Privacy Laws

 

Family Educational Rights and Privacy Act of 1974 (FERPA) - 20 U.S. Code section 1232g – This Federal law puts limits on disclosure of educational records maintained by agencies and institutions that receive federal funding.

 

Confidentiality of Medical Information (COMIA), California Civil Code sections 56-56.37 – This California law puts limits on the disclosure of patients’ medical information. It specifically prohibits many types of marketing uses and disclosures.

 

Confidentiality of Medical Information (COMIA), California Civil Code section 56.104 – Relates to confidentiality of information relating to a patient's outpatient treatment with a pyschotherapist.

 

Department of Public Health Breach Notification, California Health & Safety Code section 1280.15 – Requires that licensed clinics and health facilities notify the California State Department of Public Health and affected patients of any unlawful or unauthorized access to, use, or disclosure of their medical information.

 

Health Insurance Portability and Accountability Act of 1996 (HIPAA) – The HIPAA Privacy and Security Rules set national standards for the protection of certain health information.

 

Health Information Technology for Economic and Clinical Health Act (HITECH) – Passed as part of American Recovery and Reinvestment Act of 2009 (ARRA), HITECH revises and expands the HIPAA Privacy and Security Rules, adds new breach notification requirements for covered entities and business associates, strengthens the government's enforcement powers, and makes related changes.

 

HIV Privacy, California Health & Safety Code 121010 et seq. – The California Health and Safety Code includes requirements for protecting the privacy of individuals who are the subject of blood testing for antibodies to human immunodeficiency virus (HIV).

 

Information Practices Act of 1977 California Civil Code section 1798 – This state law expands upon the constitutional guarantee of privacy by providing limits on the collection, management and dissemination of personal information by state agencies.

 

Legal and Civil Rights of Persons Involuntarily Detained - California Welfare & Institutions Code section 5328 et seq. – The health information confidentiality provisions of the Lanterman, Petris, Short Act protect the confidentiality of information obtained in the course of providing certain mental health services to involuntary and voluntary recipients.

 

Patient Access to Health Records Act, California Health & Safety Code 123100-123149.5 – This state law establishes requirements for providing access to health care records or summaries of those records by patients and by those persons having responsibility for decisions respecting the health care of others.

 

Security Breach Notification, California Civil Code section 1798.82 – This California law includes requirements for notifying California residents whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person as a result of a security breach.

 

Common Rule – The Federal Policy for the Protection of Human Subjects outlines the basic provisions for Institutional Review Boards (IRBs), informed consent, and Assurances of Compliance.

 

HHS Human Subject Protection Regulations 45 CFR part 46 – The Code of Federal Regulations provides for the protection of human research subjects including that, in order to approve such research, there are adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data.

 

HIV/AIDS Privacy, California Health & Safety Code Section 121075 – The California Health & Safety Code requires the protection of personally identifiable research records relating to HIV or AIDS.

 

Gramm-Leach-Bliley Act (GLBA) – This Federal Trade Commission (FTC) law requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information sharing practices to their customers and to safeguard sensitive data.

 

Red Flags Rule – This Federal Trade Commission (FTC) Rule requires organizations to develop, document and implement an Identity Theft Prevention Program designed to detect the warning signs (“red flags”) of identity theft in their day-to-day operations.

 

Online Privacy Protection Act of 2003 – California Business and Professions Code sections 22575-22579. This law requires operators of commercial web sites or online services that collect personal information on California residents through a web site to conspicuously post a privacy policy on the site and to comply with its policy.