By Gil Vidals, , HIPAA Blog, Resources
The state of California is no different than other states when it comes to existing loopholes in federal laws and regulations. These loopholes continue to allow for breaches of patient health information (PHI).

Common ways that patient information has been leaked are from the Explanation of Benefits letters and communications from Health Insurance plans. Each state is still liable for implementing the necessary procedures to ensure your information is secure.

Governor Brown signed California’s  Confidential Health Information Act, which amends California’s Confidentiality of Medical Information Act (CMIA), last October and went live January 1st, 2015.

Simply put, HIPAA does not cover employers or employment records, although they may contain health-related information. With California’s Confidentiality of Medical Information Act (CMIA), employers must protect the security and privacy of all employee information including drug screenings, doctor notes, FMLA / ADA / OSHA records, and more.

All individuals that fall under an insurance plan will now have more privacy of their medical records under this new act. Take the scenario of a teenager who is under the insurance policy of their parent. The teenager would be able to keep a medical procedure private from their parents.

What this act is really doing is giving individuals the right to make their own decisions about their medical history. Maybe this doesn’t sound like a good thing, but let’s look at this in a different way: Disclosure of such information for some individuals could put them in danger if their partner or policyholder found out. With this new act, an individual would be allowed to opt into additional privacy protection.

However, a request for these new privacy policies must be placed before the insurer will accommodate someone. To be clear, this is an option, it is not what will happen unless the individual requests for specific privacy in writing.

Other sensitive services that individuals may want to keep private from a partner or plan holder could be things like drug treatment, STD tests, birth control, and mental health care – any services that, if disclosed, could put the individual in danger.

Currently, HIPAA does not define “endanger.” So, if an individual has not clearly stated that disclosing certain information “may endanger the individual”, the insurer does not need to honor their request. The new act will require insurers to honor confidential requests by individuals without showing endangerment. This legislation is helping to close some of the gaps in the existing HIPAA privacy regulations.

In conclusion, the benefits of the new act Governor Brown signed into legislation for 2015 will provide all individuals an option for more security. Another added benefit of the act would be that more individuals would not need to fear using their insurance, thus leading to fewer individuals resorting to using state-funded programs. This new act could potentially lead to more states trying to pass legislation similar to what California and Governor Brown have achieved with the California Confidential Health Information Act.

Avatar photo

Gil Vidals is the president and CTO of HIPAA Vault. He is a passionate, subject matter expert on HIPAA compliance and the healthcare cloud, and co-host of the HIPAA Vault podcast. Since 1997, Gil’s mission has been to provide uncompromising and affordable HIPAA compliant hosting solutions to commercial and government clients, helping protect their sensitive health information from data breaches and security vulnerabilities. HIPAA Vault has been recognized as an Inc. 5000 company and a Clutch Top B2B company. He can be reached here on Linkedin.