The office shall perform the following functions:
(a) Standardizing the HIPAA implementation process used in all state entities, which includes the following:
(1) Developing an overall state strategy for HIPAA implementation and compliance that includes timeframes within which specified activities will be completed.
(2) Specifying tools, such as protocols for assessment and reporting, and any other tools as determined by the director for HIPAA implementation and compliance.
(3) Developing uniform policies on privacy, security, and other matters related to HIPAA that shall be adopted and implemented by all state entities. In developing these policies, the office shall consult with representatives from the private sector, state government, and other public entities affected by HIPAA.
(4) Providing an ongoing evaluation of HIPAA implementation and compliance in California and refining the plans, tools, and policies as required to effect implementation.
(5) Developing standards for the office to use in determining the extent of HIPAA compliance.
(b) Representing the State of California in HIPAA discussions with the federal Department of Health and Human Services and at the Workgroup for Electronic Data Interchange and other national and regional groups developing standards for HIPAA implementation, including those authorized by the federal Department of Health and Human Services to receive comments related to HIPAA. The office may review and approve all comments related to HIPAA that state entities or representatives from the University of California, to the extent authorized by its Regents, propose for submission to the federal Department of Health and Human Services or any other body or organization.
(c) Monitoring the HIPAA implementation and compliance activities of state entities and requiring these entities to report on their activities at times specified by the director using a format prescribed by the director. The office shall seek the cooperation of counties in monitoring HIPAA implementation and compliance in programs that are administered by county government.
(d) Providing state entities with technical assistance as the director deems necessary and appropriate to advance the state’s implementation and compliance of HIPAA as required by the schedule adopted by the federal Department of Health and Human Services. This assistance shall also include sharing information obtained by the office relating to HIPAA.
(e) Reviewing and approving all HIPAA legislation and regulations proposed by state entities, other than state control agencies, prior to the proposal’s review by any other entity and reviewing all analyses and positions, other than those prepared by state control agencies, on HIPAA related legislation being considered by either Congress or the Legislature.
(f) Ensuring state departments claim federal funding for those activities that qualify under federal funding criteria.
(g) Maintaining an Internet Web site that is accessible to the public to provide information in a consistent and accessible format concerning state HIPAA implementation activities, timeframes for completing those activities, HIPAA implementation requirements that have been met, and the promulgation of federal regulations pertaining to HIPAA implementation.
(Amended by Stats. 2016, Ch. 30, Sec. 12. (SB 833) Effective June 27, 2016.)