HealthcareCISO

California is tightening up its health facility data breach regulations and recently issued an update to its administrative penalties and reporting requirements.

The newly updated health facility data breach regulations went into effect on July 1, according to the California Department of Public Health.

“The regulations implement California's Health and Safety Code Section 1280.15, which requires a clinic, health facility, home health agency, or hospice licensed by the Department [of Health] to prevent any unlawful or unauthorized access to, or use, or disclosure of, a patient's medical information,” according to a report by the law firm Baker Donelson.

In an All Facilities Letter published by the California Department of Public Health, Acting Deputy Director Cassie Dunham stated that the updated “regulations require healthcare facilities to report a medical information breach to CDPH no later than...