BILL NUMBER: SB 368 AMENDED
BILL TEXT
AMENDED IN SENATE DECEMBER 15, 2009
AMENDED IN SENATE APRIL 1, 2009
INTRODUCED BY Senator Maldonado
FEBRUARY 25, 2009
An act to amend Section 130203 of the Health and Safety
Code, relating to confidential medical information. An
act to add Section 15438.9 to the Government Code, relating to
public health.
LEGISLATIVE COUNSEL'S DIGEST
SB 368, as amended, Maldonado. Confidential medical
information: unlawful disclosure. Public health:
health care technology systems: loans.
Existing law authorizes the California Health Facilities Financing
Authority to, among other things, make secured and unsecured loans
to any participating health institution in connection with the
financing of a project or working capital in accordance with an
agreement between the authority and the participating health
institution.
This bill would require the authority to establish a low-interest
loan program to provide any participating health institution eligible
health provider organization, as defined, or eligible licensed
physician and surgeon, as defined, with financing for the costs of
purchasing a health care information technology system, as defined.
It would also require the authority, by January 1, 2012, and on an
annual basis thereafter, to provide a report on the status and
utilization of this loan program to the Assembly Committee on Health
and the Senate Committee on Health.
Existing law, the Confidentiality of Medical Information Act,
generally prohibits the unlawful disclosure of confidential patient
information, sets forth criminal and civil penalties for prescribed
violations, and authorizes prescribed persons to bring enforcement
actions.
Existing law requires a provider of health care, as defined, to
establish and implement specified safeguards to protect the privacy
of a patient's medical information. Existing law requires a provider
of health care to reasonably safeguard confidential medical
information from unauthorized or unlawful access, use, or disclosure.
Existing law establishes within the California Health and Human
Services Agency the Office of Health Information Integrity to assess
and impose administrative fines for a violation of these provisions.
This bill would authorize the office to audit the procedures and
records of a provider of health care at any time to determine the
provider's compliance with the Confidentiality of Medical Information
Act.
Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Section 15438.9 is added to the
Government Code , to read:
15438.9. (a) The authority shall establish a low-interest loan
program to provide any participating health institution, eligible
health provider organization, such as a medical group or independent
practice association, or eligible licensed physician and surgeon,
whose primary business is health care, with financing for the costs
of purchasing a health care information technology system. Subject to
the California Constitution, the State General Obligation Bond Law
(Chapter 4 (commencing with Section 16720) of Part 3 of Division 4),
and this part, moneys from the Health Facilities Financing Fund may
be used, upon appropriation by the Legislature, for purposes of this
program.
(b) For purposes of this section:
(1) "Eligible health provider organization" means a health care
provider organization that is established and operates on a nonprofit
basis.
(2) "Eligible licensed physician and surgeon" means a physician
and surgeon whose office or practice is established and operates on a
nonprofit basis.
(3) "Health care information system" means information technology
purchased by a qualified taxpayer that will aid in the provision of
health care in a health care setting, including, but not limited to,
health care information technology that deals with the storage,
retrieval, sharing, and use of health care information, including
electronic health records, electronic prescription drug
administration, and computerized physician order entry that permits
the electronic ordering of diagnostic and treatment services. For
purposes of this paragraph, "health care information technology" does
not include information technology whose sole use is for maintenance
of inventory of basic supplies or appointment scheduling.
(c) On or before January 1, 2012, and on an annual basis
thereafter, the authority shall provide a report on the status and
utilization of the loan program, described in subdivision (a), to the
respective chairs and vice chairs of the Assembly Committee on
Health and the Senate Committee on Health.
SECTION 1. Section 130203 of the Health and
Safety Code is amended to read:
130203. (a) Every provider of health care shall establish and
implement appropriate administrative, technical, and physical
safeguards to protect the privacy of a patient's medical information.
Every provider of health care shall reasonably safeguard
confidential medical information from any unauthorized access or
unlawful access, use, or disclosure.
(b) The office may audit the procedures and records of a provider
of health care at any time in order to determine the provider's
compliance with the requirements of subdivision (a).
(c) In exercising its duties pursuant to this division, the office
shall consider the provider's capability, complexity, size, and
history of compliance with this section and other related state and
federal statutes and regulations, the extent to which the provider
detected violations and took steps to immediately correct and prevent
past violations from reoccurring, and factors beyond the provider's
immediate control that restricted the facility's ability to comply
with this section.