Rights and Requirements: A Guide to Privacy and Security of Health Information in California
October 2, 2013
Center for Democracy & Technology
The federal government and the State of California both have laws and regulations protecting the privacy and security of personal health information. This report describes the health privacy landscape in California, including the federal Health Insurance Portability and Accountability Act (HIPAA) and California’s own Confidentiality of Medical Information Act (CMIA). It also examines the impact of the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Patient Protection and Affordable Care Act (ACA).
The report explains how these laws work in tandem under the legal doctrine of federal preemption. Specific topics include:
Sources of legal protection for health information privacy
Who, and what types of health information, are covered by which privacy laws
Patient rights to access and amend health information
Audit trails for health information disclosures
How entities are permitted to use and disclose health information
Patient notification in the event of a breach
Enforcement of health information privacy laws
Protections for information collected by health insurers and health insurance exchanges
The report also identifies gaps in privacy protection that remain unaddressed.
The complete report is available under Document Downloads.