HIPAA & Your Privacy Rights at CDPH
What is HIPAA?
HIPAA is an acronym for the Health Insurance Portability and Accountability Act that was signed into law in 1996. The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other personal health information.
CDPH is a "hybrid entity" under HIPAA. As a hybrid entity under HIPAA, CDPH as a whole is considered a covered entity whose business activities include both HIPAA covered and non-covered functions.
CDPH has designated certain programs as HIPAA covered health care components. All other CDPH programs have been determined by CDPH to be non-HIPAA-covered components of the Department.
A Notice of Privacy Practices is a document that informs an individual of the uses and disclosures of personal information that may be made by the Department's programs that are covered health care components under HIPAA, and of the individual's rights and the covered program's legal duties with respect to personal information.
Federal and state laws require that individuals (or their personal representative) be provided certain rights regarding their personal information generated and maintained by the California Department of Public Health or the Department's business associate. Any personal information requests shall be made in writing using the appropriate forms.