Paula Stannard reminds us:
As a result of recent breaches – including breaches of health information and information held by health insurers – a great deal of attention has recently been focused on state data breach notification requirements. Most States have general data breach notification requirements that apply to all data breaches, including those involving health information. A few States have specific data breach laws applicable to health information or to certain types of entities in the health care/health insurance industry. California is one of such States – and it has made several significant revisions to its statute, California Health and Safety Code § 1280.15, effective January 1, 2015 (A.B. 1755).
If you keep thinking that you have 60 days to notify under HIPAA and HITECH, think again if you do business in California, because you only have 15 days to notify the state and patients.
Read more on Alston & Bird’s Privacy & Data Security Blog.
Related: A.B. 1755 (text)