Privacy Statutes and Regulations

HIPAA is excluded from workers compensation proceedings.
45 CFR 164.512(l). http://edocket.access.gpo.gov/cfr_2002/octqtr/45cfr164.512.htm

HIPAA applies to 'Covered Entities' and their Clearinghouses, and Covered Entities
are limited to Health Care Providers. These rules do not apply to attorneys, Professional Photocopiers or EAMS Filing Vendors.
http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html

California Civil Code Section 1798.81.5 may apply to attorneys using a TPF Vendor that receives Personal Information. This section simply requires a contract that the vendor implemented and maintains reasonable security procedures and practices. This is covered in the DWC's TPF and Jet File Agreements, and may be covered again under the Vendor's contract with the attorney. http://law.onecle.com/california/civil/1798.81.5.html

Section 1798.81.5 applies specifically to businesses that 'own or lease' personal information of their 'Customer', which does not occur during in an e-filing transaction,
or a copy service order, so the above section may not apply. Also, section 1798.81.5(d)(3) states that information 'publicly available' is not covered, and most
filing information is available publicly in the EAMS Search Tool.
http://law.onecle.com/california/civil/1798.81.5.html

CC 1798.82 may apply to a TPF Vendor that allows an unauthorized entity to receive covered 'personal information', but is not a risk for the law firm using that vendor. This is what was mentioned in the news recently in connection with a well known EDEX
vendor. http://law.onecle.com/california/civil/1798.82.html


< Back to HIPAA List