The California Department of Public Health, which previously has fined at least a dozen hospitals and one nursing home for privacy violations, has suffered its second major breach of protected health information since September 2010--and took 80 days to report this second breach. Its first breach took 79 days to report.

It was not immediately clear if either incident falls under the federal breach notification rule, but the first breach is not listed on the federal government's public Web site listing breaches of PHI affecting 500 or more individuals. The notification rule covers HIPAA covered entities--providers, clearinghouses and insurers--that conduct electronic HIPAA transactions.  Consequently, a health department would be required to report if a breach involved electronic billings for flu shots or other treatments. California also has its own breach notification law. A spokesperson for the department was not immediately available.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access