California Issues New Regulations on Notification Obligations for Medical Information Breaches

Certain California-licensed healthcare facilities are now subject to additional breach reporting obligations pursuant to regulations (Regulations)[1] issued by the California Department of Public Health (Department) on July 1, 2021. These Regulations modify California Health and Safety Code section 1280.15 (section 1280.15) and impose requirements on healthcare facilities (as defined below) regarding what information must be submitted in a breach report, explain exceptions to the requirements, and further align section 1280.15 with the breach notification obligations under the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA). The Regulations also clarify potential penalties for violations of the new provisions.

Click here to read the full update.

[1] Title 22 California Code of Regulations, sections 79900 - 79905