Your Claim is Confidential

All VCB claims and related documents, including medical information and records, are highly confidential. Except as otherwise required by California law, the VCB may only disclose a victim or applicant's information with his/her written permission. This confidentiality applies to all material in a victim compensation claim file, whether it is the paper file or the claimant’s “file” in CaRES. Staff are prohibited from disclosing any personal information about a claimant or crime victim.

The Information Release signed by the applicant allows staff to share information with entities such as government agencies or medical, dental, mental health, and funeral providers. However, staff may only disclose information to those entities for the purpose of assisting a claimant or reviewing a claim. Staff may receive information about a claim from any person or agency, including providers and insurance companies.

The VCB may publicly disclose information about its activities in general, including summary data, such as the information contained in the annual report or posted on the Board’s website.

The Victim Compensation Board and HIPAA

Overview

California law (Government Code §13954(a)) gives the Victim Compensation Board (CalVCB) the authority to request and receive patient medical information. The disclosure rules of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 that prohibit providers from disclosing patient information do not apply to CalVCB.

Providers do not need to obtain a patient release when sending patient medical information to CalVCB. CalVCB uses patient medical information to determine compensation. Compensation can be significantly delayed by lack of or incomplete patient information.

All CalVCB claims and related documents, including medical information and records, are highly confidential. Except as otherwise required by California law, CalVCB only discloses a victim or applicant's information with their written permission.

What is HIPAA?

Recognizing the need for minimum national healthcare privacy standards to protect the confidentiality of healthcare information, Congress passed the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191. [1]

HIPAA required the adoption of federal privacy protections for individually identifiable health information. The Federal Department of Health and Human Services adopted regulations, commonly referred to as the "Privacy Rule," which required compliance by most "covered entities" by April 14, 2003. The regulations can be found at 45 Code of Federal Regulations parts 160.103 and 164. [2]

The California Victim Compensation Board and HIPAA disclosure rules:

The California Office of Health Information and Integrity (CalOHii) has ruled that the California Victim Compensation Program's authority to receive patient medical information is not preempted by HIPAA. CalVCB has very clear statutory authority to request and receive patient medical information (Government Code §13954(a)). While HIPAA preempts state law, the statutes governing CalVCB remain intact. [3]

CalVCP has the final, official opinion from CalOHii's State Office of HIPAA Implementation. Any state law determined by CalOHii to be preempted is no longer applicable to the extent of the preemption (See Sen. Bill No. 456 (2001-2002 Reg. Sess.); and Sen. Bill No. 1914 (2001-2002 Reg. Sess.)). The California Legislature has given the CalOHii the authority to determine which state laws are preempted by HIPAA. CalOHii is within the California Health and Human Services Agency and is generally responsible for insuring state agency compliance with HIPAA. [4]

Questions?

For questions about the CalVCB and HIPAA, please e-mail the Victim Compensation Board.