Welf. & Inst. Code 5778(b)(5)(B) (1994; amended by A.B.1780, 2008)
Summary:
The Department of Mental Health may contract with an independent, nongovernmental entity to conduct client record reviews. The entity must comply with all federal and state privacy laws, including the federal Health Insurance Portability and Accountability Act, the Confidentiality of Medical Information Act, and Section 1798.81.5 of the Civil Code [businesses that own or license personal information about Californians must provide reasonable security for that information]. The entity shall be subject to existing penalties for violation of these laws. The entity cannot use, sell, or disclose client records for a purpose other than the one for which the record was given. “Client record” means a medical record, chart, or similar file.
Keywords:
agency, business, business associate, federal-state, mental health professional, mental healthParties Bound:
Department of Mental Health; independent nongovernmental entities contracted to conduct client record reviews Other Relevant California Code Sections:
Health Insurance Portability and Accountability Act (HIPAA), 42 U.S.C. Sec. 1320d et seq.; Civil Code 56 et seq.; Civil Code 1798.81.5; Welfare and Institutions Code 5778(b)(5)(C)(i): “Client record” means a medical record, chart, or similar file. Associated Federal Law(s):
Application of Privacy Provisions and Penalties to Business Associates of Covered Entities : HIPAA restrictions apply to a business associate to same extent as they do to a covered entity.
Associated Federal Law(s):
Uses and disclosures of protected health information: general rules : disclosures to business associates, requirements for business associate agreement