The California Department of Public Health, which recently took 80 days to report its second major breach of protected information in less than a year--and 79 days to report the first breach--was in compliance with state law and did not unreasonably delay reporting, the department says in e-mailed answers to questions from Health Data Management.

The breaches did not fall under the federal health care breach notification rule, but reporting was required under state law. While the federal rule mandates notification within 60 days of discovery of a breach, California's law--which is across industries--has no specific time limit.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access