Under the federal Health Insurance Portability and Accountability Act (HIPAA), failure to secure protected medical information (PHI), can result in serious consequences. However there are some state privacy laws, like those in California, that also carry severe penalties. This explains why you should be as concerned about California’s Confidentiality of Medical Information Act (CMIA), as you are with HIPAA (learn moer).
While many health providers are aware of the risks under HIPAA, they don’t’ realize that breaching CMIA’s data laws may be even riskier. Under CMIA any private party can bring a lawsuit claiming monetary damages. However, under HIPAA investigations are carried out by the government.
CMIA strictly prohibits the disclosure of medical information, without prior approval of the patient. A violation is considered so serious that if your medical records are compromised, you are entitled to $1,000 even if the disclosure does not adversely affect you in any way.
In the case of Sutter Health v. Superior Court (227 Cal.App.4th 1546 (July 21, 2014)), a class action suit was brought against Sutter Health Medical based on their violation CMIA. This arose because of the theft of Sutter Health’s desktop computer, which held medical records belonging to about 40mil patients. Although there was no evidence that the medical records were actually viewed by unauthorized persons, the suit was filed by a party of interest, alleging breach of confidentiality.
Although the Appeals Court held that Sutter Health should not be held accountable, the argument regarding strict liability has not been settled. This case underscores the reason why health care providers should be as concerned about CMIA, as they are about HIPAA. It is therefore vital that health data compliance policies are appropriately administered. Contact Nelson Hardiman, LLP, Los Angeles at 310-203-2800 for more information.