BILL ANALYSIS �
SB 270
Page 1
Date of Hearing: August 4, 2010
ASSEMBLY COMMITTEE ON APPROPRIATIONS
Felipe Fuentes, Chair
SB 270 (Alquist) - As Amended: August 2, 2010
Policy Committee: Health Vote:19-0
Urgency: Yes State Mandated Local Program:
Yes Reimbursable: No
SUMMARY
This bill addresses several provisions of state law related to
medical privacy. Specifically, this bill:
1)Clarifies that specified internal documents and communication
within a health facility or system are not subject to being
characterized as unauthorized access to or use of a patient's
medical information.
2)Clarifies delays in reporting medical data breeches are
authorized if such reporting would delay a law enforcement
investigation. Under current law, the statute authorizes a
delay in reporting related to law enforcement "activities".
This term is eliminated by this bill and replaced with
"investigation".
3)Clarifies that efforts related to pursuit and receipt of
federal stimulus act funding will follow state and federal
medical privacy laws.
4)Extends the sunset of the California Office of Health
Information Integrity (CALOHII) for January 2010 until January
1, 2013.
5)Contains an urgency clause.
FISCAL EFFECT
Annualized costs of $4 million (65% GF) to extend the sunset of
CalOHII until January 1, 2013.
COMMENTS
�
SB 270
Page 2
1)Rationale . This bill is sponsored by the California Health and
Human Services Agency to clarify several provisions of state
law with respect to breaches of medical data and to extend the
sunset of CalOHII.
2)CalOHII was created by SB 456 (Speier), Chapter 635, Statutes
of 2001. SB 456 codified the state implementation of the
federal Health Insurance Portability and Accountability Act
(HIPAA). CalOHII was established to provide leadership on
HIPAA throughout state departments and programs such as the
California Public Employees' Retirement System (CalPERS) and
the California Department of Health Care Services (DCHS).
CalOHII is now working to develop new privacy and security
standards to enable the adoption and application of health
information exchange (HIE) in California. HIE denotes the
movement of electronic health care data across organizations
within a region, community, or hospital system. In addition,
CalOHII is working to expand of broadband statewide, to
implement telehealth, and to provide support to the Health
Information Technology Financing study.
3)Privacy of Health Information . Information about health is
highly sensitive and is protected by numerous provisions under
state and federal law. Providers are generally prohibited from
releasing medical information under California's Confidential
Medical Information Act (CMIA). The federal Health Insurance
Portability and Accountability Act (HIPAA) sets a national
standard for privacy of health information, but HIPAA only
applies to medical records maintained by health care
providers, health plans, and health clearinghouses and only if
the facility maintains and transmits records in electronic
form. The federal American Recovery and Reinvestment Act
(ARRA), enacted in February 2009 increases requirements for
health data transmitted electronically.
Analysis Prepared by : Mary Ader / APPR. / (916) 319-2081