130200-130205
HEALTH AND SAFETY CODE
SECTION 130200-130205
130200. There is hereby established within the California Health and Human Services Agency the Office of Health Information Integrity to ensure the enforcement of state law mandating the confidentiality of medical information and to impose administrative fines for the unauthorized use of medical information. The Office of Health Information Integrity shall be administered by a director who shall be appointed by the Secretary of California Health and Human Services. 130201. For purposes of this division, the following definitions apply: (a) "Director" means the Director of the Office of Health Information Integrity. (b) "Medical information" means the term as defined in subdivision (g) of Section 56.05 of the Civil Code. (c) "Office" means the Office of Health Information Integrity. (d) "Provider of health care" means the term as defined in subdivision (j) of Section 56.05 and Section 56.06 of the Civil Code. (e) "Unauthorized access" means the inappropriate review or viewing of patient medical information without a direct need for diagnosis, treatment, or other lawful use as permitted by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code) or by other statutes or regulations governing the lawful access, use, or disclosure of medical information. 130202. (a) (1) Upon receipt of a referral from the State Department of Public Health, the office may assess an administrative fine against any person or any provider of health care, whether licensed or unlicensed, for any violation of this division in an amount as provided in Section 56.36 of the Civil Code. Proceedings against any person or entity for a violation of this section shall be held in accordance with administrative adjudication provisions of Chapter 4.5 (commencing with Section 11400) and Chapter 5 (commencing with Section 11500) of Part 1 of Division 3 of Title 2 of the Government Code. (2) Paragraph (1) shall not apply to a clinic, health facility, agency, or hospice licensed pursuant to Section 1204, 1250, 1725, or 1745 if Senate Bill 541 of the 2007-08 Regular Session is enacted and becomes effective on or before January 1, 2009. (3) Nothing in paragraph (1) shall be construed as authorizing the office to assess the administrative penalties described in Section 1280.15 of the Health and Safety Code. (b) The office shall adopt, amend, or repeal, in accordance with the provisions of Chapter 3.5 (commencing with Section 11340) of Part 1 of Division 3 of Title 2 of the Government Code, such rules and regulations as may be reasonable and proper to carry out the purposes and intent of this division, and to enable the authority to exercise the powers and perform the duties conferred upon it by this division not inconsistent with any other provision of law. (c) Paragraph (3) of subdivision (a) shall only become operative if Senate Bill 541 of the 2007-08 Regular Session is enacted and becomes effective on or before January 1, 2009. 130203. (a) Every provider of health care shall establish and implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient's medical information. Every provider of health care shall reasonably safeguard confidential medical information from any unauthorized access or unlawful access, use, or disclosure. (b) In exercising its duties pursuant to this division, the office shall consider the provider's capability, complexity, size, and history of compliance with this section and other related state and federal statutes and regulations, the extent to which the provider detected violations and took steps to immediately correct and prevent past violations from reoccurring, and factors beyond the provider's immediate control that restricted the facility's ability to comply with this section. 130204. The Internal Health Information Integrity Quality Improvement Account is hereby created in the State Treasury. All administrative fines assessed by the office pursuant to Section 56.36 of the Civil Code shall be deposited in the Internal Health Information Integrity Quality Improvement Account. Notwithstanding Section 16305.7 of the Government Code, all interest earned on the moneys deposited in the account shall be retained in the account. Upon appropriation by the Legislature, money in the account shall be used for the purpose of supporting quality improvement activities in the office. 130205. Notwithstanding any other provision of law, the director may send a recommendation for further investigation of, or discipline for, a potential violation of this division to the licensee's relevant licensing authority. The recommendation shall include all documentary evidence collected by the director in evaluating whether or not to make that recommendation. The recommendation and accompanying evidence shall be deemed in the nature of an investigative communication and be protected by Section 6254 of the Government Code. The licensing authority of the provider of health care shall review all evidence submitted by the director and may take action for further investigation or discipline of the licensee.