(a) Every provider of health care shall establish and implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient’s medical information. Every provider of health care shall reasonably safeguard confidential medical information from any unauthorized access or unlawful access, use, or disclosure.
(b) In exercising its duties pursuant to Section 1280.17, the department shall consider the provider’s capability, complexity, size, and history of compliance with this section and other related state and federal statutes and regulations, the extent to which the provider detected violations and took steps to immediately correct and prevent past violations from reoccurring, and factors beyond the provider’s immediate control that restricted the facility’s ability to comply with this section.
(c) The department may conduct joint investigations of individuals and health facilities for violations of this section and Section 1280.15, respectively.
(Added by renumbering Section 130203 by Stats. 2014, Ch. 31, Sec. 26. (SB 857) Effective June 20, 2014.)
Last modified: October 25, 2018