California Senate Bill SB368 Amended / Bill

 BILL NUMBER: SB 368AMENDED BILL TEXT AMENDED IN SENATE APRIL 1, 2009 INTRODUCED BY Senator Maldonado FEBRUARY 25, 2009 An act to amend  Section 56.36 of the Civil Code, and to amend Sections 1280.15 and 130202   Section 130203  of the Health and Safety Code, relating to confidential medical information. LEGISLATIVE COUNSEL'S DIGEST SB 368, as amended, Maldonado. Confidential medical information: unlawful disclosure.  (1) Existing   Existing  law, the Confidentiality of Medical Information Act, generally prohibits the unlawful disclosure of confidential patient information, sets forth criminal and civil penalties for prescribed violations, and authorizes prescribed persons to bring enforcement actions.  This bill would authorize a person who brings an action against a licensed health care provider pursuant to those provisions to send a recommendation for further investigation of, or discipline for, a potential violation of those provisions to the licensee's relevant licensing authority.   (2) Existing law establishes provisions for the licensing and certification of clinics, health facilities, home health agencies, and hospices under the jurisdiction of the State Department of Public Health, prohibits the unlawful release of medical records by those entities, and authorizes the department to assess administrative penalties for violations.   This bill would, if the director finds that the violation was due to unlawful conduct of a licensed health care professional, authorize the director to send a recommendation for further investigation of, or discipline for, a potential violation to the licensed health care professional's relevant licensing authority   (3) Existing   Existing law requires a provider of health care, as defined, to establish and implement specified safeguards to protect the privacy of a patient's medical information. Existing  law requires  every  a  provider of health care to reasonably safeguard confidential medical information from unauthorized or unlawful access, use, or disclosure.  Existing   Existing  law establishes within the California Health and Human Services Agency the Office of Health Information Integrity to assess and impose administrative fines for a violation of these provisions.  Existing law authorizes the director to send a recommendation for further investigation of, or discipline for, a potential violation to the licensee's relevant licensing authority.   The law does not permit the office to assess prescribed administrative penalties that are authorized to be assessed against licensed health care providers by the State Department of Public Health.   This bill would authorize the office to assess those administrative penalties for unlawful disclosure of confidential medical records if the Director of Public Health has delegated that authority to the office.   This bill would authorize the office to audit the procedures and records of a provider of health care at any time to determine the provider's compliance with the Confidentiality of Medical Information Act.  Vote: majority. Appropriation: no. Fiscal committee: yes. State-mandated local program: no. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:  SECTION 1.   Section 130203 of the   Health and Safety Code   is amended to read:  130203. (a) Every provider of health care shall establish and implement appropriate administrative, technical, and physical safeguards to protect the privacy of a patient's medical information. Every provider of health care shall reasonably safeguard confidential medical information from any unauthorized access or unlawful access, use, or disclosure.  (b) The office may audit the procedures and records of a provider of health care at any time in order to determine the provider's compliance with the requirements of subdivision (a).   (b)   (c)  In exercising its duties pursuant to this division, the office shall consider the provider's capability, complexity, size, and history of compliance with this section and other related state and federal statutes and regulations, the extent to which the provider detected violations and took steps to immediately correct and prevent past violations from reoccurring, and factors beyond the provider's immediate control that restricted the facility's ability to comply with this section. All matter omitted in this version of the bill appears in the bill as introduced in Senate, February 25, 2009 (JR11)