ORS 746.608¹

(1) The Director of the Department of Consumer and Business Services shall adopt rules implementing ORS 746.607 (Use and disclosure of personal information). In adopting rules under this section, the director shall consider the information privacy provisions of the federal Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191) and the federal Gramm-Leach-Bliley Act (P.L. 106-102).

(2) The rules adopted under subsection (1) of this section shall include but are not limited to:

(a) Permitted uses and disclosures of:

(A) Personal financial information for business, professional or insurance purposes; and

(B) Protected health information for treatment, payment and health care operations.

(b) Requirements for notice of privacy practices for protected health information and notice of information practices for personal financial information. [2003 c.87 §4]

1 Legislative Counsel Committee, CHAPTER 746—Trade Practices, https://­www.­oregonlegislature.­gov/­bills_laws/­ors/­ors746.­html (2019) (last ac­cessed May 16, 2020).
2 OregonLaws.org contains the con­tents of Volume 21 of the ORS, inserted along­side the per­tin­ent statutes. See the preface to the ORS An­no­ta­tions for more information.
3 OregonLaws.org assembles these lists by analyzing references between Sections. Each listed item refers back to the current Section in its own text. The result reveals relationships in the code that may not have otherwise been apparent. Currency Information