BILL ANALYSIS �
------------------------------------------------------------
|SENATE RULES COMMITTEE | SB 270|
|Office of Senate Floor Analyses | |
|1020 N Street, Suite 524 | |
|(916) 651-1520 Fax: (916) | |
|327-4478 | |
------------------------------------------------------------
UNFINISHED BUSINESS
Bill No: SB 270
Author: Alquist (D)
Amended: 8/2/10
Vote: 27 - Urgency
SENATE HEALTH COMMITTEE : 7-0, 1/13/10
AYES: Strickland, Cedillo, Cox, Leno, Negrete McLeod,
Pavley, Romero
SENATE APPROPRIATIONS COMMITTEE : Senate Rule 28.8
SENATE FLOOR : 33-0, 1/25/10
AYES: Aanestad, Ashburn, Cedillo, Cogdill, Corbett,
Correa, Cox, Denham, DeSaulnier, Ducheny, Hancock,
Harman, Hollingsworth, Huff, Kehoe, Leno, Liu, Lowenthal,
Negrete McLeod, Oropeza, Padilla, Pavley, Price, Romero,
Runner, Steinberg, Strickland, Walters, Wiggins, Wolk,
Wright, Wyland, Yee
NO VOTE RECORDED: Alquist, Calderon, Dutton, Florez,
Maldonado, Simitian, Vacancy
ASSEMBLY FLOOR : 79-0, 8/19/10 - See last page for vote
SUBJECT : Health care providers: medical information
SOURCE : Health and Human Services Agency
DIGEST : This bill clarifies existing law related to
delays in reporting unauthorized access to, and use or
disclosure of, a patient's medical information to the
CONTINUED
�
SB 270
Page
2
Department of Public Health, makes other specified
clarifications, and extends the sunset of the California
Office of HIPAA [Health Insurance Portability and
Accountability Act] Implementation (CalOHI).
Assembly Amendments extend the sunset of CalOHI until
January 1, 2013, and make technical clarifications.
ANALYSIS :
Existing law:
1.Provides for the licensing and regulation of clinics,
health facilities, home health agencies, and hospices by
the Department of Public Health (DPH).
2.Requires these entities to prevent unlawful or
unauthorized access to, and use or disclosure of, a
patient's medical information. A violation of these
provisions is a crime.
3.Requires these entities to report an instance of unlawful
or unauthorized access top, and use or disclosure of, a
patient's medical information to DPH and to the affected
patient or patient's representative, as prescribed,
within five business days of its detection, except that
an entity is required to delay compliance with this
reporting requirement beyond this five business day
period if a law enforcement agency or official provides
the entity with a written or oral statement that
compliance with the reporting requirement would impede
the law enforcement agency's activities that relate to
the unlawful or unauthorized access to, and use or
disclosure of, a patient's medical information and
specifies the date upon which the delay shall end, as
prescribed.
4.Establishes the Office of Health Information Integrity
within the Health and Human Services Agency (HHSA) to
ensure the enforcement of state law mandating
confidentiality of medical information and to impose
administrative fines for the unauthorized use of medical
information.
�
SB 270
Page
3
5.Authorizes HHSA, or one of the departments under its
jurisdiction, to apply for federal funds made available
through the federal American Recovery and Reinvestment
Act (ARRA) for health information technology and exchange
and, if no application is made, requires the Governor to
designate a nonprofit entity to be the state-designated
entity for purposes of health information exchange.
6.Requires the agency or state-designated entity to
facilitate and expand the use and disclosure of health
information electronically among organizations, as
prescribed, while protecting individual privacy and the
confidentiality of electronic medical records.
This bill:
1. Authorizes a clinic, health facility, home health
agency, or hospice to delay reporting unlawful or
unauthorized access, use, or disclosure of a patient's
medical information to DPH if a law enforcement agency
or official provides the entity with a written or oral
statement that compliance with the reporting requirement
would likely impede the law enforcement agency's
investigation, rather than activities, that relates to
the unlawful or unauthorized access to, and use or
disclosure of, a patient's medical information.
2. Authorizes a law enforcement agency or official to
request an extension of the 60-day delay based upon a
written declaration that there exists a bona fide,
ongoing, significant criminal investigation of serious
wrongdoing, that notification of patients will undermine
the law enforcement agency's investigation, rather than
activities.
3. Clarifies for purposes of this bill, that internal paper
records, electronic mail, or facsimile transmissions
inadvertently misdirected within the same facility or
health care, as specified, shall not constitute
unauthorized access to, or use or disclosure of a
patient's medical information.
4. Clarifies, for enforcement purposes, that it shall be
presumed that the facility did not notify the affected
�
SB 270
Page
4
patient if the notification was not documented and
authorizes this presumption to be rebutted by a licensee
only if it demonstrates, by a preponderance of evidence,
that the notification was made.
5. Extends the sunset date of CalOHI from July 1, 2010, to
January 1, 2013.
Background
Under the medical privacy provisions of the recently
enacted federal legislation, ARRA, entities that transmit
health information in an electronic form are required to
provide notice of a medical privacy breach to an individual
whose information has been subject to a breach, within 60
days of the discovery of the breach. The 60-day
requirement is delayed in the case that a law enforcement
official determines that notice of a medical privacy breach
would impede a criminal investigation or cause damage to
national security. However, the ARRA provides that state
medical privacy breach notification laws that are more
protective of medical privacy are not preempted.
The Confidentiality of Medical Information Act provides
statutory protection for confidentiality of medical
information of all persons and restricts the dissemination
and use of such information. It covers all medical
information, including electronic health information.
State law also differs from federal law by requiring all
medical privacy breaches to be reported to DPH and the
individual within five days of the discovery of the breach,
unless the notification would be likely to impede a law
enforcement agency's investigation of that breach. In the
event that an entity is requested to delay notification of
a breach by law enforcement, state law also specifies when
that delay shall end, depending if the request was
submitted to the entity orally or in writing.
NOTE: For more extensive background information, please
refer to the Senate Health Committee
analysis.
FISCAL EFFECT : Appropriation: No Fiscal Com.: Yes
Local: Yes
�
SB 270
Page
5
SUPPORT : (Verified 8/19/10)
Health and Human Services Agency (source)
American Civil Liberties Union
Community Health Partnership
Department of Public Health
El Camino Hospital
ARGUMENTS IN SUPPORT : The American Civil Liberties Union
(ACLU) writes in strong support of the privacy
clarification language in this bill to ensure that there is
no diminution of individual privacy rights under California
law while the state or state-designated entities are
accessing federal stimulus funds. The ACLU further states
that most people would agree that there is little
information that they hold more private that medical and
health information, and that the state has a strong
interest in encouraging people to seek prompt treatment for
health conditions.
ASSEMBLY FLOOR :
AYES: Adams, Ammiano, Anderson, Arambula, Bass, Beall,
Bill Berryhill, Tom Berryhill, Blakeslee, Block,
Blumenfield, Bradford, Brownley, Buchanan, Caballero,
Charles Calderon, Carter, Chesbro, Conway, Cook, Coto,
Davis, De La Torre, De Leon, DeVore, Eng, Evans, Feuer,
Fletcher, Fong, Fuentes, Fuller, Furutani, Gaines,
Galgiani, Garrick, Gatto, Gilmore, Hagman, Hall, Harkey,
Hayashi, Hernandez, Hill, Huber, Huffman, Jeffries,
Jones, Knight, Lieu, Logue, Bonnie Lowenthal, Ma,
Mendoza, Miller, Monning, Nava, Nestande, Niello,
Nielsen, Norby, V. Manuel Perez, Portantino, Ruskin,
Salas, Saldana, Silva, Skinner, Smyth, Solorio, Audra
Strickland, Swanson, Torlakson, Torres, Torrico, Tran,
Villines, Yamada, John A. Perez
NO VOTE RECORDED: Vacancy
CTW:mwk 8/20/10 Senate Floor Analyses
SUPPORT/OPPOSITION: SEE ABOVE
�
SB 270
Page
6
**** END ****