Bill Text


Add To My Favorites | print page

SB-541 Clinics, health facilities, home health agencies, and hospices: administrative penalties and patient information.(2007-2008)

SHARE THIS: share this bill in Facebook share this bill in Twitter
SB541:v90#DOCUMENT

Senate Bill No. 541
CHAPTER 605

An act to amend Sections 1280.1 and 1280.3 of, and to add Section 1280.15 to, the Health and Safety Code, relating to health facilities.

[ Approved by Governor  September 30, 2008. Filed with Secretary of State  September 30, 2008. ]

LEGISLATIVE COUNSEL'S DIGEST


SB 541, Alquist. Clinics, health facilities, home health agencies, and hospices: administrative penalties and patient information.
Existing law provides for the licensure and regulation of clinics, health facilities, home health agencies, and hospices by the State Department of Public Health. A violation of these provisions is a misdemeanor.
Existing law authorizes the department to assess a licensee of a general acute care hospital, an acute psychiatric hospital, or a special hospital an administrative penalty not to exceed $25,000 if the licensee receives a notice of deficiency constituting an immediate jeopardy to the health or safety of a patient and is required to submit a plan of correction. Existing law makes these provisions applicable to incidents occurring on or after January 1, 2007.
This bill would increase this administrative penalty to be up to $100,000 for incidents occurring on and after January 1, 2009. This bill would set the administrative penalties, for incidents on and after January 1, 2009, at up to $50,000 for the first administrative penalty, up to $75,000 for the 2nd subsequent administrative penalty, and up to $100,000 for the 3rd and every subsequent violation.
Existing law also provides that, upon the adoption of specified regulations, the administrative penalty for an immediate jeopardy violation may be up to $50,000. If the violation does not constitute an immediate jeopardy violation, the penalty may be up to $17,500, except that no penalty shall be assessed for a minor violation.
Under existing law, moneys collected by the department as a result of the imposition of the above penalties are required to be deposited into the Licensing and Certification Program Fund, to be expended, upon appropriation by the Legislature, to support internal departmental quality improvement activities.
This bill would increase the administrative penalties for an immediate jeopardy deficiency from $50,000 to a graduated scale of a maximum of $75,000 for a first penalty, a maximum of $100,000 for the 2nd penalty, and a maximum of $125,000 for the 3rd and subsequent penalties, and would increase the penalty for deficiencies not causing immediate jeopardy from $17,500 to $25,000. The bill would apply the penalty provisions only to incidents occurring on or after January 1, 2009.
The bill would specify that, for any of the above administrative penalties, a penalty issued after 3 years from the date of the last issued immediate jeopardy violation be considered a first administrative penalty so long as the facility has not received additional immediate jeopardy violations and is found by the department to be in substantial compliance with all state and federal licensing laws and regulations. The bill would give the department full discretion to consider all factors when determining the amount of an administrative penalty.
This bill would require health facilities, clinics, hospices, and home health agencies to prevent unlawful or unauthorized access to, or use or disclosure of, a patient’s medical information, as defined. The bill would authorize the department to assess an administrative penalty of up to $25,000 per patient for a violation of these provisions, and up to $17,500 for each subsequent accessing, use, or disclosure of that information.
The bill would require all of the administrative penalties to be deposited into the Internal Departmental Quality Improvement Account, which would be created within the existing Special Deposit Fund, and would delete the requirement that certain of the penalties be deposited into the Licensing and Certification Program Fund. The bill would require moneys in the account to be used for internal quality improvement activities in the Licensing and Certification Program.
This bill would impose specified reporting requirements on a health facility or agency with respect to unlawful or unauthorized access to, or use or disclosure of, a patient’s medical information, and would authorize the department to assess a penalty for the failure to report, in the amount of $100 for each day that the unlawful or unauthorized access, use, or disclosure is not reported, up to a maximum of $250,000. The bill would authorize a licensee to dispute a determination of the department regarding a failure to make a report required by the bill, as provided.
By expanding the definition of an existing crime, this bill would impose a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that, if the Commission on State Mandates determines that the bill contains costs mandated by the state, reimbursement for those costs shall be made pursuant to these statutory provisions.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: YES  

The people of the State of California do enact as follows:


SECTION 1.

 Section 1280.1 of the Health and Safety Code is amended to read:

1280.1.
 (a) Subject to subdivision (d), prior to the effective date of regulations adopted to implement Section 1280.3, if a licensee of a health facility licensed under subdivision (a), (b), or (f) of Section 1250 receives a notice of deficiency constituting an immediate jeopardy to the health or safety of a patient and is required to submit a plan of correction, the department may assess the licensee an administrative penalty in an amount not to exceed twenty-five thousand dollars ($25,000) per violation.
(b) If the licensee disputes a determination by the department regarding the alleged deficiency or the alleged failure to correct a deficiency, or regarding the reasonableness of the proposed deadline for correction or the amount of the penalty, the licensee may, within 10 days, request a hearing pursuant to Section 131071. Penalties shall be paid when appeals have been exhausted and the department’s position has been upheld.
(c) For purposes of this section “immediate jeopardy” means a situation in which the licensee’s noncompliance with one or more requirements of licensure has caused, or is likely to cause, serious injury or death to the patient.
(d) This section shall apply only to incidents occurring on or after January 1, 2007. With respect to incidents occurring on or after January 1, 2009, the amount of the administrative penalties assessed under subdivision (a) shall be up to one hundred thousand dollars ($100,000) per violation. With respect to incidents occurring on or after January 1, 2009, the amount of the administrative penalties assessed under subdivision (a) shall be up to fifty thousand dollars ($50,000) for the first administrative penalty, up to seventy-five thousand dollars ($75,000) for the second subsequent administrative penalty, and up to one hundred thousand dollars ($100,000) for the third and every subsequent violation. An administrative penalty issued after three years from the date of the last issued immediate jeopardy violation shall be considered a first administrative penalty so long as the facility has not received additional immediate jeopardy violations and is found by the department to be in substantial compliance with all state and federal licensing laws and regulations. The department shall have full discretion to consider all factors when determining the amount of an administrative penalty pursuant to this section.
(e) No new regulations are required or authorized for implementation of this section.
(f) This section shall become inoperative on the effective date of regulations promulgated by the department pursuant to Section 1280.3.
(g) In enforcing this section, the department shall take into consideration the special circumstances of small and rural hospitals, as defined in Section 124840, in order to protect access to quality care in those hospitals.

SEC. 2.

 Section 1280.15 is added to the Health and Safety Code, to read:

1280.15.
 (a) A clinic, health facility, home health agency, or hospice licensed pursuant to Section 1204, 1250, 1725, or 1745 shall prevent unlawful or unauthorized access to, and use or disclosure of, patients’ medical information, as defined in subdivision (g) of Section 56.05 of the Civil Code and consistent with Section 130203. The department, after investigation, may assess an administrative penalty for a violation of this section of up to twenty-five thousand dollars ($25,000) per patient whose medical information was unlawfully or without authorization accessed, used, or disclosed, and up to seventeen thousand five hundred dollars ($17,500) per subsequent occurrence of unlawful or unauthorized access, use, or disclosure of that patients’ medical information. For purposes of the investigation, the department shall consider the clinic’s, health facility’s, agency’s, or hospice’s history of compliance with this section and other related state and federal statutes and regulations, the extent to which the facility detected violations and took preventative action to immediately correct and prevent past violations from recurring, and factors outside its control that restricted the facility’s ability to comply with this section. The department shall have full discretion to consider all factors when determining the amount of an administrative penalty pursuant to this section.
(b) (1) A clinic, health facility, agency, or hospice to which subdivision (a) applies shall report any unlawful or unauthorized access to, or use or disclosure of, a patient’s medical information to the department no later than five days after the unlawful or unauthorized access, use, or disclosure has been detected by the clinic, health facility, agency, or hospice.
(2) A clinic, health facility, agency, or hospice shall also report any unlawful or unauthorized access to, or use or disclosure of, a patient’s medical information to the affected patient or the patient’s representative at the last known address, no later than five days after the unlawful or unauthorized access, use, or disclosure has been detected by the clinic, health facility, agency, or hospice.
(c) If a clinic, health facility, agency, or hospice to which subdivision (a) applies violates subdivision (b), the department may assess the licensee a penalty in the amount of one hundred dollars ($100) for each day that the unlawful or unauthorized access, use, or disclosure is not reported, following the initial five-day period specified in subdivision (b). However, the total combined penalty assessed by the department under subdivision (a) and this subdivision shall not exceed two hundred fifty thousand dollars ($250,000) per reported event.
(d) In enforcing subdivisions (a) and (c), the department shall take into consideration the special circumstances of small and rural hospitals, as defined in Section 124840, and primary care clinics, as defined in subdivision (a) of Section 1204, in order to protect access to quality care in those hospitals and clinics. When assessing a penalty on a skilled nursing facility or other facility subject to Section 1423, 1424, 1424.1, or 1424.5, the department shall issue only the higher of either a penalty for the violation of this section or a penalty for violation of Section 1423, 1424, 1424.1, or 1424.5, not both.
(e) All penalties collected by the department pursuant to this section, Sections 1280.1, 1280.3, and 1280.4, shall be deposited into the Internal Departmental Quality Improvement Account, which is hereby created within the Special Deposit Fund under Section 16370 of the Government Code. Upon appropriation by the Legislature, moneys in the account shall be expended for internal quality improvement activities in the Licensing and Certification Program.
(f) If the licensee disputes a determination by the department regarding a failure to prevent or failure to timely report unlawful or unauthorized access to, or use or disclosure of, patients’ medical information, or the imposition of a penalty under this section, the licensee may, within 10 days of receipt of the penalty assessment, request a hearing pursuant to Section 131071. Penalties shall be paid when appeals have been exhausted and the penalty has been upheld.
(g) In lieu of disputing the determination of the department regarding a failure to prevent or failure to timely report unlawful or unauthorized access to, or use or disclosure of, patients’ medical information, transmit to the department 75 percent of the total amount of the administrative penalty, for each violation, within 30 business days of receipt of the administrative penalty.
(h) Notwithstanding any other provision of law, the department may refer violations of this section to the office of Health Information Integrity for enforcement pursuant to Section 130303, except that if Assembly Bill 211 of the 2007–08 Regular Session is not enacted, the department may refer violations to the Office of HIPAA Implementation.
(i) For purposes of this section, the following definitions shall apply:
(1) “Reported event” means all breaches included in any single report that is made pursuant to subdivision (b), regardless of the number of breach events contained in the report.
(2) “Unauthorized” means the inappropriate access, review, or viewing of patient medical information without a direct need for medical diagnosis, treatment, or other lawful use as permitted by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code) or any other statute or regulation governing the lawful access, use, or disclosure of medical information.

SEC. 3.

 Section 1280.3 of the Health and Safety Code is amended to read:

1280.3.
 (a) Commencing on the effective date of the regulations adopted pursuant to this section, the director may assess an administrative penalty against a licensee of a health facility licensed under subdivision (a), (b), or (f) of Section 1250 for a deficiency constituting an immediate jeopardy violation as determined by the department up to a maximum of seventy-five thousand dollars ($75,000) for the first administrative penalty, up to one hundred thousand dollars ($100,000) for the second subsequent administrative penalty, and up to one hundred twenty-five thousand dollars ($125,000) for the third and every subsequent violation. An administrative penalty issued after three years from the date of the last issued immediate jeopardy violation shall be considered a first administrative penalty so long as the facility has not received additional immediate jeopardy violations and is found by the department to be in substantial compliance with all state and federal licensing laws and regulations. The department shall have full discretion to consider all factors when determining the amount of an administrative penalty pursuant to this section.
(b) Except as provided in subdivision (c), for a violation of this chapter or the rules and regulations promulgated thereunder that does not constitute a violation of subdivision (a), the department may assess an administrative penalty in an amount of up to twenty-five thousand dollars ($25,000) per violation. This subdivision shall also apply to violation of regulations set forth in Article 3 (commencing with Section 127400) of Chapter 2 of Part 2 of Division 107 or the rules and regulations promulgated thereunder.
The department shall promulgate regulations establishing the criteria to assess an administrative penalty against a health facility licensed pursuant to subdivisions (a), (b), or (f) of Section 1250. The criteria shall include, but need not be limited to, the following:
(1) The patient’s physical and mental condition.
(2) The probability and severity of the risk that the violation presents to the patient.
(3) The actual financial harm to patients, if any.
(4) The nature, scope, and severity of the violation.
(5) The facility’s history of compliance with related state and federal statutes and regulations.
(6) Factors beyond the facility’s control that restrict the facility’s ability to comply with this chapter or the rules and regulations promulgated thereunder.
(7) The demonstrated willfulness of the violation.
(8) The extent to which the facility detected the violation and took steps to immediately correct the violation and prevent the violation from recurring.
(c) The department shall not assess an administrative penalty for minor violations.
(d) The regulations shall not change the definition of immediate jeopardy as established in this section.
(e) The regulations shall apply only to incidents occurring on or after the effective date of the regulations.
(f) If the licensee disputes a determination by the department regarding the alleged deficiency or alleged failure to correct a deficiency, or regarding the reasonableness of the proposed deadline for correction or the amount of the penalty, the licensee may, within 10 working days, request a hearing pursuant to Section 131071. Penalties shall be paid when all appeals have been exhausted and the department’s position has been upheld.
(g) For purposes of this section, “immediate jeopardy” means a situation in which the licensee’s noncompliance with one or more requirements of licensure has caused, or is likely to cause, serious injury or death to the patient.
(h) In enforcing subdivision (a) the department shall take into consideration the special circumstances of small and rural hospitals, as defined in Section 124840, in order to protect access to quality care in those hospitals.

SEC. 4.

 If the Commission on State Mandates determines that this act contains costs mandated by the state, reimbursement to local agencies and school districts for those costs shall be made pursuant to Part 7 (commencing with Section 17500) of Division 4 of Title 2 of the Government Code.