Health Care Department Operations Manual

Cancel

Chapter 2 – Patients’ Entitlements and Responsibilities

Article 2 – Confidentiality and Privacy

View All Sections >

2.2.14 Incidental Use and Disclosure of Protected Health Information

  • Policy

    • California Correctional Health Care Services (CCHCS) workforce members shall exercise due diligence to limit and prevent incidental disclosures of Protected Health Information (PHI).

  • Purpose

    • To provide guidance regarding the incidental use or disclosures of PHI.

  • Responsibility

    • The Chief Privacy Officer shall have oversight of this policy to comply with privacy laws, policies, and standards for the collection, use, and disclosure of PHI.

  • Procedure

    • Methods and Processes to Limit and Prevent Incidental Use or Disclosure of Health Information

      • All CCHCS workforce members shall adhere to the minimum necessary requirements for using or disclosing PHI. PHI shall only be used or disclosed when necessary to satisfy a particular authorized purpose or carry out an assigned work-related function.

      • CCHCS workforce members acting on behalf of the patient clinically or administratively, including clinicians, ancillary services, administrative, clerical, and custodial workforce, shall only access, use, or disclose the minimum necessary PHI to carry out or perform assigned duties. Refer to the Code of Federal Regulations, Title 45, Section 164.514 (d)(e).

      • CCHCS workforce members shall limit access, use, or disclosure of PHI to the amount and type of information allowed by assigned job duties and necessary to complete assignments, pursuant to the Health Care Department Operations Manual (HCDOM) Section 5.3.14, Access Control and shall follow the rules for disclosure. Refer to HCDOM Sections 2.2.4, Minimum Necessary Use and Disclosure of Protected Health Information and 2.2.11, Privacy Incident and Potential Breach Reporting and Case Workflow.

    • Appropriate Safeguards

      • All CCHCS workforce members with assigned job duties requiring access, use, or disclosure of PHI shall, to the extent possible, apply appropriate administrative, technical, and physical safeguards pursuant to the HCDOM Section 2.2.5, Administrative, Technical, and Physical Safeguards for the protection and confidentiality of PHI.

    • Accounting of Disclosures

      • CCHCS workforce members are not required to include incidental disclosures in the accounting of disclosures.

  • References

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.502(a)(1)

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.502(b), Uses and Disclosures of Protected Health Information: General Rules

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.514(d)(e), Other Requirements Relating to Uses and Disclosures of Protected Health Information

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.530, (b)(2)(i)(B) and (C), Administrative Requirements

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.4, Minimum Necessary Use and Disclosure of Protected Health Information

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.13, Handling Protected Health and Personally Identifiable Information

    • Health Care Department Operations Manual, Chapter 5, Article 9, Section 5.9.1, General Training Requirements

    • Statewide Health Information Policy Manual, Section 2.6.0, 2.6.1, Incidental Disclosures

    • State Administrative Manual, Section 5320.1, Security and Privacy Awareness

    • State Administrative Manual, Section 5320.3, Security and Privacy Training Records

  • Revision History

    • Effective:  07/26/2023
      Revised: 08/05/2024
      Reviewed: 02/12/2025