CHA News Article

2014 Privacy Manual Now Available

CHA’s California Health Information Privacy Manual is now available. The seventh edition of this California-specific resource has been updated to reflect major changes in state and federal health information privacy laws through January 2015. The manual discusses each new law, revision or judicial decision in detail.

Highlights of some of the notable changes to this edition include:

  • Effective Jan. 1, 2015, the deadline for reporting privacy breaches to patients and to the California Department of Public Health (CDPH) under Health and Safety Code Section 1280.15 will be increased from five to 15 business days after detection. In addition, if a patient submits a written request for notification by email, a breach notification may be provided electronically.
  • Effective Jan. 1, 2015, a breach of unencrypted computerized information that contains a person’s Social Security number, driver’s license number or California identification card number, along with their first name or first initial and last name, may require an offer to provide appropriate identity theft prevention and mitigation services, if any, for not less than a year.
  • A description of the Office of Civil Rights’ permanent audit program, which started in 2014, has been added.
  • Discussion of several significant judicial decisions regarding breaches of health information that 1) stipulated that plaintiffs must prove that an unauthorized person actually viewed medical information to receive monetary relief; 2) clarified the definition of “medical information” in terms of assessing whether a breach took place and when making intentional disclosures of patient information, and 3) asserted that “disclosure” as used in the Confidentiality of Medical Information Act  requires an affirmative communicative act by the provider – not merely being the victim of a theft.

Additionally, the manual contains many legal changes of lesser significance, website updates of references and resources, and clarifications that are too numerous to list.

“The California Health Information Privacy Manual is the only publication available to health care providers that integrates and compares California privacy protections with federal law,” states Lois Richardson, CHA’s vice president for privacy and legal publications/education. “The manual addresses privacy requirements under the HITECH Act, HIPAA, the Genetic Information Nondiscrimination Act, the California Confidentiality of Medical Information Act, the California Patient Access to Health Records Act, the Lanterman-Petris-Short Act, and other state laws.”

To view a list of notable changes to this edition, or to order the manual, visit