(1) The Director of the Department of Consumer and Business Services shall adopt rules implementing ORS 746.607 (Use and disclosure of personal information). In adopting rules under this section, the director shall consider the information privacy provisions of the federal Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191) and the federal Gramm-Leach-Bliley Act (P.L. 106-102).
(2) The rules adopted under subsection (1) of this section shall include but are not limited to:
(a) Permitted uses and disclosures of:
(A) Personal financial information for business, professional or insurance purposes; and
(B) Protected health information for treatment, payment and health care operations.
(b) Requirements for notice of privacy practices for protected health information and notice of information practices for personal financial information. [2003 c.87 §4]
3 OregonLaws.org assembles these lists by analyzing references between Sections. Each listed item refers back to the current Section in its own text. The result reveals relationships in the code that may not have otherwise been apparent.