California Assembly Bill 211 (AB 211)

California Assembly Bill 211 of 2007-2008, also known as AB 211, is a California law that imposes penalties upon individuals and institutions that fail to protect the privacy of patient medical records. It also created the enforcement agency known as the Office of Health Information Integrity (CalOHII).

Penalty for Lack of Compliance

Penalties imposed by AB 211 vary depending on the circumstances of the violations, but they include:

various fines per violation, one of which has a maximum of US$250,000
misdemeanor if the patient suffers economic loss or personal injury
potential for civil action by the patient with statutory damages ($1,000) in addition to actual damages
CalOHii may notify the licensing board for further investigation or discipline of individual providers.

The penalties imposed by AB 211 may apply to institutions or to individuals or to both, depending on the circumstances of the violations.

More Information

The information provided above is simplified to make AB 211 easier to understand. For the full text of the act, see AB 211.

Go To: Privacy of Patient Medical Records

Training for Students

PharmD students are:

Provided with HIPAA training in their first year. This training also covers AB 211.
Presented during Orientation with our e-mail policy, which reminds students that they must use secure e-mail when sending patient information in e-mail.

Training for Employees

All University employees receive basic HIPAA training as part of the New Employee Orientation Program. This training also covers AB 211. See New Employees.

For Employees Only

If a Violation Occurred

If you know or suspect that an AB 211 violation occurred, immediately contact your supervisor to resolve the problem. If you're not satisfied with your supervisor's response, contact the Whistleblower coordinator.