Privacy and Confidentiality in California
All providers in California, including hospitals, nursing facilities,1 community centers,2 and ambulatory surgical centers3 are required to maintain the confidentiality of their patient medical records. The law also requires that all medical records of individuals receiving Medicare or Medicaid remain confidential and not be released without the written consent of the recipient, unless the information is de-identified and used for statistical or summary data purposes.4 Insurers are also prohibited from disclosing a patient’s medical information to a third party, such as an employer5, without the consumer’s prior written consent.6 The state has also established the Office of Health Information Integrity to ensure that laws requiring confidentiality of medical information are enforced7 by requiring providers to have safeguards in place to protect the privacy of patient information.8
California law prohibits the disclosure of reports or records that contain a patient’s medical information by any person or entity without first obtaining a valid authorization for release of the information except in limited circumstances.9 However, a provider, health service plan, contractor or pharmaceutical company cannot require that a patient sign an authorization or consent form as a condition of receiving medical services or being given medications.10,11 The law also gives patients the right to cancel or revoke their authorization at any time.12 Authorizations are not required for the release of medical information when compelled by a court order, by a search warrant, or if otherwise required by law.13 Medical providers may also disclose information to other providers, health facilities, health care service plans for treatment and payment purposes as well as to state agencies as part of the provider’s required reporting and research without a patient’s authorization.14 The law specifically prohibits an individual or entity that receives medical information based on a patient authorization from further disclosing the medical information without a new authorization.15 In addition, California disclosure laws allow disclosure of medical information to a patient’s family member if that person is directly involved in the patient’s care or payment.
Any violation of patient confidentiality of his or her medical information that results in economic loss or personal injury to the patient is punishable as a misdemeanor. An entity or individual that either discloses confidential medical information or obtains or uses such information without the consent of the patient will also be subject to penalties and fines for each violation of a patient’s privacy.16 Similarly, licensed hospitals, community health clinics, nursing homes, or other health facilities must prevent unauthorized disclosure of confidential patient information, or be fined per violation.17
California’s mandatory reporting laws protect the confidentiality of medical information. For example, local health authorities may disclose any information needed to stop the spread of a disease.18 State disease registries as well as the California Department of Health may disclose the confidential information to other states’ registries, local or federal bodies or researches that may have measures to help treat the disease.19
Footnotes
- 1. 22 CA ADC §72543
- 2. 22 CA ADC §80070
- 3. Health & Safety Code §128737
- 4. 22 CA ADC §51009
- 5. Health & Safety Code §1374.8
- 6. 10 CA ADC §2689.11
- 7. Health & Safety Code §130200
- 8. Health & Safety Code §130203
- 9. CA Civil Code §56.11
- 10. CA Civil Code §56.37
- 11. CA Civil Code §56.102
- 12. CA Civil Code §56.15
- 13. CA Civil Code §56.10(a-b)
- 14. CA Civil Code §56.10(c-e)
- 15. CA Civil Code §56.13
- 16. CA Civil Code §56.36
- 17. Health & Safety Code §1280.15
- 18. 17 CA ADC §2502
- 19. Health & Safety Code §103885
.png)