Change Page Size of List
Page Size  
No record to display
Summary:

This section defines "personal information" which includes medical information and health insurance information. Defines "medical information" as any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. The provision defines "health insurance information" as any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. The section excludes from the meaning of "personal information" any publicly available information that is lawfully made available to the general public from federal, state, or local government records.

Summary:

This section defines "personal information" to include medical information. The section defines "medical information" as any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. The section excludes from the meaning of "personal information" any publicly available information that is lawfully made available to the general public from federal, state, or local government records.

Summary:

(h)(1) Any potential or actual breach of confidentiality of HIV-related public health records shall be investigated by the local health officer, in coordination with the Department of Health Services, when appropriate. The local health officer shall immediately report any evidence of an actual breach of confidentiality of HIV-related public health records at a city or county level to the department and the appropriate law enforcement agency. (2) The department will investigate confidentiality breaches at the state level, and report any evidence of an actual breach to the appropriate law enforcement agency.

Summary:

(1) Any person who negligently discloses the content of any confidential health record to a third party without written authorization or as otherwise authorized by law shall be subject to a civil penalty of $5,000. (2) Any person who willfully or maliciously discloses the confidential health record shall be subject to a civil penalty of not less than $5,000 and not more than $25,000. (3) If the disclosure results in economic, bodily, or psychological harm to the person, the discloser is guilty of a misdemeanor, and subject to imprisonment of up to one year or a fine not to exceed $25,000. (4) The discloser will also be liable to the person whose record was disclosed for all the actual damages that are a proximate result of the act. (5) Each violation is a separate and actionable offense. All fines and damages are payable to the person whose records was disclosed.

Summary:

Any agency that owns or licenses computerized data shall disclose any security breach to any California resident whose unencrypted personal information (including medical information) was acquired by an unauthorized person. Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any security breach immediately following discovery that the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Notification may be delayed if a law enforcement agency determines that it will impede a criminal investigation; in which case, notification shall be made after the law enforcement agency determines that it will not compromise the investigation.

Summary:

Any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose any security breach to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Any person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Notification may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation, in which case, notification shall be made after the law enforcement agency determines that it will not compromise the investigation.

Summary:

In the case of unlawful or unauthorized access to, use, or disclosure of a patient's medical information, the licensed clinic, health facility, home health agency, or hospice shall report the unlawful or unauthorized disclosure to (1) the Department of Public Health and (2) to the affected patient or the patient's representative no later than five business days after detection of the unlawful disclosure.

Summary:

A clinic, health facility, home health agency, or hospice licensed under the Health and Safety Code shall delay the reporting of any unlawful or unauthorized access to, or use or disclosure of, a patient's medical information beyond five business days if a law enforcement agency or official provides the clinic, health facility, home health agency, or hospice with a written or oral statement that compliance with the reporting requirements would be likely to impede the law enforcement agency's activities.

Summary:

If a clinic, health facility, home health agency, or hospice fails to report any unlawful or unauthorized access to, use or disclosure of a patient's medical information to the Department of Public Health or to the affected patient, the department may assess the licensee a penalty in the amount of one hundred dollars ($100) for each day that the unlawful or unauthorized access is not reported, following the initial five-day period. The total combined penalty assessed by the department shall not exceed two hundred fifty thousand dollars ($250,000) per reported event.

Now viewing : Page 1 of 1 first     previous     next     last