Cal. Code Regs. Tit. 22, § 126020 - Definitions

Current through Register 2021 Notice, Register No. 40, October 1, 2021

(a) "Access" means the HIPAA definition given at 45 C.F.R. § 164.304.
(b) "Affiliated organization" means legally separate organizations which have designated themselves as a single, affiliated organization and are under common ownership or control or are a part of the same Organized Health Care Arrangement ( "OHCA") as defined by HIPAA.
(c) "Applicant" means an entity that submits an application to CalOHII for approval as a demonstration project.
(d) "Authorization" as used in section 126055(b)(2) means written permission in the form required for compliance with Civil Code sections 56.11, 56.21; Insurance Code section 791.06, and/or 45 C.F.R. § 164.508 or as required by more stringent law as defined by 45 CFR § 160.202.
(e) "Business Associate" means the HIPAA definition given at 45 C.F.R. § 160.103.
(f) "CalOHII" means the California Office of Health Information Integrity.
(g) "CMIA Provider" means the Confidentiality of Medical Information Act definition of a Provider of Health Care given at Civil Code section 56.05(j).
(h) "De-identified health information" means the HIPAA definition given at 45 C.F.R. §164.514.
(i) "Demonstration Project Participant" means any provider, health plan, health information organization, or governmental authority approved by CalOHII to test privacy and/or security policies for the exchange of electronic health information in the demonstration project.
(j) "Disclosure" means the HIPAA definition given at 45 C.F.R. §160.103.
(k) "Electronic Health Record (EHR)" means the definition given at section 13400 of subtitle D of the American Recovery and Reinvestment Act of 2009: "an electronic record of health-related information about an individual that is created, gathered, managed, and consulted by authorized health care clinicians and staff."
(l) "Governmental authority" means any municipal, county, state or other governmental entity that has jurisdiction and control over the provision or payment for medical services or that routinely received medical information to complete its designated governmental function, including specialized units from the local and state public health authorities.
(m) "Health Care Provider" means the HIPAA definition given at 45 C.F.R. §164.103.
(n) "Health Information Organization" (HIO) means a third party facilitator that conducts, oversees, or governs the disclosure of individual health information among separate, unaffiliated entities.
(o) "HIPAA" means the Health Insurance Portability and Accountability Act of 1996 as amended by subsequent legislation and the implementation of Privacy, Security, and Enforcement Rules under 45 C.F.R. Part 160 and Subparts A, C, D, and E of Part 164.
(p) "HIPAA covered entity" means the HIPAA definition for covered entity given at 45 C.F.R. 160.103.
(q) "Independent Directed Exchange" means the electronic disclosure of encrypted individual health information over the internet to an unaffiliated entity and where third party facilitators do not have the ability to decrypt the content of the individual health information (IHI) package nor provide governance or oversight.
(r) "Individual" means the person who is the subject of health information.
(s) "Individual Health Information" (IHI) means information, in oral, electronic or physical form, including demographic information collected from an individual, and:
(1) Is created or received by or derived from a health care provider, health care clearinghouse, health plan, employer, pharmaceutical company, or contractor;
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and
(3) Is Individually identifiable which means the information includes or contains any element of personal identifying information to which there is a reasonable basis to believe the information can be used to identify the individual such as the patient's name, address, electronic mail address, telephone number, social security number, or other information that, alone or in combination with other potentially available information, reveals the individual's identity.
(t) "More stringent law" means: in the context of a comparison of a provision of state or federal law, including HIPAA, against another law, a "more stringent law" is one that meets one or more of the following criteria:
(1) With respect to a use or disclosure, the law prohibits or restricts a use or disclosure in circumstances under which such use or disclosure otherwise would be permitted under another law or rule, except if the disclosure is
(A) Required by the federal Secretary of Health and Human Services in the context of HIPAA, in connection with determining whether a covered entity is in compliance with this subchapter; or
(B) To the individual who is the subject of the individual health information.
(2) With respect to the rights of an individual, who is the subject of the individual health information, regarding access to or amendment of individual health information, permits greater rights of access or amendment, as applicable.
(3) With respect to information to be provided to an individual who is the subject of the individual health information about a use, a disclosure, rights, and remedies, provides the greater amount of information.
(4) With respect to the form, substance, or the need for express legal permission from an individual, who is the subject of the individual health information, for use or disclosure of individual health information, provides requirements that narrow the scope or duration, increase the privacy protections afforded (such as by expanding the criteria for), or reduce the coercive effect of the circumstances surrounding the express legal permission, as applicable.
(5) With respect to recordkeeping or requirements relating to accounting of disclosures, provides for the retention or reporting of more detailed information or for a longer duration.
(6) With respect to any other matter, provides greater privacy protection for the individual who is the subject of the individual health information.
(u) "Participants Agreement" (PA) means a multi-party trust agreement among organizations exchanging health information that sets a common set of terms and conditions for the organizations establishing a mutual governance process amongst participants.
(v) "Public Health" This term refers to public health authorities whose public health programs promote, maintain, and conserve the public's health by providing health services to individuals and/or by conducting research, investigations, examinations, training, and demonstrations.
(w) "Sensitive health information" means legally established categories of sensitive information, such as genetic information, mental health, substance abuse treatment, HIV-related information, sexuality and reproductive health or specific segments of a patients individual health information for which a patient has requested protection from disclosure in writing.
(x) "Treatment" means the HIPAA definition given at 45 C.F.R. § 160.103.
(y) "Use" means the HIPAA definition given at 45 C.F.R. § 160.103.

Notes

Cal. Code Regs. Tit. 22, § 126020

Note: Authority cited: Sections 130277 and 130278, Health and Safety Code. Reference: Sections 56.05 and 56.06, Civil Code; Sections 130200, 130201,130276, 130277 and 130278, Health and Safety Code; and 45 C.F.R. Sections 160.103, 164.304 and 164.501.

1. New section filed 1-31-2012; operative 1-31-2012. Exempt from the rulemaking requirements of the Administrative Procedure Act and submitted to OAL for printing only pursuant to Health and Safety Code section 130278 (Register 2012, No. 5).

The following state regulations pages link to this page.



State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.