California Privacy Laws
Medical Records Retention
The California Confidentiality of Medical Information Act
(CA Civil Code §56 et seq)
Health care worker gets 2 years for accessing Ruth Bader Ginsburg’s medical records ABC News
CA confidentiality of Medical Information Act provides that Private Information about your health and healthcare is perhaps the most sensitive and personal kind of information collected. California State & Federal HIPAA laws give us many rights to limit those who see our medical records.
Businesses are forbidden from trying to obtain medical information directly from an individual for direct marketing purposes without clearly and conspicuously disclosing how it will use and share that information, and without obtaining the consumer’s consent. (SB 1633 Civil Code §1798.91)
Manifest MedEx manifest medex.org/ is tackling one of healthcare’s hardest and most fundamental problems. A problem that has to be fixed before hospitals, health plans, and physicians can do the hard work to reduce costs, provide a better patient experience, and improve outcomes. Manifest MedEx is on a mission to connect healthcare in California. We’ve built a nonprofit utility that gets health information out of silos. Our network facilitates the secure exchange of real-time information on millions of patients across California. Your job is to make healthcare better. Our job is to get you the information you need.
- Covered CA Privacy Policy Webpage
- Insurance Information and Privacy Protection Act §791-791.27
- California Code of Regulations Section §2689.1 et seq. www.calregs.com/
- Regulations Title 10 Subchapter 5.9 – 22 pages pdf
- CA Department of Insurance
- California Is Creating a New Health Information Exchange. Here’s Why That Matters.
- Can your insurer watch you on social media?
Online Privacy Act
The California Online Privacy Protection Act of 2003 (CalOPPA) amended in 2013, requires commercial websites on the World Wide Web and online services to include a privacy policy on their website. Wikipedia *
Data Privacy Law
On Jan. 1, 2020, all Californians will be able to find out what personal information a business is collecting about them, their devices and their children. Companies can still collect the data: what you buy; where you go, and when; all the photos you’ve ever taken; your emails, even the ones you deleted. But what companies must now do is tell you what they’re collecting when you ask, and delete it all if you ask for that. However, some companies can deny your request to delete if the data is required in order to complete a financial transaction or protect against fraud. What companies can’t do anymore, legally, is sell that data if you tell them not to NPR *
#Cyber Security
- #Safeguarding Taxpayer Data - A guide for your business Publication # 4557
- HHS HIPAA Summary
- CMS Webinar 56 pages on Privacy 2017
- Extensive Cyber Security Article in CAHU Magazine June 2022 Page 4
- 4 Things Small Businesses Can Do to Protect Against Cyberattacks
- An A-Z Plan for Corporate Cybersecurity Success
- Health care systems vulnerable to cyberattacks supported by Russian intelligence agencies 5.19.2022 Medical Economics.com
Consumer Links
- Need to Get Plan B or an HIV Test Online? Facebook May Know About It Read More CA Health Line *
- Website Privacy Law Opt Out Selling Information LA Times 1.2.2020 *
- David Lazarus LA Times 8.18.2020 should be easier to opt out
- California Patients Guide wikipedia.org
- California State Office of Privacy Protection Website CA
- Office of HIPAA Implementation ***
- CA Healthcare Foundation 15 Page Pdf
- Rights & Requirements Federal HIPAA
- Covered CA Agent Privacy Course 2019-2020
- Email us for 2020 – 2021 Presentation (C:/Covered.CA/Certification.Seminar/Job Aids)
- Covered CA Privacy Policy Webpage
- 2014 Study Guide
Technical & Research Links
- Use of Social Security Number §1798.85 California Senate Bill 168
- Family Law Code §3751.5 Right of Other Parent to Obtain Medical Information
- Covered CA Agent Agreement Exhibit # D on Privacy & Security
LAW
California Consumer Privacy Act (CCPA)
The intentions of the Act are to provide California residents with the right to:
- Know what personal data is being collected about them.
- Know whether their personal data is sold or disclosed and to whom.
- Say no to the sale of personal data.
- Access their personal data.
- Request a business to delete any personal information about a consumer collected from that consumer.[9]
- Not be discriminated against for exercising their privacy rights. Wikipedia *
Word Press web sites – How to comply from WordPress.com
Insurance Agency – Records #Retention
The California Department of Insurance, pursuant to Title 10 California Code of Regulations section 2190.7, requires that an insurance producer maintain certain records that must be open and available for Department inspection at the agent’s place of business. The principal rule, found under section 2190.3, requires an agent to keep his file for 18 months after an insurance transaction, which includes the following items:
- 1) the identity of each person who transacted the insurance,
- 2) all binders showing the names of the insured and insurer, the nature of the coverage, and the effective and termination dates as well as premium,
- 3) a copy of the application or memorandum requesting the insurance, and
- 4) correspondence, notes, memoranda and other records.
Under the broader rule of Title 10 California Code of Regulations section 2190.2, certain information must be kept for every insurance transaction for five years. There are 18 items of information, which include the parties, particulars of the policy and information about what payment was made and how it was handled by the agent (including banking information). Although whole files do not have to be maintained for the five years, this information must be traceable back to whatever source documents were used to assemble the information.
The main areas of concern when the Department wants to inspect a file are typically appropriate handling of premium monies and the presence of signatures on carrier forms. CA License Blog
Records are to be maintained for a minimum of five years after the expiration or cancellation of the policy in question. Good sense dictates that you maintain your records for up to 10 years if economically and practically feasible. Of course, the average agent or broker will not maintain his/her records in perpetuity. Nevertheless, retaining your files for 8 to 10 years is not only suggested but advised as a means to cut off potential E&O claims and to assist existing insureds. Rough Notes.com
- 10 CCR Article 7. Production Agency Records§ 2190.1. General.
- § 2190.3. Records by File.
- § 2190.2. Required Records. 5 years
- § 2190.4. Direct Billing.
- § 2190.5. Bank Records
- § 2190.7. Place Where Records Kept.
Also, if an insured is over age 65 and the policy is solicited or sold through a house call, the mandated advance notice of that visit should be kept in the file.CA License Blog I don’t think he’s quite right
Our webpage on Scope of Appointment for Medicare Advantage which we are required to keep for 10 years
Testimonials & Accolades
Thank you so much for your assist in navigating this complicated insurance process.
I feel so lucky to find you!
I would like to contact you if I have any questions in the future because you are the only one who can give me a clear answer in this field.
I really, really appreciate you. 🙏
Julie L
https://privacy.ca.gov/