Rights and Requirements: A Guide to Privacy and Security of Health Information in California

By Center for Democracy & Technology

The federal government and the State of California both have laws and regulations protecting the privacy and security of personal health information. This report describes the health privacy landscape in California, including the federal Health Insurance Portability and Accountability Act (HIPAA) and California’s own Confidentiality of Medical Information Act (CMIA). It also examines the impact of the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Patient Protection and Affordable Care Act (ACA).

The report explains how these laws work in tandem under the legal doctrine of federal preemption. Specific topics include:

  • Sources of legal protection for health information privacy
  • Who, and what types of health information, are covered by which privacy laws
  • Patient rights to access and amend health information
  • Audit trails for health information disclosures
  • How entities are permitted to use and disclose health information
  • Patient notification in the event of a breach
  • Enforcement of health information privacy laws
  • Protections for information collected by health insurers and health insurance exchanges

The report also identifies gaps in privacy protection that remain unaddressed.

The complete report is available under Document Downloads.