The California Confidentiality of Medical Information Act

^{(CA Civil Code §56 et seq)} 

Health care worker gets 2 years for accessing Ruth Bader Ginsburg’s medical records  ABC News 

CA confidentiality of Medical Information Act provides that Private Information about your health and healthcare is perhaps the most sensitive and personal kind of information collected.  California  State & Federal HIPAA  laws give us many rights to limit those who see our medical records.

Businesses are forbidden from trying to obtain medical information directly from an individual for direct marketing purposes without clearly and conspicuously disclosing how it will use and share that information, and without obtaining the consumer’s consent. (SB 1633 Civil Code    §1798.91)

Manifest MedEx manifest medex.org/ is tackling one of healthcare’s hardest and most fundamental problems. A problem that has to be fixed before hospitals, health plans, and physicians can do the hard work to reduce costs, provide a better patient experience, and improve outcomes. Manifest MedEx is on a mission to connect healthcare in California. We’ve built a nonprofit utility that gets health information out of silos. Our network facilitates the secure exchange of real-time information on millions of patients across California. Your job is to make healthcare better. Our job is to get you the information you need.

• Covered CA Privacy Policy Webpage
• Insurance Information and Privacy Protection Act §791-791.27 
  • California Code of Regulations Section §2689.1 et seq. www.calregs.com/
  • Regulations Title 10 Subchapter 5.9 – 22 pages pdf
• CA Department of Insurance
• California Is Creating a New Health Information Exchange. Here’s Why That Matters.
• Can your insurer watch you on social media?

Online Privacy Act

The California Online Privacy Protection Act of 2003 (CalOPPA) amended in 2013, requires commercial websites on the World Wide Web and online services to include a privacy policy on their website.  ^Wikipedia *

Here’s our privacy statement 

Data Privacy Law

On Jan. 1, 2020, all Californians will be able to find out what personal information a business is collecting about them, their devices and their children.   Companies can still collect the data: what you buy; where you go, and when; all the photos you’ve ever taken; your emails, even the ones you deleted.  But what companies must now do is tell you what they’re collecting when you ask, and delete it all if you ask for that. However, some companies can deny your request to delete if the data is required in order to complete a financial transaction or protect against fraud.  What companies can’t do anymore, legally, is sell that data if you tell them not to ^NPR  *

• leginfo.legislature.ca.gov/1798.82
• oag.ca.gov/data breach/reporting

Consumer Links

• Need to Get Plan B or an HIV Test Online? Facebook May Know About It Read More CA Health Line *
• Website Privacy Law Opt Out Selling Information  ^{LA Times 1.2.2020} *
• David Lazarus LA Times 8.18.2020 should be easier to opt out 
• California Patients Guide wikipedia.org
• California State Office of Privacy Protection Website CA
• Office of HIPAA Implementation ***
• CA Healthcare Foundation  15 Page Pdf
• Rights & Requirements Federal HIPAA 
• Covered CA Agent Privacy Course  2019-2020
• Email us for 2020 – 2021 Presentation (C:/Covered.CA/Certification.Seminar/Job Aids)
• Covered CA Privacy Policy Webpage
• 2014 Study Guide

Technical & Research Links

• Use of Social Security Number §1798.85 California Senate Bill 168
• Family Law Code §3751.5 Right of Other Parent to Obtain Medical Information
• Covered CA Agent Agreement Exhibit # D on Privacy & Security

LAW

• California Law – Constitutional Right to Privacy
• California Law – General Privacy Laws
• California Law – Health Information Privacy
• California Law – Identity Theft
• California Law – Online Privacy
• California Law – Unsolicited Commercial Communications
• Federal Law – General Privacy Laws
• Federal Law – Health Information Privacy
• Federal Law – Identity Theft
• Federal Law – Online Privacy
• Federal Law – Unsolicited Commercial Communications

California Consumer Privacy Act (CCPA) 

The intentions of the Act are to provide California residents with the right to:

1. Know what personal data is being collected about them.
2. Know whether their personal data is sold or disclosed and to whom.
3. Say no to the sale of personal data.
4. Access their personal data.
5. Request a business to delete any personal information about a consumer collected from that consumer.^[9]
6. Not be discriminated against for exercising their privacy rights.  ^Wikipedia *

Word Press web sites – How to comply from WordPress.com

Insurance Agency – Records #Retention

The California Department of Insurance, pursuant to Title 10 California Code of Regulations section 2190.7, requires that an insurance producer maintain certain records that must be open and available for Department inspection at the agent’s place of business.   The principal rule, found under section 2190.3, requires an agent to keep his file for 18 months after an insurance transaction, which includes the following items:

• 1) the identity of each person who transacted the insurance,
• 2) all binders showing the names of the insured and insurer, the nature of the coverage, and the effective and termination dates as well as premium,
• 3) a copy of the application or memorandum requesting the insurance, and
• 4) correspondence, notes, memoranda and other records.

Under the broader rule of Title 10 California Code of Regulations section 2190.2, certain information must be kept for every insurance transaction for five years.   There are 18 items of information, which include the parties, particulars of the policy and information about what payment was made and how it was handled by the agent (including banking information).  Although whole files do not have to be maintained for the five years, this information must be traceable back to whatever source documents were used to assemble the information.

The main areas of concern when the Department wants to inspect a file are typically appropriate handling of premium monies and the presence of signatures on carrier forms.  ^{CA License Blog}

Records are to be maintained for a minimum of five years after the expiration or cancellation of the policy in question. Good sense dictates that you maintain your records for up to 10 years if economically and practically feasible.   Of course, the average agent or broker will not maintain his/her records in perpetuity. Nevertheless, retaining your files for 8 to 10 years is not only suggested but advised as a means to cut off potential E&O claims and to assist existing insureds.  ^{Rough Notes.com}

• 10 CCR  Article 7. Production Agency Records§ 2190.1. General.
  • § 2190.3. Records by File.
  • § 2190.2. Required Records.   5 years
  • § 2190.4. Direct Billing.   
  • § 2190.5. Bank Records  
  • § 2190.7. Place Where Records Kept.  

Also, if an insured is over age 65 and the policy is solicited or sold through a house call, the mandated advance notice of that visit should be kept in the file.^{CA License Blog   _{I don’t think he’s quite right}}

Our webpage on Scope of Appointment for Medicare Advantage which we are required to keep for 10 years

Related Pages in Privacy & Security Section

• Set a Meeting – Zoom, Skype or Phone
  • Meeting – Expectations – Terms of Service
    • Privacy Statement
      • Privacy – Federal HIPAA
        • CA Privacy Laws – Mandated Records Retention
          • Right to review your Medical Records
        • Email Privacy
      • Visitor Agreement