Dedicated to providing the latest
HIPAA compliance news

New California Health Data Privacy Law Plugs Holes in HIPAA

Share this article on:

The Confidential Health Information Act came into force in California on January 1st, 2015 and provides greater privacy protection for individuals who are covered by a health plan but are not the actual policy holder.

Many individuals are covered by health insurance on a policy belonging to a parent or spouse; however when communications are sent out by the health plan operator, correspondence is usually addressed to the policy holder rather than the individual concerned. This could potentially result in the disclosure of Protected Health Information to the holder of the health plan policy.

The new legislation amends the State’s Confidentiality of Medical Information Act and has been introduced to give individuals the right to determine to whom information is disclosed and to ensure that even non policy holders are given the right to keep their medical information private.

The Health Insurance Portability and Accountability Act does cover these individuals and allows them to make a confidential information request to the provider of their health plan, although insurance companies are not bound to abide by the requests unless they clearly state that exposure of the information would “endanger the individual”.

However HIPAA does not provide a definition of “endanger” and this has been addressed by the amendment to the California Confidentiality of Medical Information Act, which now defines endanger as “fears that disclosure of his or her medical information could subject the individual to harassment or abuse.”

The amendments made by the new law mean an individual will no longer be required to show or explain why they believe sensitive information will result in endangerment in order for confidential communication requests to be honored.

Under the Affordable Care Act, individuals under the age of 26 can be included and given dependent coverage on their parent’s health plan if they are living at home. It was believed that federal legislation could result in some individuals failing to take advantage of some Affordable Care Act benefits due to the lack of confidentiality under certain circumstances and the holes in HIPPA have now been plugged.

Specifically, the new legislation requires the provider of health plans to:

  • Honor confidential communications requests for communications relating to sensitive services, including STD tests, birth control or mental health care or for any disclosures that could endanger the covered individual; provided the covered individual is not the policy holder and makes the request in writing
  • Accommodate requests for confidential communications in the form and format requested by the covered individual, to the extent that it is feasible
  • Maintain a record of a confidential communication request until the covered individual submits a new confidential communication request or revokes the original request in writing.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On