California Bills Protects Patient Privacy
Governor Arnold Schwarzenegger announced today that he has signed a package of bills to improve patient privacy laws and to address repeated breaches of confidential information that have occurred at health facilities in recent months.
"Medical privacy is a fundamental right and a critical component of quality medical care," Governor Schwarzenegger said. "Repeated violations of patient confidentiality are potentially harmful to Californians, which is why financial penalties are needed to ensure employees and facilities do not breach confidential medical information. Californians seeking care at a hospital or health facility should never have to worry that their private medical information will be shared."
Patients' legal right to confidential medical services in health facilities is strongly recognized and clearly defined in both state and federal law. However, under current law it is difficult to impose and enforce penalties when breaches occur unless a district attorney or the state Attorney General takes action.
The bills signed by Governor Schwarzenegger give the state tools to assess and enforce fines against health facilities and individuals who inappropriately obtain, use or disclose medical information.
SB 541 by Senator Elaine Alquist (D-Santa Clara) sets health facility fines for privacy breaches and increases the fines for serious medical errors in hospitals. The new law ensures that health care providers face real consequences when they fail to protect patients. For facilities, fines for disclosing private medical information would range from $25,000 to $250,000 per reported event. The California Department of Public Health (CDPH) would assess an administrative penalty of $25,000 per patient whose medical information was breached and a penalty of $17,500 per subsequent breach. If several individuals access the same patient's file, for example, the penalty would be $25,000 plus $17,500 for each additional person who violated the same file, up to a maximum of $250,000.
AB 211 by Assemblymember Dave Jones (D-Sacramento) requires health providers to prevent unlawful access, use or disclosure of patients' medical information and hold health care providers and other individuals accountable for ensuring the privacy of patients. The legislation creates the Office of Health Information Integrity within the California Health and Human Services Agency to assess administrative penalties against individuals up to $250,000. The legislation will also refer individuals, if licensed, to appropriate licensing boards.
In 2006, Governor Schwarzenegger signed Executive Order S-12-06 which convened a California eHealth Action Forum. Among its stated duties, the Forum is identifying and developing strategies for the continued protection of confidentiality and privacy of health information in an electronic environment.
In 2004, Governor Schwarzenegger signed SB 1633 which prohibits businesses from seeking to obtain medical information for marketing purposes without the express consent of the consumer.