West Coast Region - Los Angeles

  • 1.  CDPH Reporting Requirements and Out-of-State Clinics

    Posted 07-29-2011 03:54 PM
    This message has been cross posted to the following eGroups: HIPAA: Health Insurance Portability and Accountability Act Forum and West Coast Region community .
    -------------------------------------------

    I have a question about whether a privacy breach is reportable to CDPH when the patient is a California resident but receives care in a facility in another state, and the breach is caused by that out-of-state facility. 

    Is there a duty to report to the state if that out-of-state facility is associated to a California hospital, but is separately licensed in the other state?

    Would the laws of the state where the clinic is licensed trump the CA breach notifications laws?  Would the absence of any such laws in the other state still surplant the CA notification laws.

    Any response from an entity that practices in CA and another state would be appreciated.

    -------------------------------------------
    John Hodge CHC, CHPC
    Compliance/Privacy Officer
    -------------------------------------------
    Default Blank


  • 2.  RE:CDPH Reporting Requirements and Out-of-State Clinics

    Posted 07-31-2011 10:57 AM

    The California law (that CDPH enforces) applies to facilities that are licensed in the state of California.  So the out of state facility would not be required to report.

    CA also has a Security Breach Informaiton (SB1386, Civil Code 1798) which applies to certain consumer information stored in electronic form may appl, as it applies to CA residents.

    -------------------------------------------
    SusanDahl
    Corp Compliance Officer
    CA Rual Indian Hlth Board
    SacramentoCA
    -------------------------------------------






    Original Message
    Default Blank