California Health and Safety Code
§ 130203
HSC § 130203 Effective Oct 8, 2021Div. 109
Statute text
View on leginfo.ca.gov(a)The center shall assume statewide leadership, coordination, policy formulation, direction, and oversight responsibilities for compliance with state and federal health information privacy laws, including, but not limited to, the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code), the Information Practices Act of 1977 (Chapter 1 (commencing with Section 1798) of Title 1.8 of Part 4 of Division 3 of the Civil Code), the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), and the federal Health Information Technology for Economic and Clinical Health Act (Title XIII of the federal American Recovery and Reinvestment Act of 2009 (Public Law 111-5)), and implementing regulations. The center shall exercise full authority relative to state entities to establish policy, provide direction to state entities, provide guidance on data sharing, monitor progress, and report on compliance activities.
(b)Beginning January 1, 2022, the center shall complete an independent security assessment as described in Section 11549.3 of the Government Code at least once every three years and, consistent with subdivision (d) of that section, submit any resulting report and recommendations to the Office of Emergency Services.
(c)All state entities subject to HIPAA shall complete an assessment, in a form specified by the center, to determine the impact of HIPAA on their operations. All state entities shall cooperate with the center to determine whether the state entity is subject to HIPAA, including, but not limited to, providing a completed assessment, as prescribed by the center.
…
Legislative history
Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.