Change Page Size of List
Page Size  
No record to display
Summary:

When customer records that contain personal information (including medical information) are no longer to be retained, a business shall take all reasonable steps to dispose of the records by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.

Summary:

A business that owns or licenses personal information about a California resident shall implement and maintain reasonable security procedures and practices to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. A business that discloses personal information about a California resident pursuant to a contract with a nonaffiliated third party shall require by contract that the third party implement similar security procedures.

Summary:

Any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose any security breach to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Any person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Notification may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation, in which case, notification shall be made after the law enforcement agency determines that it will not compromise the investigation.

Summary:

With some exceptions, if a business has an established business relationship with a customer and has within the immediately preceding calendar year disclosed personal information, including medical conditions and drugs, therapies, or medical products/equipment used, to third parties that used the personal information for direct marketing purposes, that business shall, upon request from the customer, provide to the customer free of charge: (1) a list of the categories of personal information disclosed by the business to third parties for the third parties' direct marketing purposes during the immediately preceding calendar year; and (2) the names and addresses of the third parties and in some cases, examples of the products or services marketed, sufficient to give the customer a reasonable indication of the nature of the third parties' business.

Summary:

Any customer injured by a violation of this title [i.e. by disclosure of personal information] may institute a civil action to recover damages.

Keywords:
business, penalty
Summary:

A business may not request medical information for marketing purposes unless the business discloses the marketing purpose, and gains the consent of the data subject or the subject's authorized representative prior to obtaining the medical information. The section also lays out requirements for the formatting, readability of written consent forms.

Keywords:
marketing, business
Summary:

Two or more primary care clinics that are operated by a single nonprofit corporation shall be entitled to consolidate their administrative functions, which include storing/maintaining offsite patient medical records that have been inactive for at least 3 yrs.

Summary:

The Department of Mental Health may contract with an independent, nongovernmental entity to conduct client record reviews. The entity must comply with all federal and state privacy laws, including the federal Health Insurance Portability and Accountability Act, the Confidentiality of Medical Information Act, and Section 1798.81.5 of the Civil Code [businesses that own or license personal information about Californians must provide reasonable security for that information]. The entity shall be subject to existing penalties for violation of these laws. The entity cannot use, sell, or disclose client records for a purpose other than the one for which the record was given. “Client record” means a medical record, chart, or similar file.

Summary:

Any document relevant to the business operations of a licensee, and not involving medical records attributable to identifiable patients, may be inspected and copied where relevant to an investigation of a licensee by the Attorney General or other authorized investigators.

Summary:

An insurance institution, agent, or insurance-support organization may disclose personal or privileged information about an individual if the disclosure is reasonably necessary to perform a business, professional or insurance function, including determining an individual's eligibility for an insurance benefit or payment; or detecting or preventing criminal activity, fraud, material misrepresentation or material nondisclosure in connection with an insurance transaction.

Now viewing : Page 1 of 2 first     previous     next     last