Please consider making a donation to keep this project's resources available at no cost to the public. Your donation will support new research, updates to current resources, and website maintenance for HealthInfoLaw.org.
Violations of Patient Confidentiality of Medical Information – Cal. Civ. Code §56.36
Link to the law
This will open in a new window
Current as of June 2015
This will open in a new window
Any violation of the provisions of patient confidentiality of medical information that results in economic loss or personal injury to a patient is punishable as a misdemeanor. An individual harmed by the disclosure of confidential medical information may sue the entity that negligently disclosed confidential information for nominal damages of $1,000 or actual damages suffered.
An entity or individual who negligently discloses medical information is also liable (in addition to damages paid to the patient) to pay a civil or administrative fine of $2,500 per violation.
An entity or individual other than a licensed health care professional, who knowingly and intentionally obtains, uses or discloses confidential medical information will be fined a maximum of $25,000 per violation. An entity or individual other than a licensed health care professional who knowingly and intentionally obtains or uses confidential medical information for financial gain will be fined a maximum of $250,000 per violation, and will forfeit any proceeds received from the use of confidential information.
A licensed health professional who knowingly and intentionally obtains, uses or discloses confidential medical information will be fined on the first violation, a maximum of $2,500 per violation, for the second violation, a maximum of $10,000 per violation, and for the third violation, a maximum of $25,000 per violation. A licensed health professional who knowingly and intentionally obtains, uses or discloses confidential medical information for financial gain, will be fined for the first violation, a maximum of $5,000 per violation, for the second violation, $25,000 per violation, and for the third violation, a maximum of $250,000 per violation.
Any individual not authorized to receive confidential information, but knowingly and intentionally obtains, uses or discloses confidential information without written patient consent will be fined a maximum of $250,000 per violation.
In determining the penalty that should be imposed, several criteria should be examined, including whether a reasonable attempt was made to comply with the statute, the nature and seriousness of the offense, the harm to the patient, the number of violations, and intent of the defendant.
Current as of June 2015
.png)