||AB 211 and SB 541 MAKE HEALTHCARE PROVIDERS STEP UP COMPLIANCE IN CALIFORNIA
When California Gov. Arnold Schwarzenegger signed AB 211 and SB 541 into law last year, it required all health care providers to establish and implement administrative, technical and physical safeguards to protect patient data as of January 1, 2009.
These two laws have prompted health care providers to put more emphasis on data security and privacy controls. The reason is because they significantly increase penalties and fines on facilities failing to prevent unauthorized access, they impose fines if mandatory reporting requirements are not followed, and they allow individuals to sue.
The bills were prompted into law when reports of UCLA Medical Center employees were discovered prying into the medical records of celebrities, one being Maria Shriver, Schwarzenegger’s wife. We all know that when identity theft or exposed personal information hit the political sector, new laws start mounting. So in addition to “unlawful” access previously regulated, the new law takes steps to prevent “unauthorized” access to patient health data as well.
Just this week, California’s “Octomom” who gave birth to octuplets, had her medical records breached by employees at Kaiser Permanente Medical Center who had no medical reason to view them. Fifteen employees have been fired so far and others were given disciplinary action.
California Senate Bill 541 alters the Health and Safety Code creating a stricter standard than any currently in effect under state law or HIPAA because facilities are required to “prevent” unauthorized access. This means that medical facilities have an increased obligation under this law to know what information employees are accessing, which goes beyond merely taking basic precautions to try and stop inappropriate access.
This law requires health facilities, clinics, hospices, and home health agencies to prevent unlawful or unauthorized access to, use or disclosure of, or disclosure of, a patient’s medical information. Administrative penalties for privacy breaches can