the responsibility of the Authority.
(e) Statutorily required filings, notices or service of
papers, applications, notices or other documents to be mailed, provided to, or
served on the Authority shall be mailed, provided to, or served on the
Authority. Any notices required by ORS 113.145, 114.525 and 130.370 to be sent
to the Authority may be consolidated with similar notices to the Department and
sent to the Estate Administration Unit of the Department. Any notices required
by 416.530 to be sent to the Authority may be consolidated with similar notices
to the Department and sent to the Personal Injury Lien Unit of the Department
Any consolidated notice shall be considered notice to the Authority as long as
the Authority’s interest or claim in the matter is identified in the notice
consistent with requirements in applicable statute.
(f) A reference to an Administrator or Assistant
Director in any transferred program rule of the Authority means the Director of
the Authority’s program that is covered by that chapter of the Oregon
Administrative Rules or the Authority’s program specified in the rule.
(3) As the state Medicaid agency for the administration
of funds from Titles XIX and XXI of the Social Security Act, the Authority is
charged with the administration of the medical assistance program. The
Authority is responsible for facilitating outreach and enrollment efforts to
connect eligible individuals with all available publicly funded health
programs.
(a) The Authority and the Department recognize that
there are many points of interconnection between their programs and the
individuals who receive services through these programs. In addition, there are
areas of natural connection between the Authority and the Department based upon
the former and current structures of the Department in the administration of
the medical assistance program.
(b) The Authority shall work cooperatively with the
Department in the administration of the medical assistance program and to
facilitate the outreach and enrollment in the program, including making
determinations of eligibility and service need for medical assistance. The
Authority has designated the Department as the operating agency for home and
community-based waiver services and as an Organized Health Care Delivery
System.
(c) The Authority and the Department are authorized by
state law to delegate to each other any duties, functions and powers that they
deem necessary for the efficient and effective operation of their respective
functions. The Authority and the Department will work together to adopt rules
to assure that medical assistance eligibility requirements, procedures, and
determinations are consistent across both agencies. The Authority has
authorized the Department to determine medical eligibility for medical
assistance. Where that responsibility is given to the Department under ORS
Chapter 411, the Department has delegated to the Authority the duties,
functions, and powers to make medical eligibility determinations in accordance
with OAR 410-120-0006.
(d) Where statute establishes duties and functions of
the Authority or the Department in relation to medical assistance as a public
assistance program, the Authority and the Department shall cooperate in the
effective administration of the program.
Stat. Auth.:ORS 413.042
Statutes Implemented: ORS 413.042
Hist.: OHA 3-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 24-2011, f. 10-31-11, cert. ef. 11-1-11
Rule
Caption: Confidentiality and
Inadmissibility of Mediation and Workplace Interpersonal Dispute Mediation
Communications.
Adm.
Order No.: OHA 25-2011
Filed with Sec. of
State: 10-31-2011
Certified to be
Effective: 11-1-11
Notice Publication
Date: 10-1-2011
Rules Adopted: 943-014-0200, 943-014-0205
Rules Repealed: 943-014-0200(T), 943-014-0205(T)
Subject: HB 2009 (2009) created the Oregon Health Authority
(Authority) and transferred to the Authority the Department of Human Services’
(Department) Divisions with respect to health and health care. Effective July
1, 2011 the Authority is adopting its own operational and programmatic rules as
a part of the operational transfer from functions previously performed by the
Department as a result of HB 2009(2009). These rule adoptions duplicate the
rules in the Department’s chapter 407 and provide legal authority for the
Authority to conduct business. These rules set forth the requirements,
responsibilities, and duties of the Authority related to the disclosure of
communications received as a result of mediations and workplace interpersonal
dispute mediations. Those same requirements, responsibilities, and duties
remain in the Department” OAR chapter 407 regarding disclosure of
communications received as a result of mediation.
Rules Coordinator: Evonne Alderete—(503) 932-9663
943-014-0200
Confidentiality and
Inadmissibility of Mediation Communications
(1) The words and phrases used in this rule have the
same meaning as given to them in ORS 36.110 and 36.234.
(2) Nothing in this rule affects any confidentiality
created by other law. Nothing in this rule relieves a public body from
complying with the Public Meetings Law, ORS 192.610 to 192.690. Whether or not
they are confidential under this or other rules of the agency, mediation
communications are exempt from disclosure under the Public Records Law to the
extent provided in 192.410 to 192.505.
(3) This rule applies only to mediations in which the
agency is a party or is mediating a dispute as to which the agency has
regulatory authority. This rule does not apply when the agency is acting as the
“mediator” in a matter in which the agency also is a party as defined in ORS
36.234.
(4) To the extent mediation communications would
otherwise be compromise negotiations under ORS 40.190 (OEC Rule 408), those
mediation communications are not admissible as provided in ORS 40.190 (OEC Rule
408), notwithstanding any provisions to the contrary in section (9) of this
rule.
(5) Mediations Excluded. Sections (6)–(10) of
this rule do not apply to:
(a) Mediation of workplace interpersonal disputes
involving the interpersonal relationships between this agency’s employees,
officials or employees and officials, unless a formal grievance under a labor
contract, a tort claim notice or a lawsuit has been filed; or
(b) Mediation in which the person acting as the
mediator will also act as the hearings officer in a contested case involving
some or all of the same matters;
(c) Mediation in which the only parties are public
bodies;
(d) Mediation involving two or more public bodies and a
private party if the laws, rule or policies governing mediation confidentiality
for at least one of the public bodies provide that mediation communications in
the mediation are not confidential;
(e) Mediation involving 15 or more parties if the
agency has designated that another mediation confidentiality rule adopted by
the agency may apply to that mediation.
(6) Disclosures by Mediator. A mediator may not
disclose or be compelled to disclose mediation communications in a mediation and,
if disclosed, such communications may not be introduced into evidence in any
subsequent administrative, judicial or arbitration proceeding unless:
(a) All the parties to the mediation and the mediator
agree in writing to the disclosure; or
(b) The mediation communication may be disclosed or
introduced into evidence in a subsequent proceeding as provided in subsections
(c)–(d), (j)–(l) or (o)–(p) of section (9) of this rule; or
(c) The mediation communication includes information
related to the health or safety of any child, then the mediation communication
may be disclosed and may be admitted into evidence in a subsequent proceeding
to the extent the disclosure is necessary to prevent or mitigate a threat or
danger to the health or safety of any child.
(d) The mediation communication includes information
relating to suffering by or commission of abuse upon certain persons and that
information would otherwise be required to be reported by a public or private
official under the provisions of ORS 124.060 (person 65 years of age or older),
430.765 (1) and (2) (person who is mentally ill or developmentally disabled who
is 18 years of age or older and receives services from a community program or
facility) or 441.640 (person who is a resident in a long-term care facility),
in which case that portion of the mediation communication may be disclosed as
required by statute.
(7) Confidentiality and Inadmissibility of Mediation
Communications. Except as provided in sections (8)–(9) of this rule,
mediation communications are confidential and may not be disclosed to any other
person, are not admissible in any subsequent administrative, judicial or
arbitration proceeding and may not be disclosed during testimony in, or during
any discovery conducted as part of a subsequent proceeding, or introduced as
evidence by the parties or the mediator in any subsequent proceeding.
(8) Written Agreement. Section (7) of this rule does
not apply to a mediation unless the parties to the mediation agree in writing,
as provided in this section, that the mediation communications in the mediation
will be confidential and/or nondiscoverable and inadmissible. If the mediator
is the employee of and acting on behalf of a state agency, the mediator or an
authorized agency representative must also sign the agreement. The parties’
agreement to participate in a confidential mediation must be in substantially
the following form. This form may be used separately or incorporated into an
“agreement to mediate.” [Form not included. See ED. NOTE.]
(9) Exceptions to confidentiality and inadmissibility.
(a) Any statements, memoranda, work products, documents
and other materials, otherwise subject to discovery that were not prepared
specifically for use in the mediation are not confidential and may be disclosed
or introduced into evidence in a subsequent proceeding.
(b) Any mediation communications that are public
records, as defined in ORS 192.410(4), and were not specifically prepared for
use in the mediation are not confidential and may be disclosed or introduced
into evidence in a subsequent proceeding unless the substance of the
communication is confidential or privileged under state or federal law.
(c) A mediation communication is not confidential and
may be disclosed by any person receiving the communication to the extent that
person reasonably believes that disclosing the communication is necessary to
prevent the commission of a crime that is likely to result in death or bodily
injury to any person. A mediation communication is not confidential and may be
disclosed in a subsequent proceeding to the extent its disclosure may further
the investigation or prosecution of a felony crime involving physical violence
to a person.
(d) Any mediation communication related to the conduct
of a licensed professional that is made to or in the presence of a person who,
as a condition of his or her professional license, is obligated to report such
communication by law or court rule is not confidential and may be disclosed to
the extent necessary to make such a report.
(e) The parties to the mediation may agree in writing
that all or part of the mediation communications are not confidential or that
all or part of the mediation communications may be disclosed and may be
introduced into evidence in a subsequent proceeding unless the substance of the
communication is confidential, privileged or otherwise prohibited from
disclosure under state or federal law.
(f) A party to the mediation may disclose confidential
mediation communications to a person if the party’s communication with that
person is privileged under ORS Chapter 40 or other provision of law. A party to
the mediation may disclose confidential mediation communications to a person
for the purpose of obtaining advice concerning the subject matter of the mediation,
if all the parties agree.
(g) An employee of the agency may disclose confidential
mediation communications to another agency employee so long as the disclosure
is necessary to conduct authorized activities of the agency. An employee
receiving a confidential mediation communication under this subsection is bound
by the same confidentiality requirements as apply to the parties to the
mediation.
(h) A written mediation communication may be disclosed
or introduced as evidence in a subsequent proceeding at the discretion of the
party who prepared the communication so long as the communication is not
otherwise confidential under state or federal law and does not contain
confidential information from the mediator or another party who does not agree
to the disclosure.
(i) In any proceeding to enforce, modify or set aside a
mediation agreement, a party to the mediation may disclose mediation
communications and such communications may be introduced as evidence to the
extent necessary to prosecute or defend the matter. At the request of a party,
the court may seal any part of the record of the proceeding to prevent further
disclosure of mediation communications or agreements to persons other than the
parties to the agreement.
(j) In an action for damages or other relief between a
party to the mediation and a mediator or mediation program, mediation
communications are not confidential and may be disclosed and may be introduced
as evidence to the extent necessary to prosecute or defend the matter. At the
request of a party, the court may seal any part of the record of the proceeding
to prevent further disclosure of the mediation communications or agreements.
(k) When a mediation is conducted as part of the
negotiation of a collective bargaining agreement, the following mediation
communications are not confidential and such communications may be introduced
into evidence in a subsequent administrative, judicial or arbitration
proceeding:
(A) A request for mediation; or
(B) A communication from the Employment Relations Board
Conciliation Service establishing the time and place of mediation; or
(C) A final offer submitted by the parties to the
mediator pursuant to ORS 243.712; or
(D) A strike notice submitted to the Employment
Relations Board.
(l) To the extent a mediation communication contains
information the substance of which is required to be disclosed by Oregon
statute, other than ORS 192.410 to 192.505, that portion of the communication
may be disclosed as required by statute.
(m) Written mediation communications prepared by or for
the agency or its attorney are not confidential and may be disclosed and may be
introduced as evidence in any subsequent administrative, judicial or
arbitration proceeding to the extent the communication does not contain
confidential information from the mediator or another party, except for those
written mediation communications that are:
(A) Attorney-client privileged communications so long
as they have been disclosed to no one other than the mediator in the course of
the mediation or to persons as to whom disclosure of the communication would
not waive the privilege; or
(B) Attorney work product prepared in anticipation of
litigation or for trial; or
(C) Prepared exclusively for the mediator or in a
caucus session and not given to another party in the mediation other than a
state agency; or
(D) Prepared in response to the written request of the
mediator for specific documents or information and given to another party in
the mediation; or
(E) Settlement concepts or proposals, shared with the
mediator or other parties.
(n) A mediation communication made to the agency may be
disclosed and may be admitted into evidence to the extent the Agency Director,
or designee determines that disclosure of the communication is necessary to prevent
or mitigate a serious danger to the public’s health or safety, and the
communication is not otherwise confidential or privileged under state or
federal law.
(o) The terms of any mediation agreement are not
confidential and may be introduced as evidence in a subsequent proceeding,
except to the extent the terms of the agreement are exempt from disclosure
under ORS 192.410 to 192.505, a court has ordered the terms to be confidential
under ORS 17.095 or state or federal law requires the terms to be confidential.
(p) The mediator may report the disposition of a
mediation to the agency at the conclusion of the mediation so long as the
report does not disclose specific confidential mediation communications. The
agency or the mediator may use or disclose confidential mediation
communications for research, training or educational purposes, subject to the
provisions of ORS 36.232(4).
(q) The mediation communication may be disclosed and
may be admitted into evidence in a subsequent proceeding to the extent the disclosure
is necessary to prevent or mitigate a threat or danger to the health or safety
of any child or person 65 years of age or older, person who is mentally ill or
developmentally disabled and receives services from a community program or
facility as defined in ORS 430.735 or person who is a resident of a long-term
care facility.
(10) When a mediation is subject to section (7) of this
rule, the agency will provide to all parties to the mediation and the mediator
a copy of this rule or a citation to the rule and an explanation of where a
copy of the rule may be obtained. Violation of this provision does not waive
confidentiality or inadmissibility.
[ED. NOTE: Forms referenced are
available from the agency.]
Stat. Authority: ORS 413.042
Stats. Implemented: ORS 36.224,
36.228, 36.230, 36.232 & 36.234
Hist.: OHA 9-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 25-2011, f. 10-31-11, cert. ef. 11-1-11
943-014-0205
Confidentiality and
Inadmissibility of Workplace Interpersonal Dispute Mediation Communications
(1) This rule applies to workplace interpersonal
disputes, which are disputes involving the interpersonal relationships between
this agency’s employees, officials or employees and officials. This rule does
not apply to disputes involving the negotiation of labor contracts or matters
about which a formal grievance under a labor contract, a tort claim notice or a
lawsuit has been filed.
(2) The words and phrases used in this rule have the
same meaning as given to them in ORS 36.110 and 36.234.
(3) Nothing in this rule affects any confidentiality
created by other law.
(4) To the extent mediation communications would
otherwise be compromise negotiations under ORS 40.190 (OEC Rule 408), those
mediation communications are not admissible as provided in ORS 40.190 (OEC Rule
408), notwithstanding any provisions to the contrary in section (9) of this
rule.
(5) Disclosures by Mediator. A mediator may not
disclose or be compelled to disclose mediation communications in a mediation
and, if disclosed, such communications may not be introduced into evidence in
any subsequent administrative, judicial or arbitration proceeding unless:
(a) All the parties to the mediation and the mediator
agree in writing to the disclosure; or
(b) The mediation communication may be disclosed or
introduced into evidence in a subsequent proceeding as provided in subsections
(c) or (h)–(j) of section (7) of this rule; or
(c) The mediation communication includes information
related to the health or safety of any child, then the mediation communication
may be disclosed and may be admitted into evidence in a subsequent proceeding
to the extent the disclosure is necessary to prevent or mitigate a threat or
danger to the health or safety of any child.
(d) The mediation communication includes information
relating to suffering by or commission of abuse upon certain persons and that
information would otherwise be required to be reported by a public or private
official under the provisions of ORS 124.060 (person 65 years of age or older),
430.765 (1) and (2) (person who is mentally ill or developmentally disabled who
is 18 years of age or older and receives services from a community program or
facility) or 441.640 (person who is a resident in a long-term care facility),
in which case that portion of the mediation communication may be disclosed as
required by statute.
(6) Confidentiality and Inadmissibility of Mediation
Communications. Except as provided in section (7) of this rule, mediation
communications in mediations involving workplace interpersonal disputes are
confidential and may not be disclosed to any other person, are not admissible
in any subsequent administrative, judicial or arbitration proceeding and may
not be disclosed during testimony in, or during any discovery conducted as part
of a subsequent proceeding, or introduced into evidence by the parties or the
mediator in any subsequent proceeding so long as:
(a) The parties to the mediation and the agency have
agreed in writing to the confidentiality of the mediation; and
(b) The person agreeing to the confidentiality of the
mediation on behalf of the agency:
(A) Is neither a party to the dispute nor the mediator;
and
(B) Is designated by the agency to authorize
confidentiality for the mediation; and
(C) Is at the same or higher level in the agency than
any of the parties to the mediation or who is a person with responsibility for
human resources or personnel matters in the agency, unless the agency head or
member of the governing board is one of the persons involved in the
interpersonal dispute, in which case the Governor or the Governor’s designee.
(7) Exceptions to confidentiality and inadmissibility.
(a) Any statements, memoranda, work products, documents
and other materials, otherwise subject to discovery that were not prepared
specifically for use in the mediation are not confidential and may be disclosed
or introduced into evidence in a subsequent proceeding.
(b) Any mediation communications that are public
records, as defined in ORS 192.410(4), and were not specifically prepared for
use in the mediation are not confidential and may be disclosed or introduced
into evidence in a subsequent proceeding unless the substance of the
communication is confidential or privileged under state or federal law.
(c) A mediation communication is not confidential and
may be disclosed by any person receiving the communication to the extent that
person reasonably believes that disclosing the communication is necessary to
prevent the commission of a crime that is likely to result in death or bodily
injury to any person. A mediation communication is not confidential and may be
disclosed in a subsequent proceeding to the extent its disclosure may further
the investigation or prosecution of a felony crime involving physical violence to
a person.
(d) The parties to the mediation may agree in writing
that all or part of the mediation communications are not confidential or that
all or part of the mediation communications may be disclosed and may be
introduced into evidence in a subsequent proceeding unless the substance of the
communication is confidential, privileged or otherwise prohibited from
disclosure under state or federal law.
(e) A party to the mediation may disclose confidential
mediation communications to a person if the party’s communication with that
person is privileged under ORS chapter 40 or other provision of law. A party to
the mediation may disclose confidential mediation communications to a person
for the purpose of obtaining advice concerning the subject matter of the mediation,
if all the parties agree.
(f) A written mediation communication may be disclosed
or introduced as evidence in a subsequent proceeding at the discretion of the
party who prepared the communication so long as the communication is not
otherwise confidential under state or federal law and does not contain
confidential information from the mediator or another party who does not agree
to the disclosure.
(g) In any proceeding to enforce, modify or set aside a
mediation agreement, a party to the mediation may disclose mediation
communications and such communications may be introduced as evidence to the
extent necessary to prosecute or defend the matter. At the request of a party,
the court may seal any part of the record of the proceeding to prevent further
disclosure of mediation communications or agreements to persons other than the
parties to the agreement.
(h) In an action for damages or other relief between a
party to the mediation and a mediator or mediation program, mediation
communications are not confidential and may be disclosed and may be introduced
as evidence to the extent necessary to prosecute or defend the matter. At the
request of a party, the court may seal any part of the record of the proceeding
to prevent further disclosure of the mediation communications or agreements.
(i) To the extent a mediation communication contains
information the substance of which is required to be disclosed by Oregon
statute, other than ORS 192.410 to 192.505, that portion of the communication
may be disclosed as required by statute.
(j) The mediator may report the disposition of a
mediation to the agency at the conclusion of the mediation so long as the
report does not disclose specific confidential mediation communications. The
agency or the mediator may use or disclose confidential mediation
communications for research, training or educational purposes, subject to the
provisions of ORS 36.232(4).
(k) The mediation communication may be disclosed and
may be admitted into evidence in a subsequent proceeding to the extent the
disclosure is necessary to prevent or mitigate a threat or danger to the health
or safety of any child or person 65 years of age or older, person who is
mentally ill or developmentally disabled and receives services from a community
program or facility as defined in ORS 430.735 or person who is a resident of a
long-term care facility.
(8) The terms of any agreement arising out of the
mediation of a workplace interpersonal dispute are confidential so long as the
parties and the agency so agree in writing. Any term of an agreement that
requires an expenditure of public funds, other than expenditures of $1,000 or
less for employee training, employee counseling or purchases of equipment that
remain the property of the agency, may not be made confidential.
(9) When a mediation is subject to section (6) of this
rule, the agency will provide to all parties to the mediation and to the
mediator a copy of this rule or an explanation of where a copy may be obtained.
Violation of this provision does not waive confidentiality or inadmissibility.
Stat. Auth.: ORS 413.042
Stats. Implemented: ORS 36.224,
36.228, 36.230, 36.232 & 36.234
Hist.: OHA 9-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 25-2011, f. 10-31-11, cert. ef. 11-1-11
Rule
Caption: Electronic Data Transmission
(EDT) Rule.
Adm.
Order No.: OHA 26-2011
Filed with Sec. of
State: 10-31-2011
Certified to be
Effective: 11-1-11
Notice Publication
Date: 10-1-2011
Rules Adopted: 943-120-0100, 943-120-0110, 943-120-0112, 943-120-0114,
943-120-0116, 943-120-0118, 943-120-0120, 943-120-0130, 943-120-0140,
943-120-0150, 943-120-0160, 943-120-0165, 943-120-0170, 943-120-0180,
943-120-0190, 943-120-0200
Rules Repealed: 943-120-0100(T), 943-120-0110(T), 943-120-0112(T),
943-120-0114(T), 943-120-0116(T), 943-120-0118(T), 943-120-0120(T),
943-120-0130(T), 943-120-0140(T), 943-120-0150(T), 943-120-0160(T),
943-120-0165(T), 943-120-0170(T), 943-120-0180(T), 943-120-0190(T),
943-120-0200(T)
Subject: The Oregon Health Authority (Authority) needs to adopt
these rules to ensure the Authority’s EDT rules compliment the functionality of
the Oregon Replacement Medicaid Management Information System (MMIS) in
conjunction with the Health Insurance Portability and Accountability Act (HIPAA)
transactions and codes set standards for the exchange of electronic data.
Rules Coordinator: Evonne Alderete—(503) 932-9663
943-120-0100
Definitions
The following definitions apply to OAR 943-120-0100
through 943-120-0200:
(1) “Access” means the ability or means necessary to
read, write, modify, or communicate data or information or otherwise use any
information system resource.
(2) “Agent” means a third party or organization that
contracts with a provider, allied agency, or prepaid health plan (PHP) to perform
designated services in order to facilitate a transaction or conduct other
business functions on its behalf. Agents include billing agents, claims
clearinghouses, vendors, billing services, service bureaus, and accounts
receivable management firms. Agents may also be clinics, group practices, and
facilities that submit billings on behalf of providers but the payment is made
to a provider, including the following: an employer of a provider, if a
provider is required as a condition of employment to turn over his fees to the
employer; the facility in which the service is provided, if a provider has a
contract under which the facility submits the claim; or a foundation, plan, or
similar organization operating an organized health care delivery system, if a
provider has a contract under which the organization submits the claim. Agents
may also include electronic data transmission submitters.
(3) “Allied Agency” means local and regional allied
agencies and includes local mental health authority, community mental health
programs, Oregon Youth Authority, Department of Corrections, local health
departments, schools, education service districts, developmental disability
service programs, area agencies on aging, federally recognized American Indian
tribes, and other governmental agencies or regional authorities that have a
contract (including an interagency, intergovernmental, or grant agreement, or
an agreement with an American Indian tribe pursuant to ORS 190.110) with the
Oregon Health Authority to provide for the delivery of services to covered
individuals and that request to conduct electronic data transactions in
relation to the contract.
(4) “Authority” means the Oregon Health Authority.
(5) “Authority Network and Information Systems” means the
Authority’s computer infrastructure that provides personal communications,
confidential information, regional, wide area and local networks, and the
internetworking of various types of networks on behalf of the Authority.
(6) “Clinic” means a group practice, facility, or
organization that is an employer of a provider, if a provider is required as a
condition of employment to turn over his fees to the employer; the facility in
which the service is provided, if a provider has a contract under which the facility
submits the claim; or a foundation, plan, or similar organization operating an
organized health care delivery system, if a provider has a contract under which
the organization submits the claim; and the group practice, facility, or
organization is enrolled with the Authority, and payments are made to the group
practice, facility, or organization. If the entity solely submits billings on
behalf of providers and payments are made to each provider, then the entity is
an agent.
(7) “Confidential Information” means information
relating to covered individuals which is exchanged by and between the
Authority, a provider, PHP, clinic, allied agency, or agents for various
business purposes, but which is protected from disclosure to unauthorized
individuals or entities by applicable state and federal statutes such as ORS
344.600, 410.150, 411.320, 418.130, or the Health Insurance Portability and
Accountability Act of 1996, Public Law 104-191 and its implementing
regulations. These statutes and regulations are collectively referred to as
“Privacy Statutes and Regulations.”
(8) “Contract” means a specific written agreement
between the Authority and a provider, PHP, clinic, or allied agency that
provides or manages the provision of services, goods, or supplies to covered
individuals and where the Authority and a provider, PHP, clinic, or allied
agency may exchange data. A contract specifically includes, without limitation,
an Authority provider enrollment agreement, fully capitated heath plan managed
care contract, dental care organization managed care contract, mental health
organization managed care contract, chemical dependency organization managed
care contract, physician care organization managed care contract, a county
financial assistance agreement, or any other applicable written agreement,
interagency agreement, intergovernmental agreement, or grant agreement between
the Authority and a provider, PHP, clinic, or allied agency.
(9) “Covered Entity” means a health plan, health care
clearing house, health care provider who transmits any health information in
electronic form in connection with a transaction covered by 45 CFR 162.100
through 162.1902, or allied agency that transmits any health information in
electronic form in connection with a transaction, including direct data entry
(DDE), and who must comply with the National Provider Identifier (NPI)
requirements of 45 CFR 162.402 through 162.414.
(10) “Covered Individual” means individuals who are
eligible for payment of certain services or supplies provided to them or their
eligible dependents by or through a provider, PHP, clinic, or allied agency
under the terms of a contract applicable to a governmental program for which
the Authority processes or administers data transmissions.
(11) “Data” means a formalized representation of
specific facts or concepts suitable for communication, interpretation, or
processing by individuals or by automatic means.
(12) “Data Transmission” means the transfer or exchange
of data between the Authority and a web portal or electronic data interchange
(EDI) submitter by means of an information system which is compatible for that
purpose and includes without limitation, web portal, EDI, electronic remittance
advice (ERA), or electronic media claims (EMC) transmissions.
(13) “Department” means the Department of Human
Services.
(14) “Direct Data Entry (DDE)” means the process using
dumb terminals or computer browser screens where data is directly keyed into a
health plan’s computer by a provider or its agent, such as through the use of a
web portal.
(15) “Electronic Data Interchange (EDI)” means the
exchange of business documents from application to application in a federally
mandated format or, if no federal standard has been promulgated, using bulk
transmission processes and other formats as the Authority designates for EDI
transactions. For purposes of these rules (OAR 943-120-0100 through
943-120-0200), EDI does not include electronic transmission by web portal.
(16) “Electronic Data Interchange Submitter” means an
individual or entity authorized to establish the electronic media connection
with the Authority to conduct an EDI transaction. An EDI submitter may be a
trading partner or an agent of a trading partner.
(17) “Electronic Media” means electronic storage media
including memory devices in computers or computer hard drives; any removable or
transportable digital memory medium such as magnetic tape or disk, optical
disk, or digital memory card; or transmission media used to exchange
information already in electronic storage media. Transmission media includes
but is not limited to the internet (wide-open), extranet (using internet
technology to link a business with information accessible only to collaborating
parties), leased lines, dial-up lines, private networks, and the physical
movement of removable or transportable electronic storage media. Certain
transmissions, including paper via facsimile and voice via telephone, are not
considered transmissions by electronic media because the information being
exchanged did not exist in electronic form before transmission.
(18) “Electronic Media Claims (EMC)” means an
electronic media means of submitting claims or encounters for payment of
services or supplies provided by a provider, PHP, clinic, or allied agency to a
covered individual.
(19) “Electronic Remittance Advice (ERA)” means an
electronic file in X12 format containing information pertaining to the
disposition of a specific claim for payment of services or supplies rendered to
covered individuals which are filed with the Authority on behalf of covered
individuals by providers, clinics, or allied agencies. The documents include,
without limitation, the provider name and address, individual name, date of
service, amount billed, amount paid, whether the claim was approved or denied,
and if denied, the specific reason for the denial. For PHPs, the remittance
advice file contains information on the adjudication status of encounter claims
submitted.
(20) “Electronic Data Transaction (EDT)” means a
transaction governed by the Health Insurance Portability and Accountability Act
(HIPAA) transaction rule, conducted by either web portal or EDI.
(21) “Envelope” means a control structure in a mutually
agreed upon format for the electronic interchange of one or more encoded data
transmissions either sent or received by an EDI submitter or the Authority.
(22) “HIPAA Transaction Rule” means the standards for
electronic transactions at 45 CFR Part 160 and 162 as revised effective January
16, 2009 (from version in effect on January 1, 2008) adopted by the Department
of Health and Human Services (DHHS) to implement the Health Insurance
Portability and Accountability Act of 1996, 42 USC 1320d et. seq.
(23) “Incident” means the attempted or successful
unauthorized access, use, disclosure, modification, or destruction of an
information system or information asset including but not limited to
unauthorized disclosure of information, failure to protect user IDs, and theft
of computer equipment using or storing Authority information assets or confidential
information.
(24) “Individual User Profile (IUP)” means Authority
forms used to authorize a user, identify their job assignment, and the required
access to the Authority’s network and information system. It generates a unique
security access code used to access the Authority’s network and information
system.
(25) “Information Asset” means all information, also
known as data, provided through the Authority, regardless of the source, which
requires measures for security and privacy of the information.
(26) “Information System” means an interconnected set
of information resources under the same direct management control that shares
common functionality. A system normally includes hardware, software,
information, data, applications, communications, and trained personnel
necessary for successful data transmission.
(27) “Lost or Indecipherable Transmission” means a data
transmission which is never received by or cannot be processed to completion by
the receiving party in the format or composition received because it is garbled
or incomplete, regardless of how or why the message was rendered garbled or
incomplete.
(28) “Mailbox” means the term used by the Authority to
indicate trading partner-specific locations on the Authority’s secure file
transfer protocol (SFTP) server to deposit and retrieve electronic data
identified by a unique Authority assigned trading partner number.
(29) “Password” means the alpha-numeric codes and
special characters assigned to an EDI submitter by the Authority for the
purpose of allowing access to the Authority’s information system, including the
web portal, for the purpose of successfully executing data transmissions or
otherwise carrying out the express terms of a trading partner agreement or
provider enrollment agreement and these rules.
(30) “Personal Identification Number (PIN)” means the
alpha-numeric codes assigned to web portal submitters by the Authority for the
purpose of allowing access to the Authority’s information system, including the
web portal, for the purpose of successfully executing DDE, data transmissions,
or otherwise carrying out the express terms of a trading partner agreement,
provider enrollment agreement, and these rules.
(31) “Prepaid Health Plan (PHP) or Plan” means a
managed health care, dental care, chemical dependency, physician care
organization, or mental health care organization that contracts with the
Authority on a case managed, prepaid, capitated basis under the Oregon Health
Plan (OHP).
(32) “Provider” means an individual, facility,
institution, corporate entity, or other organization which supplies or provides
for the supply of services, goods or supplies to covered individuals pursuant
to a contract, including but not limited to a provider enrollment agreement
with the Authority. A provider does not include billing providers as used in
the Division of Medical Assistance (DMAP) general rules but does include non
healthcare providers such as foster care homes. DMAP billing providers are
defined in these rules as agents, except for DMAP billing providers that are
clinics.
(33) “Provider Enrollment Agreement” means an agreement
between the Authority and a provider for payment for the provision of covered
services to covered individuals.
(34) “Registered Transaction” means each type of EDI
transaction applicable to a trading partner that must be registered with the
Authority before it can be tested or approved for EDI transmission.
(35) “Security Access Codes” means the access code
assigned by the Authority to the web portal submitter or EDI submitter for the
purpose of allowing access to the Authority’s information system, including the
web portal, to execute data transmissions or otherwise carry out the express
terms of a trading partner agreement, provider enrollment agreement, and these
rules. Security access codes may include passwords, PINs, or other codes. For
password standards, refer to the Authority’s ISPO best practice:
http://www.dhs.state.or.us/policy/admin/security/090_002.htm.
(36) “Source Documents” means documents or electronic
files containing underlying data which is or may be required as part of a data
transmission with respect to a claim for payment of charges for medical
services or supplies provided to a covered individual, or with respect to any
other transaction. Examples of data contained within a specific source document
include but are not limited to an individual’s name and identification number,
claim number, diagnosis code for the services provided, dates of service,
service procedure description, applicable charges for the services provided,
and a provider’s, PHP’s, clinic’s, or allied agency’s name, identification
number, and signature.
(37) “Standard” means a rule, condition, or requirement
describing the following information for products, systems, or practices:
(a) Classification of components;
(b) Specification of materials, performance, or
operations; or
(c) Delineation of procedures.
(38) “Standards for Electronic Transactions” mean a
transaction that complies with the applicable standard adopted by DHHS to
implement standards for electronic transactions.
(39) “Submitter” means a provider, PHP, clinic, or
allied agency that may or may not have entered into a Trading Partner Agreement
depending upon whether the need is to exchange Electronic Data Transactions or
access the Authority’s Web Portal.
(40) “Transaction” means the exchange of data between
the Authority and a provider using web portal access or a trading partner using
electronic media to carry out financial or administrative activities.
(41) “Trade Data Log” means the complete written
summary of data and data transmissions exchanged between the Authority and an
EDI submitter during the period of time a trading partner agreement is in
effect and includes but is not limited to sender and receiver information, date
and time of transmission, and the general nature of the transmission.
(42) “Trading Partner” means a provider, PHP, clinic,
or allied agency that has entered into a trading partner agreement with the
Authority in order to satisfy all or part of its obligations under a contract
by means of EDI, ERA, or EMC, or any other mutually agreed means of electronic
exchange or transfer of data.
(43) “Trading Partner Agreement (TPA)” means a specific
written request by a provider, PHP, clinic, or allied agency to conduct EDI
transactions that governs the terms and conditions for EDI transactions in the
performance of obligations under a contract. A provider, PHP, clinic, or allied
agency that has executed a TPA will be referred to as a trading partner in
relation to those functions.
(44) “User” means any individual or entity authorized
by the Authority to access network and information systems or information
assets.
(45) “User Identification Security (UIS)” means a control
method required by the Authority to ensure that only authorized users gain
access to specified information assets. One method of control is the use of
passwords and PINs with unique user identifications.
(46) “Web Portal” means a site on the World Wide Web
that provides secure access with personalized capabilities to its visitors and
a pathway to other content designed for use with the Authority specific DDE
applications.(47) “Web Portal Submitter” means an individual or entity
authorized to establish an electronic media connection with the Authority to
conduct a DDE transaction. A web portal submitter may be a provider or a
provider’s agent.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0110
Purpose
(1) These rules establish requirements applicable to
providers, PHPs, and allied agencies that want to conduct electronic data
transactions with the Authority. These rules govern the conduct of all web
portal or EDI transactions with the Authority. These rules only apply to
services or items that are paid for by the Authority. If the service or item is
paid for by a plan or an allied agency, these rules do not apply.
(2) These rules establish the Authority’s electronic
data transaction requirements for purposes of the Health Insurance Portability
and Accountability Act of 1996, 42 USC 1320d–1320d-8, Public Law 104-191,
sec. 262 and sec. 264, and the implementing standards for electronic
transactions rules. Where a federal HIPAA standard has been adopted for an
electronic data transaction, this rule implements and does not alter the
federal standard.
(3) These rules establish procedures that must be
followed by any provider, PHP, or allied agency in the event of a security or
privacy incident, regardless of whether the incident is related to the use of
an electronic data transaction.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0112
Scope and Sequence of Electronic
Data Transmission Rules
(1) The Authority communicates with and receives
communications from its providers, PHPs, and allied agencies using a variety of
methods appropriate to the services being provided, the nature of the entity
providing the services, and constantly changing technology. These rules
describe some of the basic ways that the Authority will exchange data
electronically. Additional details may be provided in the Authority’s access
control rules, provider-specific rules, or the applicable contract documents.
(2) Access to eligibility information about covered
individuals may occur using one or more of the following methods:
(a) Automated voice response, via a telephone;
(b) Web portal access;
(c) EDI submitter access; or
(d) Point of sale (POS) for pharmacy providers.
(3) Claims for which the Authority is responsible for
payment or encounter submissions made to the Authority may occur using one or
more of the following methods:
(a) Paper, using the form specified in the provider
specific rules and supplemental billing guidance. Providers may submit paper
claims, except that pharmacy providers are required to use the POS process for
claims submission and PHPs are required to use the 837 electronic formats;
(b) Web portal access;
(c) EDI submitter access; or
(d) POS for pharmacy providers.
(4) Authority informational updates, provider record
updates, depository for PHP reports, or EDT as specified by the Authority for
contract compliance.
(5) Other Authority network and information system
access is governed by specific program requirements, which may include but is
not limited to IUP access. Affected providers, PHPs, and allied agencies will
be separately instructed about the access and requirements. Incidents are
subject to these rules.
(6) Providers and allied agencies that continue to use
only paper formats for claims transactions are only subject to the
confidentiality and security rule, OAR 943-120-0170.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0114
Provider Enrollment Agreement
(1) When a provider applies to enroll, the application
form will include information about how to participate in the web portal for
use of DDE and automated voice response (AVR) inquiries. The enrollment
agreement will include a section describing the process that will permit the
provider, once enrolled, to participate in DDE over the Internet using the
secure Authority web portal. This does not include providers enrolled through
the use of the DMAP 3108 Managed Care Plan and FFS Non Paid Provider
Application.
(2) When the provider number is issued by the
Authority, the provider will also receive two PINs: one that may be used to
access the web portal and one that may be used for AVR.
(a) If the PINs are not activated within 60 days of
issuance, the Authority will initiate a process to inactivate the PIN. If the
provider wants to use PIN-based access to the web portal or AVR after
deactivation, the provider must submit an update form to obtain another PIN.
(b) Activating the PIN will require Internet access and
the provider must supply security data that will be associated with the use of
the PIN.
(c) Providers using the PIN are responsible for
protecting the confidentiality and security of the PIN pursuant to OAR
943-120-0170.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0116
Web Portal Submitter
(1) Any provider activating their web portal access for
web portal submission may be a web portal submitter. The provider will be
referred to as the web portal submitter when functioning in that capacity, and
shall be required to comply with these rules governing web portal submitters.
(2) The authorized signer of the provider enrollment
agreement shall be the individual who is responsible for the provider’s DDE
claims submission process.
(a) If a provider submits their own claims directly,
the provider will be referred to as the web portal submitter when functioning
in that capacity and shall be required to comply with these rules governing web
portal submitters.
(b) If a provider uses an agent or clinic to submit DDE
claims using the Authority’s web portal, the agent or clinic will be referred
to as the web portal submitter when functioning in that capacity and shall be
required to comply with these rules governing web portal submitters.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042 &
414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0118
Conduct of Direct Data Entry Using
Web Portal
(1) The web portal submitter is responsible for the
conduct of the DDE transactions submitted on behalf of the provider, as
follows:
(a) Accuracy of Web Portal Submissions. The web portal
submitter must take reasonable care to ensure that data and DDE transmissions
are timely, complete, accurate, and secure, and must take reasonable precautions
to prevent unauthorized access to the information system or the DDE
transmission. The Authority will not correct or modify an incorrect DDE
transaction prior to processing. The transactions may be rejected and the web
portal submitter will be notified of the rejection.
(b) Cost of Equipment. The web portal submitter and the
Authority must bear their own information system costs. The web portal
submitter must, at their own expense, obtain access to Internet service that is
compatible with and has the capacity for secure access to the Authority’s web
portal. Web portal submitters must pay their own costs for all charges,
including but not limited to charges for equipment, software and services,
Internet connection and use time, terminals, connections, telephones, and
modems. The Authority is not responsible for providing technical assistance for
access to or use of Internet web portal services or the processing of a DDE
transaction.
(c) Format of DDE Transactions. The web portal
submitter must send and receive all data transactions in the Authority’s
approved format. Any attempt to modify or alter the DDE transaction format may
result in denial of web portal access.
(d) Re-submissions. The web portal submitter must
maintain source documents and back-up files or other means sufficient to
re-create a data transmission in the event that re-creation becomes necessary
for any purpose, within timeframes required by federal or state law, or by
contractual agreement. Back ups, archives, or related files are subject to the
terms of these rules to the same extent as the original data transmission.
(2) Security and Confidentiality. To protect security
and confidentiality, web portal submitters must comply with the following:
(a) Refrain from copying, reverse engineering,
disclosing, publishing, distributing, or altering any data or data
transmissions, except as permitted by these rules or the contract, or use the
same for any purpose other than that which the web portal submitter was
specifically given access and authorization by the Authority or the provider.
(b) Refrain from obtaining access by any means to any
data or the Authority’s network and information system for any purpose other
than that which the web portal submitter has received express authorization to
receive access. If the web portal submitter receives data or data transmissions
from the Authority which are clearly not intended for the receipt of web portal
submitter, the web portal submitter will immediately notify the Authority and
make arrangements to return or re-transmit the data or data transmission to the
Authority. After re-transmission, the web portal submitter must immediately
delete the data contained in the data transmission from its information system.
(c) Install necessary security precautions to ensure
the security of the DDE transmission or records relating to the information
system of either the Authority or the web portal submitter when the information
system is not in active use by the web portal submitter.
(d) Protect and maintain, at all times, the
confidentiality of security access codes issued by the Authority. Security
access codes are strictly confidential and specifically subject, without
limitation, to all of the restrictions in OAR 943-120-0170. The Authority may
change the designated security access codes at any time and in any manner as
the Authority in its sole discretion considers necessary.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0120
Registration Process — EDI
Transactions
(1) The EDI transaction process is preferred by
providers, PHPs, and allied agencies for conducting batch or real time
transactions, rather than the individual data entry process used for DDE. EDI
registration is an administrative process governed by these rules. The EDI
registration process begins with the submission of a TPA by a provider, PHP,
clinic, or allied agency, including all requirements and documentation required
by these rules.
(2) Trading partners must be Authority providers, PHPs,
clinics, or allied agencies with a current Authority contract. The Authority
will not accept a TPA from individuals or entities who do not have a current
contract with the Authority.
(a) The Authority may receive and hold the TPA for
individuals or entities that have submitted a provider enrollment agreement or
other pending contract, subject to the satisfactory execution of the pending
document.
(b) Termination, revocation, suspension, or expiration
of the contract will result in the concurrent termination, revocation,
suspension, or expiration of the TPA without any additional notice; except that
the TPA will remain in effect to the extent necessary for a trading partner or
the Authority to complete obligations involving EDI under the contract for
dates of service when the contract was in effect. Contracts that are
periodically renewed or extended do not require renewal or extension of the TPA
unless there is a lapse of time between contracts.
(c) Failure to identify a current Authority contract
during the registration process will result in a rejection of the TPA. The
Authority will verify that the contract numbers identified by a provider, PHP,
clinic, or allied agency are current contracts.
(d) If contract number or contract status changes, the
trading partner must provide the Authority with updated information within five
business days of the change in contract status. If the Authority determines
that a valid contract no longer exists, the Authority shall discontinue EDI
transactions applicable for any time period in which the contract no longer
exists; except that the TPA will remain in effect to the extent necessary for
the trading partner or the Authority to complete obligations involving EDI
under the contract for dates of service when the contract was in effect.
(3) Trading Partner Agreement. To register as a trading
partner with the Authority, a provider, PHP, clinic, or allied agency must
submit a signed TPA to the Authority.
(4) Application for Authorization. In addition to the
requirements of section (3) of this rule, a trading partner must submit an
application for authorization to the Authority. The application provides
specific identification and legal authorization from the trading partner for an
EDI submitter to conduct EDI transactions on behalf of a trading partner.
(5) Trading Partner Agents. A trading partner may use
agents to facilitate the electronic transmission of data. If a trading partner
will be using an agent as an EDI submitter, the application for authorization
required under section (4) of this rule must identify and authorize an EDI
submitter and must include the EDI certification signed by an EDI submitter
before the Authority may accept electronic submission from or send electronic
transmission to an EDI submitter.
(6) EDI Registration. In addition to the requirements
of section (3) of this rule, a trading partner must also submit its EDI
registration form. This form requires the trading partner or its authorized EDI
submitter to register an EDI submitter and the name and type of EDI transaction
they are prepared to conduct. Signature of the trading partner or authorized
EDI submitter is required on the EDI registration form. The registration form
will also permit the trading partner to identify the individuals or EDI
submitters who are authorized to submit or receive EDI registered transactions.
(7) Review and Acceptance Process. The Authority will
review the documentation provided to determine compliance with sections (1)
through (6) of this rule. The information provided may be subject to
verification by the Authority. When the Authority determines that the
information complies with these rules, the Authority will notify the trading
partner and EDI submitter by email about any testing or other requirements
applicable to place the registered transaction into a production environment.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0130
Trading Partner as EDI Submitter
— EDI Transactions
(1) A trading partner may be an EDI submitter.
Registered trading partners that also qualify as an EDI submitter may submit
their own EDI transactions directly to the Authority. A trading partner will be
referred to as an EDI submitter when functioning in that capacity and will be
required to comply with applicable EDI submitter rules, except as provided in
section (3) of this rule.
(2) Authorization and Registration Designating Trading
Partner as EDI Submitter. Before acting as an EDI submitter, a trading partner
must designate in the application for application that they are an EDI
submitter who is authorized to send and receive data transmissions in the
performance of EDI transactions. A trading partner must complete the “Trading
Partner Application for Authorization to Submit EDI Transactions” and the “EDI
Submitter Information” required in the application. A trading partner must also
submit the EDI registration form identifying them as an EDI submitter. A trading
partner must notify the Authority of any material changes in the information no
less than ten days prior to the effective date of the change.
(3) EDI Submitter Certification Conditions. Where a
trading partner is acting as its own EDI submitter, the trading partner is not
required to submit the EDI submitter certification conditions in the
application for authorization applicable to agents.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0140
Trading Partner Agents as EDI
Submitters — EDI Transactions
(1) Responsibility for Agents. If a trading partner
uses the services of an agent, including but not limited to an EDI submitter in
any capacity in order to receive, transmit, store, or otherwise process data or
data transmissions or perform related activities, a trading partner shall be
fully responsible to the Authority for the agent’s acts.
(2) Notices Regarding EDI Submitter. Prior to the
commencement of an EDI submitter’s services, a trading partner must designate
in the application for authorization the specific EDI submitters that are
authorized to send and receive data transmissions in the performance of EDI
transactions of a trading partner. A trading partner must complete the “Trading
partner Authorization of EDI Submitter” and the “EDI Submitter Information”
required in the application. A trading partner must also submit the EDI
registration form identifying and providing information about an EDI submitter.
A trading partner or authorized EDI submitter must notify the Authority of any
material changes in the EDI submitter authorization or information no less than
five days prior to the effective date of the changes.
(3) EDI Submitter Authority. A trading partner must
authorize the actions that an EDI submitter may take on behalf of a trading
partner. The application for authorization permits a trading partner to
authorize which decisions may only be made by a trading partner and which
decisions are authorized to be made by an EDI submitter. The EDI submitter
information authorized in the application for authorization will be recorded by
the Authority in an EDI submitter profile. The Authority may reject EDI
transactions from an EDI submitter acting without authorization from a trading
partner.
(4) EDI Submitter Certification Conditions. Each
authorized EDI submitter acting as an agent of a trading partner must execute
and comply with the EDI submitter certification conditions that are
incorporated into the application for authorization. Failure to include the
signed EDI submitter certification conditions with the application shall result
in a denial of EDI submitter authorization by the Authority. Failure of an EDI
submitter to comply with the EDI submitter certification conditions may result
in termination of EDI submitter registration for EDI transactions with the
Authority.
(5) EDI Submitters Responsibilities. In addition to the
requirements of section (1) of this rule, a trading partner is responsible for
ensuring that an EDI submitter makes no unauthorized changes in the data
content of all data transmissions or the contents of an envelope, and that an
EDI submitter will take all appropriate measures to maintain the timeliness,
accuracy, truthfulness, confidentiality, security, and completeness of each
data transmission. A trading partner is responsible for ensuring that its EDI
submitters are specifically advised of, and will comply with, the terms of
these rules and any TPA.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0150
Testing — EDI Transactions
(1) When a trading partner or authorized EDI submitter
registers an EDI transaction with the Authority, the Authority may require
testing before authorizing the transaction. Testing may include third party and
business-to-business testing. An EDI submitter must be able to demonstrate its
capacity to send and receive each transaction type for which it has registered.
The Authority will reject any EDI transaction if an EDI submitter either
refuses or fails to comply with the Authority testing requirements.
(2) The Authority may require EDI submitters to
complete compliance testing at an EDI submitter’s expense for each transaction
type if either the Authority or an EDI submitter has experienced a change to
hardware or software applications by entering into business-to-business
testing.
(3) When third party and/or business-to-business
testing is completed to the Authority’s satisfaction, the Authority will notify
an EDI submitter that it will register and accept the transactions in the production
environment. This notification authorizes an EDI submitter to submit the
registered EDI transactions to the Authority for processing and response, as
applicable. If there are any changes in the trading partner or EDI submitter
authorization, profile data or EDI registration information on file with the
Authority, updated information must be submitted to the Authority as required
in OAR 943-120-0190.
(4) Testing will be conducted using secure electronic
media communications methods.
(5) An EDI submitter may be required to re-test with
the Authority if the Authority format changes or if the EDI submitter format
changes.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0160
Conduct of Transactions —
EDI Transactions
(1) EDI Submitter Obligations. An EDI submitter is
responsible for the conduct of the EDI transactions registered on behalf of a
trading partner, including the following:
(a) EDI Transmission Accuracy. An EDI submitter shall
take reasonable care to ensure that data and data transmissions are timely,
complete, accurate, and secure; and shall take reasonable precautions to
prevent unauthorized access to the information system, the data transmission,
or the contents of an envelope which is transmitted either to or from the
Authority. The Authority will not correct or modify an incorrect transaction
prior to processing. The transaction may be rejected and an EDI submitter
notified of the rejection.
(b) Re-transmission of Indecipherable Transmissions.
Where there is evidence that a data transmission is lost or indecipherable, the
sending party must make best efforts to trace and re-transmit the original data
transmission in a manner which allows it to be processed by the receiving party
as soon as practicable.
(c) Cost of Equipment. An EDI submitter and the
Authority will pay for their own information system costs. An EDI submitter
shall, at its own expense, obtain and maintain its own information system. An
EDI submitter shall pay its own costs for all charges related to data
transmission including, without limitation, charges for information system
equipment, software and services, electronic mailbox maintenance, connect time,
terminals, connections, telephones, modems, any applicable minimum use charges,
and for translating, formatting, sending, and receiving communications over the
electronic network to the electronic mailbox, if any, of the Authority. The
Authority is not responsible for providing technical assistance in the
processing of an EDI transaction.
(d) Back-up Files. EDI submitters must maintain
adequate data archives and back-up files or other means sufficient to re-create
a data transmission in the event that re-creation becomes necessary for any
purpose, within timeframes required by state and federal law, or by contractual
agreement. Data archives or back-up files shall be subject to these rules to
the same extent as the original data transmission.
(e) Transmissions Format. Except as otherwise provided
herein, EDI submitters must send and receive all data transmissions in the
federally mandated format, or (if no federal standard has been promulgated)
other formats as the Authority designates.
(f) Testing. EDI submitters must, prior to the initial
data transmission and throughout the term of a TPA, test and cooperate with the
Authority in the testing of information systems as the Authority considers
reasonably necessary to ensure the accuracy, timeliness, completeness, and
confidentiality of each data transmission.
(2) Security and Confidentiality. To protect security
and confidentiality of transmitted data, EDI submitters must comply with the
following:
(a) Refrain from copying, reverse engineering,
disclosing, publishing, distributing, or altering any data, data transmissions,
or the contents of an envelope, except as necessary to comply with the terms of
these rules or the TPA, or use the same for any purpose other than that which
an EDI submitter was specifically given access and authorization by the
Authority or a trading partner;
(b) Refrain from obtaining access by any means to any
data, data transmission, envelope, mailbox, or the Authority’s information
system for any purpose other than that which an EDI submitter has received
express authorization. If an EDI submitter receives data or data transmissions
from the Authority which clearly are not intended for an EDI submitter, an EDI
submitter shall immediately notify the Authority and make arrangements to
return or re-transmit the data or data transmission to the Authority. After
re-transmission, an EDI submitter shall immediately delete the data contained
in the data transmission from its information system;
(c) Install necessary security precautions to ensure
the security of the information systems or records relating to the information
systems of either the Authority or an EDI submitter when the information system
is not in active use by an EDI submitter;
(d) Protect and maintain the confidentiality of
security access codes issued by the Authority to an EDI submitter; and
(e) Provide special protection for security and other
purposes, where appropriate, by means of authentication, encryption, the use of
passwords, or other means. Unless otherwise provided in these rules, the
recipient of a protected data transmission must at least use the same level of
protection for any subsequent transmission of the original data transmission.
(3) Authority Obligations. The Authority shall:
(a) Make available to an EDI submitter, by electronic
media, those types of data and data transmissions which an EDI submitter is
authorized to receive.
(b) Inform an EDI submitter of acceptable formats in
which data transmissions may be made and provide notification to an EDI
submitter within reasonable time periods consistent with HIPAA transaction
standards, if applicable, or at least 30 days prior by electronic notice of
other changes in formats.
(c) Provide an EDI submitter with security access codes
that will allow an EDI submitter access to the Authority’s information system.
Security access codes are strictly confidential and EDI submitters must comply
with all of the requirements of OAR 943-120-0170. The Authority may change the
designated security access codes at any time and manner as the Authority, in
its sole discretion, deems necessary. The release of security access codes
shall be limited to authorized electronic data personnel of an EDI submitter
and the Authority with a need to know.
(4) Department of Consumer and Business Services (DCBS)
submission standards Health insurers and health care entities in Oregon shall
make all necessary actions required by the DCBS Oregon Companion Guides to
comply with the Health Insurance Reform Administrative Streamlining and
Simplification as specified in OAR 836-100-0100 to 836-100-0120.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0165
Pharmacy Point of Sale Access
Pharmacy providers who electronically bill
pharmaceutical claims must participate in and submit claims using the POS
system, except as provided in OAR 410-121-0150.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0170
Security
(1) Individually Identifiable Health Information. All
providers, PHPs, and allied agencies are responsible for ensuring the security
of individually identifiable health information, consistent with the requirements
of the privacy statutes and regulations, and shall take reasonable action to
prevent any unauthorized disclosure of confidential information by a provider,
PHP, allied agency, or other agent. A provider, web portal submitter, trading
partner, EDI submitter, or other agent must comply with any and all applicable
privacy statutes and regulations relating to confidential information.
(2) General Requirements for Electronic Submitters. A
provider (web portal submitter), trading partner (EDI submitter), or other
agent must maintain adequate security procedures to prevent unauthorized access
to data, data transmissions, security access codes, or the Authority’s
information system, and must immediately notify the Authority of all
unauthorized attempts by any individual or entity to obtain access to or
otherwise tamper with the data, data transmissions, security access codes, or
the Authority’s information system.
(3) Notice of Unauthorized Disclosures. All providers,
PHPs, and allied agencies must promptly notify the Authority of all unlawful or
unauthorized disclosures of confidential information that come to its agents’
attention pursuant to the Authority’s ISPO policy:
http://www.dhs.state.or.us/policy/admin/security/090_005.pdf, and shall
cooperate with the Authority if corrective action is required by the Authority.
The Authority shall promptly notify a provider, PHP, or allied agency of all
unlawful or unauthorized disclosures of confidential information in relation to
a provider, PHP, or allied agency that come to the Authority’s or its agents’
attention, and will cooperate with a provider, PHP, or allied agency if
corrective action is required.
(4) Wrongful use of the web portal, EDI systems, or the
Authority’s network and information system, or wrongful use or disclosure of
confidential information by a provider, allied agency, electronic submitters,
or their agents may result in the immediate suspension or revocation of any
access granted under these rules or other Authority rules, at the sole discretion
of the Authority.
(5) A provider, allied agency, PHP, or electronic
submitter must report to the Authority’s Information Security Office at
dhsinfo.security@state.or.us and to the Authority program contact individual,
any privacy or security incidents that compromise, damage, or cause a loss of
protection to confidential information, information assets, or the Authority’s
network and security system. Reports must be made in the following manner:
(a) No later than five business days from the date on
which a provider, allied agency, PHP, or electronic submitter becomes aware of
the incident; and
(b) Provide the results of the incident assessment
findings and resolution strategies no later than 30 business days after the
report is due under section (4)(a).
(6) A provider, allied agency, PHP, or electronic
submitter must comply with the Authority’s requests for corrective action
concerning a privacy or security incident and with applicable laws requiring
mitigation of harm caused by the unauthorized use or disclosure of confidential
information.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0180
Record Retention and Audit
(1) Records Retention. A provider, web portal
submitter, trading partner, and EDI submitter shall maintain, for a period of
no less than seven years from the date of service, complete, accurate, and
unaltered copies of all source documents associated with all data
transmissions.
(2) EDI Trade Data Log. An EDI submitter must establish
and maintain a trade data log that must record all data transmissions taking
place between an EDI submitter and the Authority during the term of a TPA. A
trading partner and EDI submitter must take necessary and reasonable steps to
ensure that the trade data log constitutes a current, truthful, accurate,
complete, and unaltered record of all data transmissions between the parties
and must be retained by each party for no less than 24 months following the
date of the data transmission. The trade data log may be maintained on
electronic media or other suitable means provided that, if necessary, the
information may be timely retrieved and presented in readable form.
(3) Right to Audit. A provider must allow and require
any web portal submitter to allow, and a trading partner must allow and require
an EDI submitter or other agent to allow access to the Authority, the Oregon
Secretary of State, the Oregon Department of Justice Medicaid Fraud Unit, or
its designees, and DHHS or its designees to audit relevant business records,
source documents, data, data transmissions, trade data logs, or information
systems of a provider and its web portal submitter, and a trading partner, and
its agents, as necessary, to ensure compliance with these rules. A provider
must allow and require its web portal submitter to allow, and a trading partner
must allow and require an EDI submitter or other agent to allow the Authority, or
its designee, access to ensure that adequate security precautions have been
made and are implemented to prevent unauthorized disclosure of any data, data
transmissions, or other information.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0190
Material Changes
(1) Changes in Any Material Information - EDT Process.
A trading partner must submit an updated TPA, application for authorization, or
EDI registration form to the Authority within ten business days of any material
change in information. A material change includes but is not limited to mailing
or email address change, contract number or contract status (termination,
expiration, extension), identification of authorized individuals of a trading
partner or EDI submitter, the addition or deletion of authorized transactions,
or any other change that may affect the accuracy of or authority for an EDI
transaction. The Authority may act on data transmissions submitted by a trading
partner and its EDI submitter based on information on file in the application
for authorization and EDI registration forms until an updated form has been
received and approved by the Authority. A trading partner’s signature or the
signature of an authorized EDI submitter is required to ensure that an updated
TPA, authorization, or EDI registration form is valid and authorized.
(2) Changes in Any Material Information — Web
Portal Access. Providers must submit an updated web portal registration form to
the Authority within ten business days of any material changes in information.
A material change includes but is not limited to mailing or email address
change, contract number or contract status (termination, suspension,
expiration), identification of web portal submitter contact information, or any
other change that may affect the accuracy of or authority for a DDE
transaction. The Authority is authorized to act on data transmissions submitted
by a provider and its web portal submitter based on information on file in the
web portal registration form until an updated form has been received and
approved by the Authority. A provider’s signature or the signature of an
authorized business representative is required to ensure that an updated web
portal registration form is valid and authorized.
(3) Failure to submit a timely updated form may impact
the ability of a data transaction to be processed without errors. Failure to
submit a signed, updated form may result in the rejection of a data
transmission.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
943-120-0200
Authority System Administration
(1) No individual or entity shall be registered to
conduct a web portal or an EDI transaction with the Authority except as
authorized under these the rules. Eligibility and continued participation as a
provider, PHP, allied agency or web portal submitter in the conduct of DDE
transactions, or as a trading partner or EDI submitter in the conduct of
registered transactions, is conditioned on the execution and delivery of the
documents required in these rules, the continued accuracy of that information
consistent with OAR 943-120-0190, and compliance with a requirements of these
rules. Data, including confidential information, governed by these rules may be
used for purposes related to treatment, payment, and health care operations and
for the administration of programs or services by the Authority.
(2) In addition to the requirements of section (1) of
this rule, in order to qualify as a trading partner:
(a) An individual or entity must be a Authority
provider, PHP, clinic, or allied agency pursuant to a current valid contract;
and
(b) A provider, PHP, clinic, or allied agency must have
submitted an executed TPA and all related documentation, including the
application for authorization, that identifies and authorizes an EDI submitter.
(3) In addition to the requirements of section (1) of
this rule, in order to qualify as an EDI submitter:
(a) A trading partner must have identified the
individual or entity as an authorized EDI submitter in the application for
authorization;
(b) If a trading partner identifies itself as an EDI
submitter, the application for authorization must include the information
required in the “Trading Partner Authorization of EDI Submitter” and the “EDI
Submitter Information”; and
(c) If a trading partner uses an agent as an EDI
submitter, the application for authorization must include the information
described in section (3)(b) and the signed EDI submitter certification.
(4) The EDI registration process described in these
rules provides the Authority with essential profile information that the
Authority may use to confirm that a trading partner or EDI submitter is not
otherwise excluded or disqualified from submitting EDI transactions to the
Authority.
(5) Nothing in these rules or a TPA prevents the
Authority from requesting additional information from a trading partner or an
EDI submitter to determine their qualifications or eligibility for registration
as a trading partner or EDI submitter.
(6) The Authority shall deny a request for registration
as a trading partner or for authorization of an EDI submitter or an EDI
registration if it finds any of the following:
(a) A trading partner or EDI submitter has
substantially failed to comply with the applicable administrative rules or
laws;
(b) A trading partner or EDI submitter has been
convicted of (or entered a plea of nolo contendre) a felony or misdemeanor
related to a crime or violation of federal or state public assistance laws or
privacy statutes or regulations;
(c) A trading partner or EDI submitter is excluded from
participation in the Medicare program, as determined by the DHHS secretary; or
(d) A trading partner or EDI submitter fails to meet
the qualifications as a trading partner or EDI submitter.
(7) Failure to comply with these rules, trading partner
agreement, or EDI submitter certification or failure to provide accurate
information on an application or certification may also result in sanctions and
payment recovery pursuant to applicable Authority program contracts or rules.
(8) For providers using the DDE submission system by
the Authority web portal, failure to comply with the terms of these rules, a
web portal registration form, or failure to provide accurate information on the
registration form may result in sanctions or payment recovery pursuant to the
applicable Authority program contracts or rules.
Stat. Auth.: ORS 413.042
&414.065
Stats. Implemented: ORS 413.042
& 414.065
Hist.: OHA 13-2011(Temp), f. &
cert. ef. 7-1-11 thru 12-27-11; OHA 26-2011, f. 10-31-11, cert. ef. 11-1-11
Notes
1.) This online version of the OREGON BULLETIN is provided for convenience of reference and enhanced access. The official, record copy of this publication is contained in the original Administrative Orders and Rulemaking Notices filed with the Secretary of State, Archives Division. Discrepancies, if any, are satisfied in favor of the original versions. Use the OAR Revision Cumulative Index found in the Oregon Bulletin to access a numerical list of rulemaking actions after November 15, 2010.
2.) Copyright 2011 Oregon Secretary of State: Terms and Conditions of Use |