{"id":2059,"date":"2023-11-30T15:33:44","date_gmt":"2023-11-30T23:33:44","guid":{"rendered":"https:\/\/www.cdcr.ca.gov\/hcdom\/?post_type=dom&#038;p=2059"},"modified":"2025-07-25T12:10:45","modified_gmt":"2025-07-25T19:10:45","slug":"2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\/","title":{"rendered":"2.2.3 Sanctions and Penalties for Privacy and Information Security Violations"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Policy<\/strong><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>California Correctional Health Care Services (CCHCS) shall comply with federal and state laws and regulations to protect the confidentiality and integrity of information security and health information and adhere to the California Department of Corrections and Rehabilitation (CDCR) and CCHCS privacy and information security policies. This includes recommending enforcement of appropriate sanctions against any workforce member who improperly views, uses, or discloses this information.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Purpose<\/strong><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>To specify the procedure for sanctions, for CCHCS workforce members resulting from the violation of privacy laws or CCHCS policies regarding the improper use or disclosure of Protected Health Information (PHI), Personally Identifiable Information (PII) or High Risk-Confidential Information (HRCI).<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Responsibility<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The Chief Privacy Officer (CPO) shall have oversight of this policy to comply with privacy laws, policies, and standards for respecting the rights of individuals concerning the collection, use, and disclosure of PHI, PII, and HRCI maintained by CCHCS and is responsible for recommending sanctions for violations of privacy and information security laws, regulations, or policies.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The Hiring Authority (HA) is responsible for imposing appropriate sanctions and informing the CPO of the sanction imposed.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>CCHCS workforce members shall safeguard PHI, PII, and HRCI against improper uses or disclosures and supervisors are responsible for assuring workforce members who have access to PHI, PII, and HRCI are informed of their responsibilities.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Procedure<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Sanctions and Penalties<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The CPO shall consult with the Chief Information Security Officer, Performance Management Unit manager, HA, and CCHCS Office of Legal Affairs Privacy Attorney after fact-finding to make a recommendation regarding sanctions and progressive discipline.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>CCHCS shall apply appropriate sanctions against workforce members who fail to comply with privacy and security laws, regulations, or policies, which include, but are not limited to, improperly viewing, using, disclosing, or allowing access to health information, failing to report a known breach, or reporting a privacy or information security incident in bad faith or for malicious reasons.\u00a0 Sanctions shall be determined in accordance with civil service and departmental progressive discipline laws, regulations, and policies and shall be appropriate to the severity of the violation, up to and including termination.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Depending on the severity of the violation, law enforcement notification may be required.\u00a0 Workforce members may be charged with a misdemeanor or incur fines and civil penalties, depending on the economic loss to the patient and the degree of malice.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Confidentiality and Record Keeping of Privacy and Security Violations<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>All deliberations of privacy or security violations may be subject to a claim of exemption under the Public Records Act regardless of level. Deliberations shall be treated confidentially for both the workforce member and the patient whose protected confidential information is impacted. For all violations, all supporting documentation shall be stored in a confidential electronic file in the Privacy Office (PO).<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>All confirmed violations shall be tracked by the PO in the Disclosure Log for PHI or PII.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>CCHCS is responsible for documenting any sanctions that were applied and maintaining the documentation for a minimum of six years.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p><strong>References<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>United States Code, Title 42, Chapter 7, Subchapter XI, Part C, Section 1320d-5<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Information Technology for Economic and Clinical Health Act Section 13410(d)<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 160 and 162<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart C, Section 164.308(a)(1)(ii)(C) and (a)(5)<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Code of Federal Regulations, Title 45, Subtitle A, Subchapter C, Part 164, Subpart E, Section 164.530 (b)(2)(i)(B) and (e)(1)<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>United States Code, Title 18, Part 1, Chapter 31, Section 641<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>United States Code, Title 18, Part 1, Chapter 47, Section1030<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>United States Code, Title 18, Part 1, Chapter 95, Section 1951 and 1952<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Constitution, Article 1, Section 1, Right to Privacy<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Civil Code, Division 1, Part 2.6, Chapter 7, Section 56.36<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Civil Code, Division 3, Part 4, Title 1.8, Chapter 1, Article 1, Section 1798- 1798.78<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Civil Code, Division 3, Part 4, Title 1.8, Chapter 1, Article 10, 1798.55 et seq.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Government Code, Title 1, Division 7, Chapter 3, Section 6200<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Government Code, Title 2, Division 5, Part 2, Chapter 7, Article 1, Section 19570-19589<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Health and Safety Code, Division 2, Chapter 2, Article 3, Section 1280.18<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Penal Code, Part 1, Title 13, Chapter 5, Section 502<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Penal Code, Part 4, Title 1, Chapter 1, Article 6, Sections 11141-11143<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Penal Code, Part 4, Title 3, Chapter 2, Article 6, Sections13300-13305<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Code of Regulations, Title 15, Division 3, Chapter 1, Subchapter 5, Article 2, Section 3392<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Chapter 2, Article 2, Section <a href=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-1-general-use-and-disclosure-of-protected-health-information\/\" data-type=\"link\" data-id=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-1-general-use-and-disclosure-of-protected-health-information\/\">2.2.1, General Use and Disclosure of Protected Health Information<\/a><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Chapter 2, Article 2, Section <a href=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-5-administrative-technical-and-physical-safeguards\/\" data-type=\"link\" data-id=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-5-administrative-technical-and-physical-safeguards\/\">2.2.5, Administrative, Technical, and Physical Safeguards<\/a><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Chapter 2, Article 2, Section <a href=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-6-use-and-disclosure-of-protected-health-information-special-exceptions\/\" data-type=\"link\" data-id=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-6-use-and-disclosure-of-protected-health-information-special-exceptions\/\">2.2.6, Use and Disclosure of Protected Health Information: Special Exceptions<\/a><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Chapter 2, Article 2, Section <a href=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-9-business-associate-use-and-disclosure-of-protected-health-information\/\" data-type=\"link\" data-id=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-9-business-associate-use-and-disclosure-of-protected-health-information\/\">2.2.9, Business Associate Use and Disclosure of Protected Health Information<\/a><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Chapter 2, Article 2, Section <a href=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-11-privacy-incident-and-potential-breach-reporting-and-case-workflow\/\" data-type=\"link\" data-id=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-11-privacy-incident-and-potential-breach-reporting-and-case-workflow\/\">2.2.11, Privacy Incident and Potential Breach Reporting and Case Workflow<\/a><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Chapter 2, Article 2, Section <a href=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/\" data-type=\"link\" data-id=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-17-administrative-requirements-for-privacy-and-security-officials\/\">2.2.17, Administrative Requirements for Privacy and Security Officials<\/a><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Chapter 5, Article 3, Section <a href=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-25-security-and-privacy-awareness-training\/\" data-type=\"link\" data-id=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-25-security-and-privacy-awareness-training\/\">5.3.25, Security and Privacy Awareness Training<\/a><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Health Care Department Operations Manual, Chapter 5, Article 9, Section <a href=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-9-training\/5-9-1-general-training-requirements\/\" data-type=\"link\" data-id=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-9-training\/5-9-1-general-training-requirements\/\">5.9.1, General Training Requirements<\/a><\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Department of Corrections and Rehabilitation, Department Operations Manual, Chapter 3, Article 22, Employee Discipline<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Statewide Health Information Policy Manual, Sections 3.1.5, Security Awareness and Training<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Statewide Health Information Policy Manual, Sections 4.1.2, Privacy Training<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Statewide Health Information Policy Manual, Section 4.1.3, Sanctions for Violation<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p><strong>Revision History<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>Effective: 02\/2012<br>Revised: 03\/03\/2025<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t","protected":false},"parent":89,"template":"","class_list":["post-2059","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>2.2.3 Sanctions and Penalties for Privacy and Information Security Violations - Health Care Department Operations Manual (HCDOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"2.2.3 Sanctions and Penalties for Privacy and Information Security Violations - Health Care Department Operations Manual (HCDOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\/\" \/>\n<meta property=\"og:site_name\" content=\"Health Care Department Operations Manual (HCDOM)\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-25T19:10:45+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\\\/\",\"name\":\"2.2.3 Sanctions and Penalties for Privacy and Information Security Violations - Health Care Department Operations Manual (HCDOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#website\"},\"datePublished\":\"2023-11-30T23:33:44+00:00\",\"dateModified\":\"2025-07-25T19:10:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HCDOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 2 &#8211; Patients&#8217; Entitlements and Responsibilities\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 2 \u2013 Confidentiality and Privacy\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-2-patients-entitlements-and-responsibilities\\\/article-2-confidentiality-and-privacy\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"2.2.3 Sanctions and Penalties for Privacy and Information Security Violations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\",\"name\":\"Health Care Department Operations Manual\",\"description\":\"CCHCS\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#organization\",\"name\":\"Health Care Department Operations Manual\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/wp-content\\\/uploads\\\/sites\\\/207\\\/2023\\\/08\\\/cropped-cdcr-cchcs-logos-512.png\",\"contentUrl\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/wp-content\\\/uploads\\\/sites\\\/207\\\/2023\\\/08\\\/cropped-cdcr-cchcs-logos-512.png\",\"width\":82,\"height\":82,\"caption\":\"Health Care Department Operations Manual\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"2.2.3 Sanctions and Penalties for Privacy and Information Security Violations - Health Care Department Operations Manual (HCDOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"2.2.3 Sanctions and Penalties for Privacy and Information Security Violations - Health Care Department Operations Manual (HCDOM)","og_url":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\/","og_site_name":"Health Care Department Operations Manual (HCDOM)","article_modified_time":"2025-07-25T19:10:45+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\/","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\/","name":"2.2.3 Sanctions and Penalties for Privacy and Information Security Violations - Health Care Department Operations Manual (HCDOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#website"},"datePublished":"2023-11-30T23:33:44+00:00","dateModified":"2025-07-25T19:10:45+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/2-2-3-sanctions-and-penalties-for-privacy-and-information-security-violations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/"},{"@type":"ListItem","position":2,"name":"HCDOM","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 2 &#8211; Patients&#8217; Entitlements and Responsibilities","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/"},{"@type":"ListItem","position":4,"name":"Article 2 \u2013 Confidentiality and Privacy","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-2-patients-entitlements-and-responsibilities\/article-2-confidentiality-and-privacy\/"},{"@type":"ListItem","position":5,"name":"2.2.3 Sanctions and Penalties for Privacy and Information Security Violations"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#website","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/","name":"Health Care Department Operations Manual","description":"CCHCS","publisher":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/hcdom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#organization","name":"Health Care Department Operations Manual","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#\/schema\/logo\/image\/","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-content\/uploads\/sites\/207\/2023\/08\/cropped-cdcr-cchcs-logos-512.png","contentUrl":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-content\/uploads\/sites\/207\/2023\/08\/cropped-cdcr-cchcs-logos-512.png","width":82,"height":82,"caption":"Health Care Department Operations Manual"},"image":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#\/schema\/logo\/image\/"}}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Health Care Department Operations Manual (HCDOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/hcdom","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/2059","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":3,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/2059\/revisions"}],"predecessor-version":[{"id":2889,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/2059\/revisions\/2889"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/89"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/media?parent=2059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}