HIPAA & Patient Privacy
Health Insurance Portability and Accountability Act (HIPAA) & Patient Privacy
Passed in 1996, HIPAA provides guidelines that protect the confidentiality and security of an individual's healthcare information, as well as helping people keep their health insurance and helping the healthcare industry control costs.
Links to Resources
- The Health Insurance Portability and Accountability Act of 1996
The full text of the bill enacted by the 104th Congress. - Full text of HIPAA regulations
This page on website of the Department of Health and Human Services contains the full regulation text of the Standards for Privacy of Individually Identifiable Health Information. - HIPAA at the University of California
This page on the UC Office of the President's Ethics, Compliance and Audit Services website details the how the law applies at the University of California. - Am I a Covered Entity?
The Centers for Medicare and Medicaid Services present this website that helps determine whether an entity is a covered entity under the Administrative Simplification provisions of HIPAA. - Office for Civil Rights Enforcement of HIPAA
Information on the privacy of health records from the U.S. Department of Health and Human Services.
Federal Patient Privacy Laws
General Penalty for Failure to Comply with Requirements and Standards - 42 USC 1320d-5
Sets requirements and penalties for health plans for failure to comply with 42 USC 1320d .
Wrongful Disclosure of Individually Identifiable Health Information - 42 USC 1320d-6
Defines the terms of "individually identifiable health information."
California State Patient Privacy Laws
Clinics, health facilities, home health agencies, and hospices: administrative penalties and patient information - SB 541 (2008)
Passed in 2008, SB 541:
- Sets health facility fines for privacy breaches and increases the fines for serious medical errors in hospitals. Fines for disclosing private medical information range up to $250,000 per reported event.
- Created a new five day reporting requirement for incidents of unauthorized access, use, or disclosure of patient's medical information to the CA Department of Public Health (CDPH), and the affected patient or legal representative. Failure to do so can result in a fine of $100 per day, not to exceed $250,000 per reported event for the institution.
- Requires submission of a plan of correction for any notice of deficiency constituting an immediate jeopardy to the health or safety of a patient. Failure to do so may result in penalties of up to $100,000.
The full text of SB 541 (2008) is available on the California Legislative Information website
Clinics, health facilities, home health agencies, and hospices: administrative penalties and patient information - AB 211 (2008)
Passed in 2008, AB 211:
- Requires health providers to prevent unlawful access, use or disclosure of patients' medical information and hold health care providers and other individuals accountable for ensuring the privacy of patients.
- Created of the Office of Health Information Integrity to enforce the California Medical Information Act (CMIA) and to levy penalties for unauthorized access/use/disclosure of patient medical information by individuals.
- Authorized fines and penalties against any individual or provider of health care that negligently discloses or knowingly and willfully obtains, discloses, or uses medical information in violation of state/federal laws.
The full text of AB 211 (2008) is available on the California Legislative Information website