§ 79901. Definitions.
22 CA ADC § 79901Barclays Official California Code of Regulations
22 CCR § 79901
§ 79901. Definitions.
(B) Any internal paper record, electronic mail or facsimile transmission outside the same health care facility or health care system sent to a covered entity (as defined under Part 160.103 of Title 45 of the Code of Federal Regulations, as of June 27, 2014) that has been inadvertently misdirected within the course of coordinating care or delivering services.
(E) Any lost or stolen encrypted electronic data containing a patient's medical information that is in any way created, kept, or maintained by a health care facility where the encrypted electronic data has not been accessed, used, or disclosed in an unlawful or unauthorized manner. Any lost or stolen electronic data containing a patient's medical information that is in any way created, kept, or maintained by a health care facility that is not encrypted shall be presumed a breach unless it is excluded by section 79901(b)(1)(F).
(f) “Detect” means the discovery of a breach, or the reasonable belief that a breach occurred by a health care facility or business associate. A breach shall be treated as detected as of the first business day on which such breach is known to the health care facility or business associate, or by exercising reasonable diligence would have been known to the health care facility or business associate. A health care facility or business associate shall be deemed to have knowledge of a breach if such a breach is known, or by exercising reasonable diligence would have been known, to any person other than the person committing the breach, who is a workforce member or agent of the health care facility or a business associate.
(i) “Factors outside the control of the health care facility” means any circumstance not within the reasonable control of the health care facility, including, but not limited to, fires, explosions, natural disasters, severe weather events, war, invasion, civil unrest, acts or threats of terrorism, and utility or infrastructure failure. “Factors outside the control of the health care facility” does not include the acts of the health care facility, business associate, or their respective workforce members.
(j) “Health care facility” means a clinic, health facility, home health agency or hospice licensed pursuant to section 1204, 1250, 1725, or 1745 of the Health and Safety Code. For purposes of this chapter, a “health care facility” as it relates to a breach of a patient's medical information shall include workforce members, medical staff, and business associates at the time of the breach and the detection of the breach.
(l) “Medical Information” means, as provided for under Civil Code section 56.05, any individually identifiable information in electronic or physical form, in possession of or derived from a provider of health care, health care service plan, pharmaceutical company, or contractor, as defined in Civil Code section 56.05(d), regarding a patient's medical history, mental or physical condition, or treatment. The term “individually identifiable” means that the medical information includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as the patient's name, address, electronic mail address, telephone number, or social security number, or other information that, alone or in combination with other publicly available information, reveals the individual's identity.
(r) “Workforce” means employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a health care facility or business associate, is under the direct control of such health care facility or business associate, whether or not they are paid by the health care facility or business associate.
Credits
Note: Authority cited: Sections 131000, 131050, 131051, 131052 and 131200, Health and Safety Code. Reference: Section 1280.15, Health and Safety Code.
History
1. New section filed 6-28-2021; operative 7-1-2021 pursuant to Government Code section 11343.4(b)(3) (Register 2021, No. 27). Filing deadline specified in Government Code section 11349.3(a) extended 60 calendar days pursuant to Executive Order N-40-20 and an additional 60 calendar days pursuant to Executive Order N-71-20.
This database is current through 5/10/24 Register 2024, No. 19.
Cal. Admin. Code tit. 22, § 79901, 22 CA ADC § 79901
End of Document |