California Is At It Again ....

June 24, 2011
When Anthony Guerra of Healthcare Informatics invited me to conduct this Health Law Privacy Blog, I must admit I had a few reservations.  In my
When Anthony Guerra of Healthcare Informatics invited me to conduct this Health Law Privacy Blog, I must admit I had a few reservations. In my experience, there are few things sadder than a poorly maintained blog. Stumbling upon one while browsing the Internet is sort of like encountering someone muttering to himself in an empty room -- depressing. It is my goal to spark some discussion on this blog by keeping it updated with new developments in health care privacy law, along with war stories and practical tips from the front lines of privacy compliance. And with that intro out of the way, onward into the blogosphere ....California has often been a first mover with respect to many forms of privacy and security legislation, and its privacy laws are often more rigorous than those of other states. For example, California was the first state to pass a security breach notification law (S.B. 1386) that was later emulated by many states. Privacy officers of national companies often spend an inordinate amount of time tailoring their operations to California's highest common denominator for privacy compliance.Earlier this month, California raised the bar yet again when Governor Schwarzenegger signed A.B. 1298, a new law that expands the definition of "personal information" under California's security breach notification law to include medical and health insurance information. Generally, California's law requires that when personal information is acquired by an unauthorized person, the affected individuals must be notified. A.B. 1298 will take effect on January 1, 2008.Prior the enactment of A.B. 1298, a health care provider could experience a security breach, such as a theft of a laptop containing medical information, that would not trigger California's notification requirements because the data did not satisfy the definition of "personal information." "Personal information" previously consisted of name, plus Social Security number, driver's license number or account number with password. Don't be surprised if other states follow California's lead by expanding the definition of "personal information" under their security breach notification laws.In upcoming posts, I will examine some other significant aspects of A.B. 1298, and report on some of the health care privacy topics that were discussed at last week's International Association of Privacy Professionals ("IAPP") Privacy Academy in my hometown of San Francisco.

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?