New California Laws Up the Ante on Medical Privacy Efforts
Medical privacy legislation that Gov. Arnold Schwarzenegger (R) signed last week could push more health care organizations in California to fully comply with the privacy and security provisions of the federal Health Insurance Portability and Accountability Act, Computerworld reports.
Peter MacKoul, president of the consulting firm HIPAA Solutions LC, said that California is "using HIPAA as the floor, saying it has been so many years since HIPAA went into effect that you needed to have complied with it a long time ago."
The laws will take effect on Jan. 1, 2009.
Legislative Details
Under SB 541, health care organizations are required to adopt protections aimed at preventing unlawful and unauthorized access to patient data. The protections must monitor employees' access to data.
In addition, the new law gives the California Department of Health the authority to fine health care organizations up to $25,000 for each patient whose medical information might have been accessed or disclosed unlawfully. The agency also can fine health care organizations up to $100,000 for data privacy and security violations that put patients at risk.
A provision of the law requires breaches to be disclosed to affected patients and DPH within five days of being discovered.
Finally, SB 541 allows the department to refer health care organizations that do not comply with the HIPAA medical privacy and security rules to the new state Office of Health Information Integrity, formed under a provision of AB 211.
Under AB 211, organizations that negligently disclose patient information face fines from $2,500 to $25,000. Companies or people who use medical information for financial gain face fines up to $250,000 per violation.
In addition, AB 211 permits legal action against parties that failed to adequately protect their data (Vijayen, Computerworld, 10/7). This is part of the California Healthline Daily Edition, a summary of health policy coverage from major news organizations. Sign up for an email subscription.