California provides safeguards to protect the security of patients’ medical information.  The law requires licensed hospitals, nursing homes, and other health care facilities to protect against the unauthorized access or disclosure of patient medical information or be subject to a fine.1  Providers that use electronic records system to maintain patient records must use an offsite backup storage system, and have security policies in place to protect against the unauthorized disclosure of patient medical information.2  California also requires all licensed insurance companies to implement a comprehensive, written information security program that has safeguards to protect consumer information.3  This information security program must ensure the security and confidentiality of a patient’s information.  The program must also protect against unauthorized use or access to the information that could result in harm to the patient.4

Notably, California has established the Office of Health Information Integrity to evaluate health providers’ efforts to prevent against unauthorized access or disclosure of patient records.  In making its evaluation, the Office will take into account factors such as the provider’s size, complexity and history of compliance.5  In order to further maintain the security of health information, the state of California has made it a crime to alter the medical record of an individual with the intent to commit fraud.6