BILL ANALYSIS                                                                                                                                                                                                    



                                                                  SB 270
                                                                  Page  1

          Date of Hearing:   August 4, 2010 

                        ASSEMBLY COMMITTEE ON APPROPRIATIONS
                                Felipe Fuentes, Chair

                   SB 270 (Alquist) - As Amended:  August 2, 2010 

          Policy Committee:                             Health Vote:19-0

          Urgency:     Yes                  State Mandated Local Program:   
          Yes    Reimbursable:              No

           SUMMARY  

          This bill addresses several provisions of state law related to  
          medical privacy. Specifically, this bill: 

          1)Clarifies that specified internal documents and communication  
            within a health facility or system are not subject to being  
            characterized as unauthorized access to or use of a patient's  
            medical information. 

          2)Clarifies delays in reporting medical data breeches are  
            authorized if such reporting would delay a law enforcement  
            investigation. Under current law, the statute authorizes a  
            delay in reporting related to law enforcement "activities".  
            This term is eliminated by this bill and replaced with  
            "investigation". 

          3)Clarifies that efforts related to pursuit and receipt of  
            federal stimulus act funding will follow state and federal  
            medical privacy laws.

          4)Extends the sunset of the California Office of Health  
            Information Integrity (CALOHII) for January 2010 until January  
            1, 2013.

          5)Contains an urgency clause. 

           FISCAL EFFECT  

          Annualized costs of $4 million (65% GF) to extend the sunset of  
          CalOHII until January 1, 2013.

           COMMENTS  








                                                                  SB 270
                                                                  Page  2


           1)Rationale  . This bill is sponsored by the California Health and  
            Human Services Agency to clarify several provisions of state  
            law with respect to breaches of medical data and to extend the  
            sunset of CalOHII. 

           2)CalOHII  was created by SB 456 (Speier), Chapter 635, Statutes  
            of 2001. SB 456 codified the state implementation of the  
            federal Health Insurance Portability and Accountability Act  
            (HIPAA). CalOHII was established to provide leadership on  
            HIPAA throughout state departments and programs such as the  
            California Public Employees' Retirement System (CalPERS) and  
            the California Department of Health Care Services (DCHS). 

          CalOHII is now working to develop new privacy and security  
            standards to enable the adoption and application of health  
            information exchange (HIE) in California. HIE denotes the  
            movement of electronic health care data across organizations  
            within a region, community, or hospital system. In addition,  
            CalOHII is working to expand of broadband statewide, to  
            implement telehealth, and to provide support to the Health  
            Information Technology Financing study. 
           
          3)Privacy of Health Information  . Information about health is  
            highly sensitive and is protected by numerous provisions under  
            state and federal law. Providers are generally prohibited from  
            releasing medical information under California's Confidential  
            Medical Information Act (CMIA). The federal Health Insurance  
            Portability and Accountability Act (HIPAA) sets a national  
            standard for privacy of health information, but HIPAA only  
            applies to medical records maintained by health care  
            providers, health plans, and health clearinghouses and only if  
            the facility maintains and transmits records in electronic  
            form. The federal American Recovery and Reinvestment Act  
            (ARRA), enacted in February 2009 increases requirements for  
            health data transmitted electronically.  


           Analysis Prepared by  :    Mary Ader / APPR. / (916) 319-2081