HIPAA/Corporate Compliance page
San Fernando Valley Community Mental Health Center, Inc., is committed to protecting the privacy of its clients. The Center intends to comply with the Privacy Rule, promulgated pursuant to Health Insurance Portability and Accountability Act of 1996, which establishes requirements with respect to client privacy applicable to certain health care entities, including the Center.
The Privacy Rule is not the only law governing the Center with respect to client privacy. It is also the policy of the Center to comply with all California laws and other Federal laws governing patient privacy to the extent those laws are not preempted by the Privacy Rule. If you have a question as to whether California law is preempted by the Privacy Rule, please contact theCenter’s Privacy Official.
The Centerhas adopted this Privacy Rule Compliance Program (the “Compliance Program”), consisting of the attached policies and procedures, to assure its compliance with the Privacy Rule and all relevant California laws governing privacy to the extent such California laws are not preempted by the Privacy Rule. Recognizing that conducting the Program is an evolving process, the Center will, from time to time, implement other policies and procedures, and may modify existing policies and procedures, to reflect its commitment to patient privacy and compliance with the Privacy Rule. All such additional policies and procedures, and amendments, will be approved by the Centerand implemented by senior management.
The Compliance Program is not a statement of ideals. It is a detailed and specific set of policies and procedures with which all personnel who use, disclose or access Protected Health Information (as defined in the Privacy Rule) must comply. The Compliance Program, and other information pertaining to the Center’s protection of patient privacy, is subject to inspection by the Secretary of Health and Human Services for the purpose of monitoring the Center’s compliance with the Privacy Rule. All such requests for inspection shall be directed to the Privacy Official.
A violation of the Privacy Rule could be detrimental to the Center, our clients and our personnel, and would violate our commitment to patient privacy. FAILURE TO FOLLOW the Center’s policies and procedures may lead to civil and criminal liability for the employee/volunteer/intern and the Center, and may result in the termination of your employment. Therefore, it is imperative that all personnel comply with the Compliance Program and related policies and procedures, immediately report any potential violation of the Compliance Program to the Privacy Officer, and assist the Center’s personnel and authorized outside representatives in investigating any alleged violations.
Potential Sanctions for Violations of the Privacy Rule
1. Penalties Imposed on You by the Center
Depending on the severity of the violation, as evaluated by your supervisor and with appropriate input by the Center’s Human Resources Department, the Center may impose sanctions against the employee/volunteer/intern that range from a warning to immediate termination of your employment and possible reporting to applicable Federal and State administrative agencies.
2. Civil Sanctions
The U.S. HHS may impose civil fines of up to $100 per violation not to exceed a total of $25,000 per person per year for a negligent violation of a single standard.
UnderCalifornia law, any patient may bring a civil action against a person or entity who negligently releases confidential information in violation of the Confidentiality of Medical Information Act. In addition, the person or entity may be assessed an administrative fine or civil penalty not to exceed:
a. $2,500 per negligent violation;
b. $25,000 per willful or knowing violation; and
c. $250,000 per willful or knowing violations if the information was used for financial gain.
3. Criminal Sanctions
HHS may make a criminal referral to the U.S. Department of Justice to prosecute a person who knowingly violated a requirement set forth in the Privacy Rule. The potential criminal penalties are as follows:
a. If the person is convicted of violating a requirement set forth in the Privacy Rule with the intent to sell, transfer, or use Individually Identifiable Health Information for commercial advantage, personal gain or malicious harm, a court may impose a criminal penalty of fines of up to $250,000 and/or imprisonment of up to ten years.
b. If the person is convicted of violating a requirement set forth in the Privacy Rule under false pretenses, a court may impose a criminal penalty of fines of up to $100,000 and/or imprisonment for up to five years; and
c. If the person knowingly commits and is convicted of a violation of the Privacy Rule (other than under the specific circumstances in paragraphs a and b above), the person may be fined up to $50,000 and/or imprisoned for up to one year.
For more information or questions, please contact the HIPAA Privacy Official Rena Duncan at 818-901-4830.