Medical Billing
Speak to providers who use MTBC’s medical billing, transcription, and EMR services
Find out what's happening at MTBC

09/03/2008
New California Law Subjects Providers to Steep Fines for Privacy Breaches

Under a bill recently approved by the Assembly and expected to be signed into law, California Healthcare providers could soon be subject to hefty fines and costly civil litigation if they fail to adopt and implement “appropriate administrative, technical, and physical safeguards to protect the privacy of a patient’s medical information.”

While A.B. 211 appears to mirror HIPAA’s requirements regarding “administrative, technical, and physical safeguards,” unlike HIPAA, it puts real 'teeth' in its privacy requirements. For instance, A.B. 211 creates a private cause of action, which means that patients are able to file suit under the law if a provider negligently releases his or her records to a third party. Moreover, a patient need not demonstrate any loss whatsoever to recover nominal damages of $1,000.

A.B. 211 also characterizes violations of the law as misdemeanors and imposes fines of as much as $2,500 to $250,000. It further turns local county and city attorneys into 'bounty hunters' by allowing their county or city treasurer (as the case may be) to retain 50% of any fines that result from actions brought by them against providers under A.B. 211.

Pursuant to the bill, the extent of any administrative fines or civil awards must be informed by the following factors:

  1. Whether the defendant has made a reasonable, good faith attempt to comply with this part.
  2. The nature and seriousness of the misconduct.
  3. The harm to the patient, enrollee, or subscriber.
  4. The number of violations.
  5. The persistence of the misconduct.
  6. The length of time over which the misconduct occurred.
  7. The willfulness of the defendant’s misconduct.
  8. The defendant’s assets, liabilities, and net worth.

Finally, it is noteworthy that A.B. 211 would create the Office of Health Information Integrity, which is within the California Heath and Human Services Agency. This office would be responsible for overseeing the implementation and enforcement of the new law.

Labels : California, HIPAA, Privacy, Healthcare IT, Data security ,







Disclaimer: The information contained within the MTBC® Legal Corner is provided for general educational and informational purposes only and should not be construed as legal advice. The author of the Legal Corner does not represent the Web site user or the individual submitting a particular question. Please seek the advice of legal counsel to address any specific questions you may have regarding your particular facts or circumstances


About Author

Stephen Snyder serves as MTBC’s General Counsel and his blog focuses on his specialty areas of business, privacy and healthcare law.


Subscribe:









Tags:
ADA (1)
AMA (2)
BCBS (1)
Certification/Licensing (3)
CMS (20)
Coding (3)
California (3)
Data Security (8)
DEA (4)
Ethics (5)
EMR/EHR (5)
E-Prescribing (9)
Employment (2)
Florida (6)
Fraud (8)
Georgia (1)
Genetics (1)
HHS (3)
Healthcare IT (24)
HIPAA (6)
Hawaii (1)
Immigration (4)
Illinois (2)
Medicare/Medicaid (25)
Maryland (3)
Maine (1)
Med Mal (5)
New Jersey (7)
NPI (2)
North Carolina (1)
OB/GYN (2)
OIG (5)
Oklahoma (1)
Out-of-Network (1)
Pennsylvania (1)
PQRI (7)
Patient Billing (7)
Privacy (7)
Pharma (5)
Quality of Care (11)
Reimbursement (28)
Reasonable &
Customary (4)
Stark I/II (4)
Uninsured (6)
Usual & Customary (1)
Virginia (2)
West Virginia (1)

 

 
Learn More

images/icon_demo.gif

Schedule a Demo
images/icon_qstn.gif Ask a Question
icon_phone.gif Call 1-866-266-MTBC
 
Signup
 
Healthcare IT Blog

 

Healthcare Law Blog