Privacy Issues in the Workplace

Every provider of health care must establish and implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient's medical information. Every provider of health care must also reasonably safeguard confidential medical information from any unauthorized access or unlawful access, use, or disclosure. “Unauthorized access” is defined as the inappropriate review or viewing of patient medical information without a direct need for diagnosis, treatment, or other lawful use as permitted by the CMIA or by other statutes or regulations governing the lawful access, use, or disclosure of medical information. CalOHII shall also adopt, amend, or repeal such rules and regulations as may be reasonable and proper to carry out the purposes and intent of this division, and to enable the authority to exercise the powers and perform the duties conferred upon it by this division not inconsistent with any other provision of law. SB 541, a companion bill, applies the AB 211 standards to licensed health facilities. The bill adds Section 1280.15 to the Health and Safety Code, which directs that “[a licensed] clinic, health facility, home health agency, or hospice...shall prevent unlawful or unauthorized access to, and use or disclosure of, patients' medical information...consistent with Section 130203.” 13. A DOPTING A P RACTICAL A PPROACH Complying with the various state and federal laws is not as difficult as it might first appear. It should be apparent after reviewing this workbook that state and federal laws on this topic are very similar and, in many instances, identical. Thus, compliance with state laws will very often equate to compliance with federal laws. To the extent that there are differences between state and federal law, California law tends to impose greater restrictions on the acquisition, use and disclosure of medical information by employers. Thus, as a general rule, if an employer follows California law governing the acquisition, use and disclosure of medical information, the employer will meet or even exceed federal requirements. Pursuant to Section 1280.18(c), the department may conduct joint investigations of individuals and health facilities for violations of Section 1280.18 and Section 1280.15, respectively.

Privacy Issues in the Workplace ©2019 (s) Liebert Cassidy Whitmore 50