Understanding the New CDPH Privacy Breach Regulations

Originally recorded July 30, 2021.

On June 28th, the Office of Administrative Law (OAL) approved California Department of Public Health (CDPH) Medical Breach Regulations that went into effect July 1.

The regulations do the following: 

  • Allow hospitals to conduct a HIPAA-like risk assessment and not report breaches if they pose a low probability of compromising medical information
  • Specify the information that must be included when reporting a breach to CDPH and the patient 
  • Impose greater responsibility on hospitals for breaches by business associates and medical staff members
  • Require extensive recordkeeping 
  • Set forth an administrative penalty structure, including base penalties and adjustment factors 

Join this webinar and learn from experts about these regulations and their impact to your facility. You’ll also learn how CHA is working for enforcement discretion given the short notice provided to members.


Risk managers, health information managers, privacy officers, compliance officers, health care attorneys, nurses and nurse managers, social workers, quality management staff, admissions staff, emergency department staff, discharge planners, clinical staff, and administrators

This content is restricted to members.