Privacy Issues in the Community College Workplace

1. T HE C ONFIDENTIALITY OF M EDICAL I NFORMATION A CT (CMIA) The Confidentiality of Medical Information Act (CMIA), California Civil Code sections 56- 56.37, generally prohibits the acquisition, use and disclosure of medical information without prior written authorization from the person whom the information concerns. The CMIA also requires that medical records be kept confidential. With limited exceptions, the CMIA prohibits an employer from using or disclosing (or knowingly permitting its employees or agents to use or disclose) medical information relating to an employee unless the employee first signs a valid authorization. For purposes of the CMIA, medical information is defined as,

“any individually identifiable information, in electronic or physical form, in possession of or derived from a provider of health care, health care service plan, pharmaceutical company, or contractor regarding a patient’s medical history, mental or physical condition, or treatment. ‘Individually identifiable’ means that the medical information includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as the person’s name, address, electronic mail address, telephone number or social security number, or any information that, alone or in combination with other publicly available information, reveals he individual’s identity.” 125

2. H EALTH I NSURANCE P ORTABILITY AND A CCOUNTABILITY A CT (HIPAA) The Department of Human and Health Services (DHHS) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), PL 104-191, 110 Stat 1936, enacted regulations protecting medical information. The federal regulations, entitled Standards for Privacy of Individuality Identifiable Health Information (Privacy Rule), protect individually identifiable health information of patients and, in some cases, employees. In particular, the Privacy Rule imposes standards regarding the rights of individuals who are the subjects of individually identifiable health information. The Privacy Rule also contains standards regarding the authorized and required uses and disclosures of this information by covered entities, and imposes several administrative burdens and onerous penalties for non-compliance.

Privacy Issues in the Community College Workplace ©2021 (c) Liebert Cassidy Whitmore 42