compliance group shot

HIPAA & Patient Privacy

Breadcrumb

Health Insurance Portability and Accountability Act (HIPAA) & Patient Privacy

Passed in 1996, HIPAA provides guidelines that protect the confidentiality and security of an individual's healthcare information, as well as helping people keep their health insurance and helping the healthcare industry control costs.

Links to Resources


Federal Patient Privacy Laws

General Penalty for Failure to Comply with Requirements and Standards - 42 USC 1320d-5

Sets requirements and penalties for health plans for failure to comply with 42 USC 1320d .

The full text of 42 USC 1320d-5 is available in multiple formats on the Government Publishing Office website.

Wrongful Disclosure of Individually Identifiable Health Information - 42 USC 1320d-6

Defines the terms of "individually identifiable health information."

The full text of 42 USC 1320d-5 is available in multiple formats on the Government Publishing Office website.


California State Patient Privacy Laws

Clinics, health facilities, home health agencies, and hospices: administrative penalties and patient information - SB 541 (2008)

Passed in 2008, SB 541:

  • Sets health facility fines for privacy breaches and increases the fines for serious medical errors in hospitals. Fines for disclosing private medical information range up to $250,000 per reported event.
  • Created a new five day reporting requirement for incidents of unauthorized access, use, or disclosure of patient's medical information to the CA Department of Public Health (CDPH), and the affected patient or legal representative. Failure to do so can result in a fine of $100 per day, not to exceed $250,000 per reported event for the institution.
  • Requires submission of a plan of correction for any notice of deficiency constituting an immediate jeopardy to the health or safety of a patient. Failure to do so may result in penalties of up to $100,000.

The full text of SB 541 (2008) is available on the California Legislative Information website

Clinics, health facilities, home health agencies, and hospices: administrative penalties and patient information - AB 211 (2008)

Passed in 2008, AB 211:

  • Requires health providers to prevent unlawful access, use or disclosure of patients' medical information and hold health care providers and other individuals accountable for ensuring the privacy of patients.
  • Created of the Office of Health Information Integrity to enforce the California Medical Information Act (CMIA) and to levy penalties for unauthorized access/use/disclosure of patient medical information by individuals.
  • Authorized fines and penalties against any individual or provider of health care that negligently discloses or knowingly and willfully obtains, discloses, or uses medical information in violation of state/federal laws.

The full text of AB 211 (2008) is available on the California Legislative Information website