Privacy Issues in the Community College Workplace

The standards also apply to licensed health facilities. Section 1280.15 to the Health and Safety Code directs that "[a licensed] clinic, health facility, home health agency, or hospice...shall prevent unlawful or unauthorized access to, and use or disclosure of, patients' medical information...consistent with Section 130203." Also, on August 19, 2009, pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, the U.S. Department of Health and Human Services (DHHS) issued “breach” notification regulations. 130 The regulations require health care providers and other covered entities under the Health Insurance Portability and Accountability Act (HIPAA) (see Section 3.J.3., infra .) to notify affected individuals following a breach of unsecured protected health information. If a breach occurs, covered entities must promptly notify affected individuals, the Secretary of DHSS, and in some cases, the media, of the breach. Minor breaches may be reported to the Secretary annually. The regulations also require business associates of covered entities to notify the covered entity of breaches at or by the business associate. 13. A DOPTING A P RACTICAL A PPROACH Complying with the various state and federal laws is not as difficult as it might first appear. It should be apparent after reviewing this workbook that state and federal laws on this topic are very similar and, in many instances, identical. Thus, compliance with state laws will very often equate to compliance with federal laws. To the extent that there are differences between state and federal law, California law tends to impose greater restrictions on the acquisition, use and disclosure of medical information by employers. Thus, as a general rule, if an employer follows California law governing the acquisition, use and disclosure of medical information, the employer will meet or even exceed federal requirements. Pursuant to Section 1280.18(c), the department may conduct joint investigations of individuals and health facilities for violations of Section 1280.18 and Section 1280.15, respectively.

Privacy Issues in the Community College Workplace ©2021 (c) Liebert Cassidy Whitmore 47