As the recent case of records snooping at California's Kaiser Bellflower hospital demonstrates, state health data protection laws can be tougher than federal HIPAA law--and enforcement on the state-level can be tougher too, as the pair of six-figure fines suffered by the hospital suggests. And while California may be a pioneer, don't expect it to be the last. Expect states to crack down on health data privacy across the United States, at least if the California measures prove to have teeth, experts suggest.
Last September, California enacted the toughest patient privacy protections in the country, even tougher than HIPAA. They include specific penalties for medical-record snooping, rules requiring providers to report breaches far more quickly than HIPAA and requirements that safeguards like passwords be put in place. The new laws even establish a new state office supervising patient privacy and imposing fines when violations occur.
Right now, even Californians are skeptical that things will really change long term. After all, HIPAA has changed some provider procedures, such as displays of sign-up sheets and notices of privacy practices. Other policies, however, have remained unchanged. Still, with California's long-time role as an industry leader, other states are likely to take notice of its approach.
To learn more about California's efforts:
- read this Health Leaders Media piece
Related Articles:
Stimulus bill sets new HIPAA rules, but will it make a difference?
HIPAA privacy rules not enough, IOM says