Auditor-Controller HIPAA Compliance Unit's Mission Statement
Our purpose is to provide guidance, enforce and oversee the County of Los Angeles’ policies and procedures of the HIPAA Privacy Rule program to the extent that such operations are consistent and compliant with the Federal Standards set by the Department of Health and Human Services and administered and enforced by the Office for Civil Rights.
Our Strategic Plan Goals are:
Organizational Goal 1: Service Excellence
Provide the public with easy access to quality information and services that are both beneficial and responsive.
Programmatic Goal 7: Health and Mental Health
Implement a client-centered, information-based health and mental health services delivery system that provides cost-effective and quality services across county departments.
Los Angeles County Auditor-Controller
HIPAA Compliance Unit
Chief HIPAA Privacy Officer
500 West Temple Street, Suite 515
Los Angeles, CA 90012
Hotline: (213) 974-2164
HIPAA Privacy Complaint Form
Links to related sites:
More About HIPAA
In 1996, Congress passed HIPAA. As a result, the Act impacts all areas of the health care industry. HIPAA was designed to provide insurance portability, improve the efficiency of health care by standardizing the exchange of administrative and financial data, and protect the privacy, confidentiality and security of health care information.
A major principle of the Privacy Rule is to define and limit the circumstances in which an individual’s protected health information may be used or disclosed by covered entities. A covered entity may not use or disclose protected health information, except either: (1) as the Privacy Rule permits or requires; or (2) as the individual who is the subject of the information (or the individual’s personal representative) authorizes in writing.
A patient has the following rights under the HIPAA Privacy Rule:
- To access his/her Protected Health Information;
- To request an amendment to his/her PHI if he/she disagrees with what is documented;
- To request an accounting of disclosure of his/her PHI;
- To request that certain information be restricted from use or disclosure;
- To request that certain PHI be communicated in a particular manner to ensure confidentiality;
- To withhold authorization for the release of PHI;
- To authorize the release of PHI.
A covered entity is permitted, to use and disclose protected health information without an individual’s authorization for the following purposes:
- To the Individual for his/her review of their PHI;
- For treatment, payment, and health care operations;
- Incidental to an otherwise permitted use and disclosure;
- Under the Opportunity to Agree or Object clause, if the individual is unavailable, incapacitated, or in an emergency situation, a covered entity may disclose PHI in the exercise of their professional judgment that the disclosure is in the best interest of the individual;
- Public interest and benefit activities; and
- Limited data set for the purposes of research, public health or health care operations.
The primary activities of the HIPAA Compliance Unit are: audit reviews, develop policy and procedures, enforce compliance, act as the County’s liaison to the Officer for Civil Rights and other agencies, review and comment on new local, State, or federal laws that may impact existing health privacy practices, facilitate in the resolution of reported health privacy breaches or complaints, prepare reports to the Board of Supervisors, and coordinate efforts with the HIPAA Security Program under the Chief Information Office.