Health Care Department Operations Manual

Cancel

Chapter 2 – Patients’ Entitlements and Responsibilities

Article 2 – Confidentiality and Privacy

View All Sections >

2.2.15 Specialized Government Functions

  • Policy

    • California Correctional Health Care Services (CCHCS) workforce members may disclose health information, without a patient authorization, when the use or disclosure involves, or is related to, a specialized government function defined below.

  • Purpose

    • To provide guidance regarding the permitted uses and disclosures of Protected Health Information (PHI) for specialized government functions.

  • Responsibility

    • The CCHCS Chief Privacy Officer shall have oversight of this policy to comply with privacy laws, policies, and standards for respecting the privacy rights of individuals regarding the disclosure of PHI maintained by CCHCS for specialized government functions.

  • Procedure

    • Measures and Processes Utilized to Disclose Health Information for Specialized Government Functions

      • CCHCS workforce members are permitted to disclose health information, without patient authorization for any of the following specialized government functions:

        • Law enforcement or custodial situations if the disclosure of health information is made to authorized correctional or law enforcement officials with lawful custody of the patient, and the health information is needed, according to the law enforcement official or representative of the correctional institution, to do any of the following:

          • Provide custodial access for the patient’s health care needs to support health care delivery in a custodial setting,

          • Ensure the health and safety of the patient or other incarcerated persons,

          • Ensure the health and safety of officers, employees, or others at the correctional institution,

          • Ensure the health and safety of correctional individuals responsible for transporting or transferring of patients from one institution, facility, or setting to another,

          • Enforce the law on the premises of the correctional institution,

          • Administer and maintain the safety, security, and good order of the correctional institution.

        • Government programs providing public benefits if the health information is related to the purpose for which the information was collected and any of the following:

          • The state entity is a health care plan that is a government program,

          • The disclosure is to another entity administering a government program providing public benefits,

          • The disclosure is required or expressly authorized by law, and

            • Is the sharing of eligibility or enrollment information,

            • Is required for the maintenance of information in a single or combined data system accessible to both government agencies.

        • Government agencies administering a government program providing public benefits if the health information is related to the purpose for which the information was collected, and any of the following:

          • The state entity is a covered entity administering a government program providing public benefits,

          • The disclosure is to another covered entity that is a government agency administering a government program providing public benefits,

          • Both programs serve the same or similar populations,

          • The disclosure is necessary to coordinate Health Insurance Portability and Accountability Act covered functions of the program, or to improve administration and management relating to the programs covered functions.

        • Military and Veteran activities if upon separation or discharge from military service, disclosure is made by a component of the Departments of Defense or Homeland Security to provide information to the Department of Veterans Affairs to determine eligibility for benefits.

        • National security and intelligence activities if the disclosure of health information is made to authorized federal officials conducting lawful intelligence, counterintelligence and other national security activities authorized by the National Security Act, and the disclosure is any of the following:

          • Required by law,

          • Compelled due to circumstances affecting the health or safety of an individual,

          • Compelled through subpoena or warrant.

        • Protective Services for the president and others if the disclosure of health information is made to authorized federal officials to protect the president and other persons, including foreign heads of state, or to conduct investigations authorized by United States Code, and the disclosure is any of the following:

          • Required by law,

          • Compelled due to circumstances affecting the health or safety of an individual,

          • Compelled through subpoena or warrant.

      • CCHCS and California Department of Corrections and Rehabilitation are responsible for:

        • Verifying the identity of federal officials or correctional and law enforcement representatives pursuant to Statewide Health Information Policy Manual (SHIPM), Chapter 3, Section 3.1.7, Verification of Identity.

        • Ensuring that only the minimum amount of health information to achieve the purpose is disclosed pursuant to the HCDOM, Section 2.2.4, Minimum Necessary Use and Disclosure of Protected Health Information.

      • CCHCS workforce members are responsible to document, track, and maintain information concerning disclosures of health information. This tracking must document what, when, why, and to whom disclosures are made pursuant to the HCDOM, Section 2.2.18, Accounting of Disclosures for Patients’ Protected Health Information.

  • References

    • National Security Agency/Central Security Service, United States Executive Order 12333

    • Foreign Services Act, 101(a)(4), 101(b)(5), 504(1), 904

    • Coronavirus Aid, Relief, and Economic Security Act, Public Law No: 116-136 (03/27/2020)
      21st Century Cures Act, 42 USC 201

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.500(c)

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.501

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Sections 164.512(j) and (k)(1) –(6)

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.514(h)

    • Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.530(i)(1)

    • California Civil Code, Division 1, Part 2.6, Chapter 2, Section 56.10(c)(14)

    • California Civil Code, Division 3, Part 4, Title 1.8 Chapter 1, Article 6, Section 1798.24

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.1, General Use and Disclosure of Protected Health Information

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.4, Minimum Necessary Use and Disclosure of Protected Health Information

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.13, Handling Protected Health and Personally Identifiable Information

    • Health Care Department Operations Manual, Chapter 2, Article 2, Section 2.2.18, Accounting of Disclosures for Patients’ Protected Health Information

    • Health Care Department Operations Manual, Chapter 5, Article 9, Section 5.9.1, General Training Requirements

    • Statewide Health Information Policy Manual, Chapter 2, Section 2.2.6, Law Enforcement

    • Statewide Health Information Policy Manual, Chapter 2, Section 2.2.9, Organ Procurement

    • Statewide Health Information Policy Manual, Chapter 2, Section 2.2.11, Required Law and Required Disclosures

    • Statewide Health Information Policy Manual, Chapter 2, Section 2.2.13, Specialized Government Functions

    • Statewide Health Information Policy Manual, Chapter 2, Section 2.2.14, Treatment, Payment, and Health Care Operations

    • Statewide Health Information Policy Manual, Chapter 2, Section 2.7.0, Minimum Necessary

    • Statewide Health Information Policy Manual Chapter 3, Section 3.1.7, Verification of Identity

    • Statewide Health Information Policy Manual Chapter 5, Section 5.1.0, Accounting of Disclosures

    • Statewide Health Information Policy Manual Chapter 5, Section, 5.3.0 Notice of Privacy Practices

  • Revision History

    • Effective: 10/23/2023
      Revised: 10/03/2024
      Reviewed: 02/12/2025