California’s Medical Data Breach Notification Law Has Been Happily Amended

I honestly didn’t see this coming, but am very pleased to see it happen. Effective September 18, 2014, California has extended its stringent 5 day medical data breach notification requirement to 15 days. This is great news for clinics and healthcare facilities that are faced with the very stressful timing, discussions, and requirements that come from a data breach.

Here is a quick and simple rundown of what you need to know for Assembly Bill 1755 - An Act to amend Section 1280.15 of the Health and Safety Code:

• Reporting requirement to the California State Department of Public Health has been extended to 15 days
• If reporting was delayed due to law enforcement, the report will be required to be made within 15 days at the end of the delay
• Reporting to patients or the patient’s representative has also been extended to 15 days
• Reports to patients or the patient’s representative is amended to alternative means, such as email, where this form of communication has been agreed to in writing
• Reports to patients or their representative may also be made to an alternate location, if specified by the patient or representative in writing
• The Department will also have full discretion to consider all factors when determining whether to investigate and whether a penalty should be assessed

Amended Assembly Bill 1755:

http://www.leginfo.ca.gov/pub/13-14/bill/asm/ab_1751-1800/ab_1755_bill_20140918_chaptered.pdf

If you use RADAR for managing and assessing your incidents, don't worry it is already updated! SaaS for the win!