California Laws Go Above and Beyond HIPAA: Are You Compliant?

Darina Borushko
Digital Content Manager
January 8, 2020

California has a well-earned reputation for being on the cutting edge. Of style, technology, environment, legal trends… a lot of important ideas sprouted and took root in the Golden State. A new law that went into effect on January 1, 2020, could be the Next Big Thing.

The California Consumer Privacy Act (CCPA) is an answer to a question that has only grown since the dawn of the Social Media Age: What do these companies know about me, and what are they doing with that information? 

The law requires companies that meet certain levels of business in California to seek and receive permission from consumers before it can sell users’ data, or transfer it to a third party in exchange for something of value. The threshold for being subject to the law is pretty high: gross annual revenue of $25 million or more; buying, selling, or receiving data on 50,000 or more consumers, devices, or households; or deriving more than 50% of revenue from trafficking consumer data. But the penalties can be quite steep: $2,500 for an unintentional violation, $7,500 if intentional.

The CCPA pairs with the California Confidentiality of Medical Information Act (CMIA), which in 2013 was expanded to include vendors of mobile apps and other means of collecting health data and prevent buying or selling the data without the user’s permission. Together, these laws extend beyond HIPAA to protect patient data.

California companies aren’t the only ones that should be concerned

Though CCPA and CMIA only apply in California, their application is not limited to California companies. Any company whose business in California meets the minimum standards of the law is subject to them, no matter where it is based. And considering one out of every ten Americans lives in California, odds are good that any health care business covered by HIPAA may also find itself covered by CCPA and CMIA.

What does this mean for the health care company and its network security?

For the health care company that is fastidious in doing its duty to protect patient data under HIPAA, regularly assessing its compliance, updating its practices and procedures to comport with changes in the law, and training staff to follow the best practices established by the industry… CCPA and CMIA are probably incidental, and will never impact their business.

But for that large number of companies that are not HIPAA compliant (HHS regulators found violations in 70% of complaints they investigated through November 2019), this is another set of pitfalls ready to trap the unwary.

Vigilance is the only protection against pitfalls

What can be done to avoid them?

The best plan is to follow a regular routine of review, assessment, and revision of policies and practices, and close monitoring of developments in security technology. HIPAA compliance requires “reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI.” What was reasonable last year may no longer be reasonable today—advances in technology and security are constantly changing to adapt to threats that might never have been imagined a year ago.

Any company that doesn’t have a fully committed and well trained IT security team is well advised to seek outside guidance from consultants and advisors who specifically target the most up-to-date best practices, policies, and technology in the health care data security field. With a thorough assessment from fresh eyes trained to spot weaknesses in your defenses, you will learn where you are vulnerable, where you need help, and get the best advice on how to avoid these pitfalls before hackers or government investigators find them and make them real problems for you.

Elinext teams provide a range of development services to companies representing the healthcare industry. Software solutions we deliver are HIPAA compliant, improve patient outcomes, and secure PHI. If you have any questions, contact us any time.


Changes in Big Data Trends Due to COVID-19

As the digital landscape continues to expand at a mind-boggling pace, the amount of data stored and used by enterprises also increases. Over the course of recent years, the accumulation of big data within organizations has slowly but surely, established itself as a staple within companies, particularly as far as...

Healthcare Digital Transformation Trends in 2020

Digital transformation revolutionizes the healthcare industry, improves patient engagement, automates near-treatment processes, and enables remote consultation to influence life expectancy. Let's take a look at the key technology trends in digital healthcare transformation. Wearables & Internet of Medical Things Wearable devices are perhaps a major trend and digital innovation in...

Digital transformation in Healthcare

Digital transformation Digital technologies transform the healthcare industry, create new pools of profits, and provide virtual connection between patients and doctors. Digital initiatives for healthcare improve environmental sustainability, create new jobs, and make our lives safer. In addition, as new generations are raised as “digital natives,” they can also envision…