Center For Data Insights And Innovation

Section § 103206.1

This law section outlines rules for a center handling personal information. The center must create a program to manage data use, ensuring only non-identifiable, aggregated data is publicly available. The program focuses on privacy rights and includes standards for privacy protection.

The center needs a secure environment for accessing personal data, which restricts data access to only what is approved and protects against misuse. It must also track requests for personal information and handle them promptly.

Personal information access is limited to qualified researchers or public health authorities unless otherwise permitted by law.

(a) The center shall meet the following requirements with regard to the disclosure of information to qualified researchers:

(1) The center shall develop a comprehensive program for the use, access, and disclosure of personal information that includes data use agreements that require data users to comply with this division. The purpose of the program is to ensure that only aggregated, deidentified information is publicly accessible. The program shall be designed to recognize a consumer’s right of privacy and shall include at least the privacy protection standards specified in Section 103206.2.

(2) Access to personal information shall be governed by the use, access, and disclosure program to be developed by the center pursuant to paragraph (1).

(3) The center shall establish a secure research environment for access to personal information. The environment shall include access controls sufficient to ensure that users access only the personal information specified in an approved request and that personal information is protected from unapproved use.

(4) The center shall maintain information about requests and the disposition of requests, and shall develop processes for the timely consideration and release of personal information.

(b) To meet the research and policy goals of the center, it is necessary that access to personal information by qualified researchers is controlled.

(c) Unless otherwise expressly permitted by federal or state law, the center shall not disclose personal information to anyone other than a qualified researcher, or a public health authority as defined in Section 164.501 of Title 45 of the Code of Federal Regulations.

data privacy qualified researchers aggregated data ...

Section § 103206.2

This law outlines how the center should provide access to personal information for research purposes. To access this information, it must be for an approved project, and only the minimum necessary amount of data should be accessed. Every person who receives this data must sign an agreement that restricts them from disclosing it further.

If there's a breach of this agreement, it's considered a legal violation. Researchers can access data if it doesn't include specific personal identifiers or if the research significantly aids the center's goals and meets certain conditions such as project approval and demonstrated expertise in privacy. Additionally, their findings must be shared with the center.

(a)

(1) In granting access to qualified researchers or a public health authority pursuant to subdivision (c) of Section 103206.1, the center shall only grant access to the minimum amount of personal information necessary for an approved project or access to a dataset designed for an approved purpose.

(2) Each person who accesses or obtains personal information on behalf of a qualified researcher or public health authority shall sign a data use agreement.

(3) The data use agreement shall prohibit the recipient from further disclosure of the personal information received that is not otherwise expressly permitted by federal or state law.

(4) Violation of a data use agreement entered into pursuant to paragraph (2) shall be considered a violation of Section 1798.56 of the Civil Code and, if applicable, Section 1798.57 of the Civil Code.

(b) Access to personal information by qualified researchers shall be permissible only if the following requirements are met:

(1) If the personal information does not include any of the direct personal identifiers listed in Section 164.514(e) of Title 45 of the Code of Federal Regulations, access may be provided to qualified researchers for research and analysis purposes consistent with intent identified in subdivision (h) of Section 130201.

(2) If the personal information includes any of the direct personal identifiers listed in Section 164.514(e) of Title 45 of the Code of Federal Regulations, access may be provided only to qualified researchers for research projects that offer significant opportunities to achieve the center’s intent identified in subdivision (h) of Section 130201 and shall meet all of the following criteria:

(A) The project has been approved by the Committee for the Protection of Human Subjects pursuant to subdivision (t) of Section 1798.24 of the Civil Code.

(B) The requester has documented expertise with privacy protection and with the analysis of large sets of confidential information.

(C) The research shall be made available to the center.

qualified researchers public health authority personal information access ...

Section § 130200

This law creates the Center for Data Insights and Innovation within the California Health and Human Services Agency. Its main job is to make sure that medical information remains confidential. A director, who is also the Chief Data Officer, will lead the center and be appointed by the Secretary of California Health and Human Services.

There is hereby established within the California Health and Human Services Agency the Center for Data Insights and Innovation to ensure the enforcement of state law mandating the confidentiality of medical information. The Center for Data Insights and Innovation shall be administered by a director who shall also serve as the California Health and Human Services Chief Data Officer and shall be appointed by the Secretary of California Health and Human Services.

Center for Data Insights and Innovation confidentiality medical information ...

Section § 130201

This law recognizes the importance of data managed by the California Health and Human Services Agency, which includes information on health care, social services, and public health. It emphasizes the need to protect individual privacy and ensure that data is used securely and responsibly to improve public services and policies.

The law outlines the benefits of enhanced data utilization, such as efficiency in targeting resources and identifying gaps in services, particularly for vulnerable populations. It also acknowledges past barriers to data sharing and underscores the necessity for standardized privacy law interpretations to facilitate secure data exchange.

The Legislature intends to create the Center for Data Insights and Innovation to provide guidelines for health information sharing, enhance data privacy protections, and streamline data collection processes. This includes establishing information-sharing protocols, increasing data privacy, publishing insights on health care quality, and developing data-related initiatives to improve person-centered health and social services.

The Legislature finds and declares all of the following:

(a) The California Health and Human Services Agency manages great amounts of valuable data on all aspects of life for Californians, including, but not limited to, health care delivery, business, social services, child welfare, and public health.

(b) California has long recognized that securing individual privacy rights and confidentiality of personal health and medical records is of paramount importance to establishing public confidence in the provision of state services, and that ensuring transparent accountability, governance, and oversight are critical components to maintaining the public’s trust.

(c) Data is a fundamental asset that can be more fully utilized without compromising patient privacy and data security. Improving and streamlining collection practices, interoperability of data and technology, data infrastructure, data security, and data sharing is critical to the improvement of the lives of Californians and will foster person-centered and not program-centered decisionmaking.

(d) When data practices safeguard individual privacy, interpreting and using data improves public programs and policies and enriches the lives of people in many ways, including, but not limited to, all of the following:

(1) Analytics increase efficiency and help target resources to vulnerable and underserved populations.

(2) Data analytics allow for optimal use of existing resources and information assets to drive operational decisions and avoid changes that may result in adverse impacts or negative outcomes for vulnerable and underserved populations.

(3) Health and social services outcomes are improved through use of analytics to identify underserved populations, detect gaps in services, and improve and facilitate access to programs and services.

(4) Demographic and services information can be assessed to identify and address disparities, including racial, ethnic, gender, and geographic disparities, in health and socioeconomic status to advance equity and improve person-centered outcomes.

(e) Information sharing among state departments for integrated health and social services has been hindered by a lack of standardized interpretation and application of health privacy laws throughout the state. State departments often do not share information for integrated health and social services, even when sharing is appropriate, lawful, and permissible to all identifiable individuals. In order to provide efficient and effective health and social services, information should be securely exchanged among state departments in a manner that prioritizes individual privacy and autonomy over access to personal data.

(f) Unmitigated sharing and centralization of personal data relating to individuals presents unique risks to privacy, as that data can be used in concert to produce profiles revealing intimate details of individuals’ personal lives. Any policy related to data sharing, especially among governmental entities, must, therefore, be responsive to potential risks to personal privacy and include safeguards against invasive or excessive sharing of personal information.

(g) Data sharing has the potential to positively affect health and social services outcomes by linking vulnerable populations to services for which they are eligible.

(h) It is the intent of the Legislature to establish the Center for Data Insights and Innovation to do all of the following:

(1) Establish health information sharing guidance that balances the need for patient privacy with the benefits of data sharing to support and encourage integrated care and services to assist California health and social services organizations.

(2) Increase privacy protections by ensuring only required health data is transmitted for purposes and uses consistent with state and federal law.

(3) Administer the State Committee for the Protection of Human Subjects.

(4) Collect data and publish reports on quality of care and patient experience.

(5) Administer the California Health and Human Services Agency Open Data Portal.

(6) Develop and administer the California Health and Human Services Agency Research Data Hub and other future data initiatives.

(7) Improve and strengthen the security of data processes within the departments of the California Health and Human Services Agency.

(8) Identify and guide tangible and program-specific efforts, from the California Health and Human Services Agency leadership perspective, toward enhanced person-centered services that bridge and connect access to all health and social services programs for which an individual may be eligible.

data privacy information sharing health and human services ...

Section § 130202

This section provides definitions for terms used within a specific division of California law. It explains key terms like "bona fide research," referring to genuine research projects as defined in another section of the California regulations. The "Center" is identified as the Center for Data Insights and Innovation, and the "Chief Data Officer" is its Director. It defines the "CHHS Open Data Portal" as California's health data hub, while "HIPAA" refers to a federal law protecting health information. The "Research Data Hub" is another data resource from the Health and Human Services Agency. Lastly, "state entities" covers various government units, and "qualified researcher" includes those involved with genuine research, like health care investigators and certain educational institutions.

For the purposes of this division, the following definitions apply:

(a) “Bona fide research” has the same meaning as subdivision (f) of Section 820 of Title 11 of the California Code of Regulations.

(b) “Center” means the Center for Data Insights and Innovation.

(c) “Chief Data Officer” means the Director of the Center for Data Insights and Innovation.

(d) “CHHS Open Data Portal” means the California Health and Human Services Agency Open Data Portal.

(e) “Director” means the Director of the Center for Data Insights and Innovation.

(f) “HIPAA” means the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191).

(g) “Research Data Hub” means the California Health and Human Services Agency Research Data Hub or future iterations and names of that product.

(h) “State entities” means all state departments, agencies, boards, commissions, programs, and other organizational units of the executive branch of state government.

(i) “Qualified researcher” means state entities, clinical investigators, including investigators conducting epidemiologic studies, health care research organizations, and accredited public or private nonprofit educational or health care institutions for bona fide research purposes.

bona fide research Center for Data Insights and Innovation Chief Data Officer ...

Section § 130203

This law establishes a central authority, known as the center, to oversee compliance with health information privacy laws in California. The center is responsible for forming policies, coordinating efforts, and monitoring progress related to both state and federal health privacy regulations, such as HIPAA. Starting in 2022, the center must conduct security assessments every three years and report findings to the Office of Emergency Services.

State entities must conduct HIPAA impact assessments and work with the center to ensure compliance. The center also assesses which state laws are overridden by HIPAA while providing guidance and training on privacy rights and health information sharing. Annually, the center updates the legislature on its efforts to improve health and human services, focusing on underserved populations.

(a) The center shall assume statewide leadership, coordination, policy formulation, direction, and oversight responsibilities for compliance with state and federal health information privacy laws, including, but not limited to, the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code), the Information Practices Act of 1977 (Chapter 1 (commencing with Section 1798) of Title 1.8 of Part 4 of Division 3 of the Civil Code), the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), and the federal Health Information Technology for Economic and Clinical Health Act (Title XIII of the federal American Recovery and Reinvestment Act of 2009 (Public Law 111-5)), and implementing regulations. The center shall exercise full authority relative to state entities to establish policy, provide direction to state entities, provide guidance on data sharing, monitor progress, and report on compliance activities.

(b) Beginning January 1, 2022, the center shall complete an independent security assessment as described in Section 11549.3 of the Government Code at least once every three years and, consistent with subdivision (d) of that section, submit any resulting report and recommendations to the Office of Emergency Services.

(c) All state entities subject to HIPAA shall complete an assessment, in a form specified by the center, to determine the impact of HIPAA on their operations. All state entities shall cooperate with the center to determine whether the state entity is subject to HIPAA, including, but not limited to, providing a completed assessment, as prescribed by the center.

(d) All state entities shall cooperate with the efforts of the center to monitor HIPAA and health information privacy compliance activities and to obtain information on these activities. Information obtained about these activities shall not include personal information, as defined in subdivision (a) of Section 1798.3 of the Civil Code.

(e) All state entities affected by HIPAA shall comply with the decisions of the director in achieving compliance with HIPAA and other health information privacy laws, including whether a state entity is subject to HIPAA and other state and federal health information privacy requirements.

(f)

(1) The center shall assume statewide leadership, coordination, direction, and oversight responsibilities for determining which provisions of state law concerning health information are preempted by HIPAA, or are more protective of individually identifiable health information, pursuant to Section 160.203 of Title 45 of the Code of Federal Regulations. State entities impacted by HIPAA shall, at the direction of the center, do both of the following:

(i) Assist in determining which state laws concerning personal medical information are preempted by HIPAA.

(ii) Conform to all determinations made by the center concerning HIPAA preemption issues.

(2) If the center determines that a state law is preempted by HIPAA, the center shall provide the determination and a recommendation for a solution to the Secretary of California Health and Human Services.

(g) State entities are responsible for ensuring compliance with state and federal health information privacy laws, including, but not limited to, HIPAA. To the extent that funds are appropriated in the annual Budget Act, the center shall do all of the following to assist state entities in complying with health information requirements:

(1) Develop uniform policies on privacy, patient rights, and other matters related to health information requirements that shall be adopted and implemented by all state entities. In developing these policies, the center shall consult with representatives from the private sector, state government, and other public entities, including at least two consumer representatives, at least one of whom shall have expertise in privacy and security of health information.

(2) Specify training and tools, such as protocols for assessment and reporting and any other tools determined by the director, for compliance with health information requirements.

(3) Develop statewide guidance on health information sharing to support integrated health care and social services, including guidance on state and federal health information privacy laws, regulations, and policies. In developing this guidance, the center shall consult with representatives from the private sector, state government, and other public entities relevant to the provision of health care and social services, including privacy advocates, patient rights representatives, and county administrators of health and human services programs and their association representatives.

(4) Represent the State of California in discussions on health data sharing, data interoperability, HIPAA, and substance use disorder information requirements contained in Part 2 of Title 42 of the Code of Federal Regulations with the federal Department of Health and Human Services. The center may review and approve all comments related to data sharing, data interoperability, HIPAA, and substance use disorder information requirements contained in Part 2 of Title 42 of the Code of Federal Regulations that state entities propose for submission to the federal Department of Health and Human Services or any other body or organization.

(5) Coordinate and communicate with other affected entities, including, but not limited to, the Department of Technology and State Chief Data Officer.

(6) Monitor the compliance activities of state entities with state and federal health information requirements and require these entities to report on their activities at times specified by the director, using a format prescribed by the director.

(7) Develop standards for the center’s use in determining the extent of compliance with health information requirements.

(8) Provide technical assistance to state entities on information sharing and compliance with state and federal health information privacy requirements.

(h)

(1) (A) Beginning March 1, 2022, and annually thereafter, the center shall provide to the Legislature, and post on its internet website, a written update that outlines its major endeavors, including the challenges encountered, the milestones achieved toward meeting set objectives to achieve a person-centered approach in health and human services, and the data collection and sharing practices employed by the center during the preceding year.

(B) An update to be submitted to the Legislature pursuant to subparagraph (A) shall be submitted in compliance with Section 9795 of the Government Code.

(2) Upon the issuance of the update pursuant to subparagraph (A), the center shall meet with legislative staff representing the health and human services fiscal and policy areas to report on efforts for health and human services to become more person-centered in service delivery. The center shall provide updates on specific major programs serving or attempting to serve populations that are by definition considered underserved and vulnerable, including populations living in poverty and deep poverty, and who may lack access or face limitations due to age, disability, functional impairment, educational level, adverse childhood experiences, and cultural and linguistic challenges. This meeting shall occur through virtual or in-person meetings.

health information privacy statewide leadership HIPAA compliance ...

Section § 130204

This law mandates the creation of annual publications including a healthcare quality report card, which will be available online. It involves gathering data from various state health departments on care quality, costs, and other factors. The center can also partner with academic or nonprofit organizations for this purpose.

Additionally, an annual report will detail the operations of consumer assistance centers, focusing on call types, resolutions, protocols, and performance standards. The center may also collect and analyze data on consumer complaints and issues, providing public information to aid understanding and improvement of healthcare access and quality.

The center is tasked with providing tools and education to improve consumer access to quality care and address disparities related to socioeconomic factors. It will develop consumer surveys on various health topics and set standards to ensure healthcare reports are easy for consumers to understand.

Definitions included clarify terms like 'healthcare service plan' and 'health coverage program,' and emphasize that collected data will not include personally identifiable information.

(a)

(1) The center shall compile annual publications, to be made publicly available on the center’s internet website, including, but not limited to, a quality of care report card that reflects health care service plans, preferred provider organizations, and medical groups.

(2) The Department of Managed Health Care, the State Department of Health Care Services, the Department of Insurance, the Exchange, the State Department of Social Services, the Office of Statewide Health Planning and Development, and any other public health coverage program or state entity shall provide to the center data concerning the quality of care report card in the time, manner, and format requested by the center. The center may also request data related to the cost of care, quality of care, patient experience, socioeconomic status impact on health, access to care, and access to social services programs.

(3) The center may request data from and contract with academic or nonprofit organizations related to quality of health care and patient experience to develop the quality of care report card.

(b) The center shall produce an annual report to be made publicly available on the center’s internet website by December 31, 2022, and annually thereafter, of health care consumer or patient assistance help centers, call centers, ombudsperson, or other assistance centers operated by the Department of Managed Health Care, the State Department of Health Care Services, the Department of Insurance, and the Exchange, that includes, at a minimum, all of the following:

(1) The types of calls received and the number of calls.

(2) The call center’s role with regard to each type of call, question, complaint, or grievance.

(3) The call center’s protocol for responding to requests for assistance from health care consumers, including any performance standards.

(4) The protocol for referring or transferring calls outside the jurisdiction of the call center.

(5) The call center’s methodology of tracking calls, complaints, grievances, or inquiries.

(c)

(1) The center may collect and analyze data on problems and complaints by, and questions from, consumers about health care coverage for the purpose of providing public information about problems faced and information needed by consumers in obtaining coverage and care. The data collected shall include demographic data, insurer or plan data, appeals, source of coverage, regulator, type of problem or issue or comparable types of problems or issues, and resolution of complaints, including timeliness of resolution. Notwithstanding Section 10231.5 of the Government Code, the center shall submit a report by December 31, 2022, and annually thereafter to the Legislature. The report shall be submitted in compliance with Section 9795 of the Government Code. The format may be modified annually as needed based upon comments from the Legislature and stakeholders.

(2) The Department of Managed Health Care, the State Department of Health Care Services, the Department of Insurance, the Exchange, and any other public health coverage programs shall provide to the center data concerning call centers to meet the reporting requirements in this section in the time, data elements, manner, and format requested by the center.

(3) For the purpose of publicly reporting information as required in paragraph (1) and this paragraph about the problems faced by consumers in obtaining care and coverage, the center shall analyze data on consumer complaints, appeals, and grievances resolved by the agencies listed in subdivision (b), including demographic data, source of coverage, insurer or plan, resolution of complaints, and other information intended to improve health care and coverage for consumers.

(d) To the extent that funds are appropriated in the annual Budget Act for this purpose, the center shall do all of the following to assist state entities that provide public health coverage programs or oversight of health insurance or health care service plans:

(1) After evaluation of data from the Department of Insurance and the Department of Managed Health Care, coordinate with public health coverage programs and state oversight departments of public and commercial health coverage programs to provide assistance related to addressing the quality of care and patient experience of public and commercial health coverage programs that have been determined to be deficient in the annual quality of care report card.

(2) Create and provide tools and education to consumers of health insurance and public health coverage programs to better enable them to access and utilize the quality of care report card and the health care services to which they are eligible.

(3) Develop tools and education related to improvement of consumer access to care, quality of care, and addressing the disparities in quality of care related to socioeconomic status.

(4) Develop and implement consumer surveys of the patient experience, quality of care, and any other topic consistent with this section.

(5) Develop standards for departments within the California Health and Human Services Agency related to public reports published by the departments to ensure consumer readability and understanding across programs.

(e) If the departmental letters or other similar instruction are only issued to other state entities, the center may implement, interpret, or make specific this section by means of a departmental letter or other similar instruction, as necessary, notwithstanding Chapter 3.5 (commencing with Section 11340) of Part 1 of Division 3 of Title 2 of the Government Code.

(f) For purposes of this section, the following definitions apply:

(1) “Data” means information that is not individually identifiable health information, as defined in Section 160.103 of Title 45 of the Code of Federal Regulations.

(2) “Exchange” means the California Health Benefit Exchange established pursuant to Title 22 (commencing with Section 100500) of the Government Code.

(3) “Health care” includes services provided by any health care coverage program.

(4) “Health care service plan” has the same meaning as that set forth in subdivision (f) of Section 1345. Health care service plan includes “specialized health care service plans,” including behavioral health plans.

(5) “Health coverage program” includes the Medi-Cal program, tax subsidies and premium credits under the Exchange, the Basic Health Program, if enacted, and county health care programs.

(6) “Health insurance” has the same meaning as set forth in Section 106 of the Insurance Code.

quality of care report card healthcare consumer assistance call center data ...

Section § 130205

This section involves oversight of research using state data in California. A specialized board, the State Committee for the Protection of Human Subjects, must approve research involving state data assets before any information can be shared, ensuring compliance with privacy laws. The center is also tasked with managing the California Health and Human Services Agency's data initiatives, including the CHHS Open Data Portal and the Research Data Hub. Additionally, the center uses data to enhance operations and services within the agency.

(a) The center shall administer the State Committee for the Protection of Human Subjects, which is California’s institutional review board. Before state information assets subject to the Information Practices Act (Chapter 1 (commencing with Section 1798) of Title 1.8 of Part 4 of Division 3 of the Civil Code) are disclosed for research, the request for data shall be approved by the State Committee for the Protection of Human Subjects in compliance with the process in Section 1798.24 of the Civil Code. In its duties, the State Committee for the Protection of Human Subjects board shall be fully independent in its review of requests for state data, institutional review board activities, and its activities under Section 1798.24 of the Civil Code.

(b) Upon appropriation by the Legislature, the center shall administer the CHHS Open Data Portal, develop and administer the Research Data Hub, and may develop and administer other significant data initiatives for California Health and Human Services Agency and its departments.

(c) The center shall use data to improve processes and provide strategic planning and services to the departments within the California Health and Human Services Agency, consistent with intent identified in subdivision (h) Section 130201.

State Committee for the Protection of Human Subjects institutional review board Information Practices Act ...

Section § 130206

This California law states that when the center conducts public health activities, it deals with personal information essential for projects that serve public health purposes. All personal information collected by the center must be kept confidential.

Information released to the public must be deidentified and aggregated, protecting individual privacy. Privacy policies must align with laws like HIPAA to ensure consumer information is secured. Personal information from other state entities is generally exempt from public records requests.

Importantly, the law clarifies that collected data cannot be used to affect individual patient care, treatment decisions, or insurance coverage determinations.

(a) The Legislature finds and declares that the center performs public health activities described in Section 164.512(b) of Title 45 of the Code of Federal Regulations when carrying out activities pursuant to this division. Personal information collected in accordance with this division is necessary to carry out projects with public health purposes.

(b) All personal information obtained or maintained by the center shall be confidential and shall be subject to the following requirements:

(1) Only deidentified and aggregated information shall be included in a publicly available analysis, data product, or research.

(2) All policies and procedures developed in implementing this division shall ensure that the privacy, security, and confidentiality of consumers’ personal information is protected, as required by the Information Practices Act of 1977, and consistent with state and federal health privacy laws, including the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Public Law 104-191) and the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code), and data shall not be disclosed until the center has developed a policy regarding the release of data.

(c) Unless otherwise specified in this division, personal information collected by the center from other states entities shall be exempt from the disclosure requirements of the California Public Records Act (Division 10 (commencing with Section 7920.000) of Title 1 of the Government Code), and shall not be made available except pursuant to this division.

(d) Any information collected or obtained shall not be used for determinations regarding individual patient care or treatment and shall not be used for any individual eligibility or coverage decisions or similar purposes.

public health activities confidentiality of personal information deidentified information ...

Section § 130207

This law establishes the Center for Data Insights and Innovation Fund in the California State Treasury starting July 1, 2021. It's designed to manage financial resources for activities outlined in this division by transitioning assets and liabilities from the previous Office of Health Information Integrity Trust Fund. Money in this fund can be carried over each fiscal year if not used, and any interest earned stays within the fund to support its purposes.

The fund will cover costs for processing, personnel, and operations, with the possibility of creating dedicated accounts within it. It consists of money provided by the legislature, income from services, and other sources like investment returns. Additionally, the center can charge non-state entities for services and may seek federal funding, including grants and participation in Medi-Cal support.

(a) Effective July 1, 2021, the Center for Data Insights and Innovation Fund is hereby created in the State Treasury, and, upon appropriation by the Legislature, moneys in the fund shall be made available for the purpose of this division. Any moneys in the fund that are unexpended or unencumbered at the end of the fiscal year may be carried forward to the next succeeding fiscal year.

(b) The Center for Data Insights and Innovation Fund is the successor fund to the Office of Health Information Integrity Trust Fund. All the assets and liabilities of the Office of Health Information Integrity Trust Fund shall become assets and liabilities of the Center for Data Insights and Innovation Fund upon establishment of the Center for Data Insights and Innovation Fund.

(c) Notwithstanding Section 16305.7 of the Government Code, all interest earned on moneys that have been deposited in the fund shall be retained in the fund and used for purposes consistent with this division.

(d) The fund shall be administered by the director and moneys in the fund shall be used to pay all costs arising from the implementation of this division and rendering services to state entities as required by this division, including, but not limited to, employment and compensation of necessary personnel and expenses, such as operating and other expenses of the center and costs associated with technical assistance, and to establish reserves. At the discretion of the director, segregated, dedicated accounts within the fund may be established.

(e) The fund shall consist of all of the following:

(1) Moneys appropriated and made available by the Legislature for the purposes of this division.

(2) All revenues received from the services provided for in this division.

(3) Any other moneys that may be made available to the center from any other source, including, but not limited to, the return from investments of moneys by the Treasurer and funds received pursuant to subdivision (g).

(f) The center may collect fee-for-service payments from a nonstate entity for services provided to the nonstate entity by the State Committee for the Protection of Human Subjects.

(g) The center may also solicit funding in any of the following ways:

(1) The center may apply to the United States Secretary of Health and Human Services for federal grants.

(2) To the extent permitted by federal law, the center may seek federal financial participation for assisting beneficiaries of the Medi-Cal program.

Center for Data Insights and Innovation Fund State Treasury fund appropriation ...

Section § 130208

This law section explains that the Office of Patient Advocate Trust Fund is now called the Health Plan Improvement Trust Fund. The money in this fund can only be used for specific purposes approved by the Legislature, as described in another section. Money from the original fund will be transferred to this renamed fund, and the fund is identified as Fund 3209 in financial records. Any interest earned from this fund will stay in the fund and must be used as intended by detailed purposes.

(a) The Office of Patient Advocate Trust Fund shall be renamed to the Health Plan Improvement Trust Fund.

(b) The moneys in the Health Plan Improvement Trust Fund shall, upon appropriation by the Legislature, be made available for the purposes in Section 130204.

(c) All moneys in the Health Plan Improvement Trust Fund created pursuant to former Section 130208, as added by Section 11 of Chapter 696 of the Statutes of 2021, shall be transferred to the renamed Health Plan Improvement Trust Fund, identified as Fund 3209 in the Department of Finance’s Uniform Codes Manual.

(d) Notwithstanding Section 16305.7 of the Government Code, all interest earned on moneys that have been deposited in the Health Plan Improvement Trust Fund shall be retained in the fund and used for purposes consistent with Section 130204.

Health Plan Improvement Trust Fund Office of Patient Advocate Trust Fund appropriation by Legislature ...

Section § 130209

This law section outlines how funds are allocated to the Health Plan Improvement Trust Fund from two sources: the Managed Care Fund and the Insurance Fund. Money from the Managed Care Fund is determined by the number of people covered under plans regulated by the Department of Managed Health Care, which includes Medi-Cal managed care. Meanwhile, money from the Insurance Fund is based on the number of people with health insurance policies regulated by the Department of Insurance, including those with Medicare supplement plans. The allocation from each fund is proportional to the total number of people covered under these plans in California.

(a) Moneys transferred from the Managed Care Fund and the Insurance Fund for use by the center shall be deposited into the Health Plan Improvement Trust Fund.

(b) The share of funding from the Managed Care Fund shall be based on the number of covered lives in the state that are covered under plans regulated by the Department of Managed Health Care, including covered lives under Medi-Cal managed care, as determined by the Department of Managed Health Care, in proportion to the total number of all covered lives in the state.

(c) The share of funding to be provided from the Insurance Fund shall be based on the number of covered lives in the state that are covered under health insurance policies and benefit plans regulated by the Department of Insurance, including covered lives under Medicare supplement plans, as determined by the Department of Insurance, in proportion to the total number of all covered lives in the state.

Health Plan Improvement Trust Fund Managed Care Fund Insurance Fund ...

Section § 130210

This law gives the director the ability to create rules to enforce changes in a specific legal area. Before any rule is finalized, there must be a 45-day posting on the center's website, allowing for public comments for at least 30 days. If someone asks for a public hearing during this comment period, it must be held before the rule can be adopted. This process for creating or changing regulations is valid until June 30, 2024.

Interestingly, these regulations are exempt from certain formal rulemaking requirements of the California Government Code until the same date. Once a regulation is ready, it must be filed with the Office of Administrative Law, which then files it with the Secretary of State for official state record inclusion in the California Code of Regulations.

Generally, each new regulation is effective upon filing unless stated otherwise and will expire automatically once the related division is repealed.

The director may adopt regulations to implement this division and the changes made to subdivision (t) of Section 1798.24 of the Civil Code by the act that added this section. Before adopting regulations, the center shall adopt the following standards:

(a) At least 45 days prior to adoption, the center shall post a proposed regulation on its internet website. Public comment shall be accepted by the center for at least 30 days after the proposed regulation is posted. If a member of the public requests a public hearing during the 30-day review period, the hearing shall be held prior to adoption of the regulation. The process described in this subdivision shall apply to the adoption of new regulations and to changes to existing regulations until June 30, 2024.

(b) Adoption of, and changes to, regulations adopted pursuant to this division shall not be subject to the rulemaking requirements of Section 11343.4 of, and Article 5 (commencing with Section 11346) and Article 6 (commencing with Section 11349) of Chapter 3.5, of Part 1 of Division 3 of Title 2 of the Government Code until June 30, 2024.

(c) The director shall file any regulation adopted pursuant to this division with the Office of Administrative Law for filing with the Secretary of State and publication in the California Code of Regulations. Any regulation filed with the Office of Administrative Law pursuant to this subdivision shall include a citation to this section and any other applicable state or federal laws as providing authority for the adoption of the regulation.

(1) Any regulation adopted pursuant to this division shall become effective on the date it is filed with the Secretary of State unless the director prescribes a later date in the regulation or in a written instrument filed with the regulation.

(2) Any regulation adopted pursuant to this division shall expire the date that this division is repealed.

rule adoption process public comment period public hearing ...

Section § 130211

This law allows a center to hire outside organizations to help carry out its duties. These organizations must meet specific privacy and confidentiality standards set by the center. The center is responsible for providing privacy training and checking regularly that these organizations follow the rules. This work is considered a new role for the state, so it can be done by independent contractors under certain conditions.

The center may contract for the provision of services required to implement this division. The center shall adopt standards for the organizations with which it contracts pursuant to this section to ensure compliance with the privacy and confidentiality laws of this state, conduct privacy trainings as necessary, and regularly verify that the organizations have measures in place to ensure compliance with the adopted standards. The Legislature finds that these contracts are for a new state function and authorizes the performance of this work by independent contractors, pursuant to paragraph (2) of subdivision (b) of Section 19130 of the Government Code.

privacy compliance confidentiality standards independent contractors ...

Center for Data Insights and Innovation