California Assembly Bill 211 (AB 211)
California Assembly Bill 211 of 2007-2008, also known as AB 211, is a California law that imposes penalties upon individuals and institutions that fail to protect the privacy of patient medical records. It also created the enforcement agency known as the Office of Health Information Integrity (CalOHII).
Penalty for Lack of Compliance
Penalties imposed by AB 211 vary depending on the circumstances of the violations, but they include:
- various fines per violation, one of which has a maximum of US$250,000
- misdemeanor if the patient suffers economic loss or personal injury
- potential for civil action by the patient with statutory damages ($1,000) in addition to actual damages
- CalOHii may notify the licensing board for further investigation or discipline of individual providers.
The penalties imposed by AB 211 may apply to institutions or to individuals or to both, depending on the circumstances of the violations.
The information provided above is simplified to make AB 211 easier to understand. For the full text of the act, see AB 211.
Training for Students
PharmD students are:
- Provided with HIPAA training in their first year. This training also covers AB 211.
- Presented during Orientation with our e-mail policy, which reminds students that they must use secure e-mail when sending patient information in e-mail.
Training for Employees
All University employees receive basic HIPAA training as part of the New Employee Orientation Program. This training also covers AB 211. See New Employees.
For Employees Only
If a Violation Occurred
If you know or suspect that an AB 211 violation occurred, immediately contact your supervisor to resolve the problem. If you're not satisfied with your supervisor's response, contact the Whistleblower coordinator.