Complying with California's New Security Regulations
California has signed into law two legislations, Senate Bill 541 (SB 541) and Assembly Bill 211 (AB 211) that significantly increase state fines for security and privacy violations involving Protected Health Information (PHI). The SB 541 and AB 211 establish new breach disclosure standards and mandate security controls for preventing unauthorized access to patient information. Healthcare organizations will need to implement controls to secure access to authorized individuals only.

The AB 211 includes fines starting from $2,500 to $25,000 per violation for organizations that negligently disclose patient records. People or organizations that illegally use medical information for financial gain face fines of up to $250,000 per violation. Further, under AB 211, individuals can pursue legal action against covered entities and licensed health professionals for failing to adequately protect their medical information. Individuals can claim up to $1,000 in damages even if a data exposure caused no harm.

SB 541 includes a new disclosure rule in which any breaches must be disclosed to the affected patients and the CDPH within five days of being discovered. Failure to inform may result in fines of $100 per violation for each day they are late, up to a maximum of $250,000. The SB 541 also gives the California Department of Public Health (CDPH) authority to impose fines of up to $25,000 for each patient whose medical information may have been accessed, used or disclosed in an unauthorized manner.

So, in your cyber security strategy have you identified the State regulations that your business is required to comply with?

Want to Learn More About the New California Security Regulations?
Contact Steve.Ferrick@ecfirst.com or call 1.877.899.9974 x14 to email you a complimentary executive brief PDF on Cyber Security Strategy – that describes the 4 laws of information security and steps you through new California security regulations. Ask Steve about developing a complimentary custom proposal for complying with State regulations, U.S. federal regulations such as HIPAA and the new HITECH Act and international standards such as the ISO 27000 series.

Are You in Compliance with California’s New Security Regulations? Exec Brief Lunch, Sacramento, CA - June 19, 2009

In this unique 90 minute session cyber security and compliance expert Ali Pabrai examines the mandatory requirements of several California security regulations including SB 1386, AB 1950, AB 1298, AB 211, SB 541 and others. New regulations not only include “personal information,” but also “medical information” and “health insurance information.” Pabrai will step through frameworks that may be applied to enable your organization to comply with numerous California requirements for protecting personal information. For more information, please visit www.ecfirst.biz. To bring this program to your site, please contact John Schelewitz at 1.480.663.3225 or John.Schelewitz@ecfirst.com.

CHP Program Updated with New Healthcare Healthcare Privacy & Security Mandates

Learn about key aspects of the new HITECH Act (economic stimulus bill recently enacted) and the HIPAA regulation including Transactions and Code Sets, Identifiers, Privacy and Security. HIPAA Academy, the industry’s gold standard for HIPAA training, certification and consulting, has made available on-line the content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS). For details, please visit www.HIPAAAcademy.Net.