Sign In
Welcome to the State of California 
Skip Navigation LinksHome > Programs > Privacy Office

Privacy Office

The California Department of Public Health Privacy Office is responsible for ensuring the maintenance of the Department’s Privacy Program when the Department collects, uses, maintains, discloses, or disposes of personal or confidential information. The mission of the Privacy Office is to minimize to the greatest extent allowable the impact on individuals' and organizations’ privacy, particularly individuals’ personal information and dignity, while achieving the vital public health objectives and duties required of the Department.

The primary responsibility of the Privacy Office is to oversee and ensure the Department’s implementation of and compliance with California and federal privacy laws, including the California Information Practices Act (IPA) and the federal Health Insurance Portability and Accountability Act (HIPAA) privacy regulations. 

In discharging its responsibilities, the Privacy Office Staff, through its team of Privacy Officer and Privacy Analyst, performs multiple functions, including:

  • COMPLIANCE MONITORING:  Monitoring Department compliance with the IPA and HIPAA, and with the numerous statutes, regulations, Executive Orders, court decisions and Department policies which regulate privacy.
  • PRIVACY POLICIES and PROCEDURES:  Development of Department privacy policies and procedures for collecting, using, maintaining, disclosing and disposing of private information, and for providing privacy-related rights to individuals regarding their personal information.
  • CONSULTATION AND ADVICE:  Advises management on privacy impact on/of Departmental programs, activities and systems.  Provides day-to-day assistance to program staff in implementation and execution of the Department’s Privacy Program. 
  • COMPLAINT RESOLUTION:   Receives, investigates and resolves all complaints against the Department and its employees, contractors, and other individuals and organizations that are responsible for maintaining the privacy of Department information.
  • BREACH INCIDENT RESPONSE:  Investigates and informs management of breaches involving unauthorized disclosures of the Department’s private information.  Works to ensure that all corrective action necessary to prevent the breach from recurring is implemented, and that any affected individuals are notified if necessary.
  • EXTERNAL INTERFACE:   Serves as the focal point for Department privacy matters as they relate to external individuals and entities, including working with other state agencies, and with contractors who are Department Business Associates, to facilitate compliance.
  • PRIVACY NOTICES and STATEMENTS: Ensures that the Department provides required Notices of Privacy Practices and privacy-related statements of its privacy practices to individuals upon request, and in its offices, on its Web sites, and on forms used in connection with private information.
  • ACCESS TO PROTECTED HEALTH INFORMATION:  Develops and coordinates providing individuals with access to their own protected health information (health records) maintained by the Department.

Read about related functions not performed by the Privacy Office.