California Issues New Regulations on Notification Obligations for Medical Information Breaches
Certain California-licensed healthcare facilities are now subject to additional breach reporting obligations pursuant to regulations (Regulations)[1] issued by the California Department of Public Health (Department) on July 1, 2021. These Regulations modify California Health and Safety Code section 1280.15 (section 1280.15) and impose requirements on healthcare facilities (as defined below) regarding what information must be submitted in a breach report, explain exceptions to the requirements, and further align section 1280.15 with the breach notification obligations under the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA). The Regulations also clarify potential penalties for violations of the new provisions.
Click here to read the full update.
[1] Title 22 California Code of Regulations, sections 79900 - 79905
Print and share
Explore more in
Perkins on Privacy
Perkins on Privacy keeps you informed about the latest developments in privacy and data security law. Our insights are provided by Perkins Coie's Privacy & Security practice, recognized by Chambers as a leading firm in the field. Subscribe 🡢