Privacy Issues in the Community College Workplace



in response to a court order;



in compliance with FMLA;

 to a health agency pursuant to contagious disease outbreak.

Relationship to HIPAA: This chapter does not prohibit a covered entity under HIPAA from any use or disclosure of health information that is authorized for the covered entity under such regulations. However, it is important to note that the March 26, 2013, modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules address the use of genetic information and prohibit health plans from using or disclosing genetic information for underwriting purposes, including plans to which GINA expressly does not apply. An exception to this prohibition exists for issuers of long-term care polices. 129 12. C ALIFORNIA P ATIENT P RIVACY P ROTECTIONS Due to an increase of employee snooping into celebrity medical files at UCLA, California laws are consistently evolving in an attempt to protect patient privacy. New laws require health care providers to safeguard patient data and to report unauthorized access within five days to the state and the individual. The state can levy penalties up to $25,000 per patient for privacy breaches. Section 1280.18 to the Health and Safety Code establishes the California Office of Health Information Integrity (CalOHII) to: (1) ensure the enforcement of state law mandating the confidentiality of medical information and; (2) impose administrative fines for the unauthorized access, use or disclosure of medical information. Every provider of health care must establish and implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient's medical information. Every provider of health care must also reasonably safeguard confidential medical information from any unauthorized access or unlawful access, use, or disclosure. “Unauthorized access” is defined as the inappropriate review or viewing of patient medical information without a direct need for diagnosis, treatment, or other lawful use as permitted by the CMIA or by other statutes or regulations governing the lawful access, use, or disclosure of medical information. CalOHII shall also adopt, amend, or repeal such rules and regulations as may be reasonable and proper to carry out the purposes and intent of this division, and to enable the authority to exercise the powers and perform the duties conferred upon it by this division not inconsistent with any other provision of law.

Privacy Issues in the Community College Workplace ©2021 (c) Liebert Cassidy Whitmore 46