130200-130205

HEALTH AND SAFETY CODE
SECTION 130200-130205




130200.  There is hereby established within the California Health
and Human Services Agency the Office of Health Information Integrity
to ensure the enforcement of state law mandating the confidentiality
of medical information and to impose administrative fines for the
unauthorized use of medical information. The Office of Health
Information Integrity shall be administered by a director who shall
be appointed by the Secretary of California Health and Human
Services.


130201.  For purposes of this division, the following definitions
apply:
   (a) "Director" means the Director of the Office of Health
Information Integrity.
   (b) "Medical information" means the term as defined in subdivision
(g) of Section 56.05 of the Civil Code.
   (c) "Office" means the Office of Health Information Integrity.
   (d) "Provider of health care" means the term as defined in
subdivision (j) of Section 56.05 and Section 56.06 of the Civil Code.
   (e) "Unauthorized access" means the inappropriate review or
viewing of patient medical information without a direct need for
diagnosis, treatment, or other lawful use as permitted by the
Confidentiality of Medical Information Act (Part 2.6 (commencing with
Section 56) of Division 1 of the Civil Code) or by other statutes or
regulations governing the lawful access, use, or disclosure of
medical information.


130202.  (a) (1) Upon receipt of a referral from the State
Department of Public Health, the office may assess an administrative
fine against any person or any provider of health care, whether
licensed or unlicensed, for any violation of this division in an
amount as provided in Section 56.36 of the Civil Code. Proceedings
against any person or entity for a violation of this section shall be
held in accordance with administrative adjudication provisions of
Chapter 4.5 (commencing with Section 11400) and Chapter 5 (commencing
with Section 11500) of Part 1 of Division 3 of Title 2 of the
Government Code.
   (2) Paragraph (1) shall not apply to a clinic, health facility,
agency, or hospice licensed pursuant to Section 1204, 1250, 1725, or
1745 if Senate Bill 541 of the 2007-08 Regular Session is enacted and
becomes effective on or before January 1, 2009.
   (3) Nothing in paragraph (1) shall be construed as authorizing the
office to assess the administrative penalties described in Section
1280.15 of the Health and Safety Code.
   (b) The office shall adopt, amend, or repeal, in accordance with
the provisions of Chapter 3.5 (commencing with Section 11340) of Part
1 of Division 3 of Title 2 of the Government Code, such rules and
regulations as may be reasonable and proper to carry out the purposes
and intent of this division, and to enable the authority to exercise
the powers and perform the duties conferred upon it by this division
not inconsistent with any other provision of law.
   (c) Paragraph (3) of subdivision (a) shall only become operative
if Senate Bill 541 of the 2007-08 Regular Session is enacted and
becomes effective on or before January 1, 2009.




130203.  (a) Every provider of health care shall establish and
implement appropriate administrative, technical, and physical
safeguards to protect the privacy of a patient's medical information.
Every provider of health care shall reasonably safeguard
confidential medical information from any unauthorized access or
unlawful access, use, or disclosure.
   (b) In exercising its duties pursuant to this division, the office
shall consider the provider's capability, complexity, size, and
history of compliance with this section and other related state and
federal statutes and regulations, the extent to which the provider
detected violations and took steps to immediately correct and prevent
past violations from reoccurring, and factors beyond the provider's
immediate control that restricted the facility's ability to comply
with this section.



130204.  The Internal Health Information Integrity Quality
Improvement Account is hereby created in the State Treasury. All
administrative fines assessed by the office pursuant to Section 56.36
of the Civil Code shall be deposited in the Internal Health
Information Integrity Quality Improvement Account. Notwithstanding
Section 16305.7 of the Government Code, all interest earned on the
moneys deposited in the account shall be retained in the account.
Upon appropriation by the Legislature, money in the account shall be
used for the purpose of supporting quality improvement activities in
the office.


130205.  Notwithstanding any other provision of law, the director
may send a recommendation for further investigation of, or discipline
for, a potential violation of this division to the licensee's
relevant licensing authority. The recommendation shall include all
documentary evidence collected by the director in evaluating whether
or not to make that recommendation. The recommendation and
accompanying evidence shall be deemed in the nature of an
investigative communication and be protected by Section 6254 of the
Government Code. The licensing authority of the provider of health
care shall review all evidence submitted by the director and may take
action for further investigation or discipline of the licensee.