Beware of More Stringent State HIPAA Laws

The alleged patient-record snoopers at Kaiser Permanente Bellflower Hospital in Los Angeles County picked the wrong state in which to snoop.

California has the most stringent patient privacy laws in the nation–stronger than new federal laws.

Last September, state leaders passed Assembly Bill 211 and Senate Bill 541.

The measures:

• Specify penalties for unauthorized access to medical records


• Require organizations to report privacy breaches more quickly


• Make safeguards, such as password protection, a state requirement


• Assign rights to enforce patient privacy violations to a new state office, the California Office of Health Information Integrity.

"California has been on the forefront of patient/medical records privacy laws, and existing California law did not completely address the issue of unauthorized access of patient medical records by employees," says Esther Chang, JD, attorney at McDermott Will & Emery, LLP, in Los Angeles.

Last week, Kaiser was slapped with a six-figure fine for failing to secure electronic patient records from snooping employees.

Investigators say one of the eight employees caught in the latest security breach in April was also involved in the earlier breach in mid-March that involved Nadia Suleman, aka the Octomom.