In California, the Confidentiality of Medical Information Act (“CMIA”) creates rights for patients in their own personal records. While most attention is given to federal law, especially HIPAA and HI-Tech, when trying to understand what to do medical records.
California has created a strong statutory scheme to protect patients’ rights. Codified at Civil Code section 56.10, the Act provides that “No provider of health care provider, service plan or contractor shall disclose medical information regarding a patient of the provider of healthcare or an enrollee or subscriber of a health care service plan without first obtain an authorization” from the patient. The statute then goes on to proscribe in detail the requirements for authorization.
Violation the CMIA will result in fines and a civil cause of action against the party who provided the private healthcare information.
CMIA does have several exceptions. Some the exceptions require the healthcare provider to disclose information, for example under court order or for police or coroner investigations. Other exceptions allow, but do not required, the physician to disclose medical records to other health care providers and healthcare insurance companies. Healthcare providers may also provide information that has been scrubbed of identifiable information to public health studies and other companies who will allow the medical profession to better understand healthcare service.