DATE: May 17, 2022
TO: Board of Supervisors
SUBMITTED BY: Susan L. Holt, Director, Department of Behavioral Health
SUBJECT: California Mental Health Services Authority Business Associate Agreement
RECOMMENDED ACTION(S):
TITLE
Approve and authorize the Chairman to execute a Business Associate Agreement with California Mental Health Services Authority to protect the privacy of health information, effective upon execution ($0).
REPORT
There is no Net County Cost associated with the recommended action, which will allow California Mental Health Services Authority (CalMHSA) to perform or provide functions, activities, or services to the Department of Behavioral Health that require CalMHSA to create, access, receive, maintain, and/or transmit information that includes or that may include Protected Health Information (PHI) and other protected information to provide such functions, activities, or services. This item is countywide.
ALTERNATIVE ACTION(S):
There is no viable alternative action. If the Board does not approve the recommended action, the Department would be out of compliance with Health Insurance Portability and Accountability Act (HIPAA) rules and California Department of Health Care Services (DHCS) requirements.
FISCAL IMPACT:
There is no Net County Cost associated with the recommended action. Authorization of the Business Associate Agreement (BAA) will allow the Department to share data with CalMHSA in compliance with HIPAA rules and DHCS requirements.
DISCUSSION:
The Department is a member of the CalMHSA Joint Powers Authority (JPA) and defined as a Covered Entity and subject to the requirements and prohibitions of the Administrative Simplification provisions of the HIPAA Rules (45 Code of Federal Regulations Parts 160 and 164). .
These rules require a written BAA between the Department and CalMHSA to mandate certain protections for the privacy and security of PHI and prohibit the disclosure to or use of PHI by CalMHSA if such an agreement is not in place. In addition, DHCS requires the Department and CalMHSA to include certain protections for the privacy and security of personal information, sensitive information, and confidential information.
The recommended agreement and its provisions are intended to protect the privacy of health information disclosed to or used by CalMHSA in compliance with the HIPAA rules and DHCS requirements.
ATTACHMENTS INCLUDED AND/OR ON FILE:
On file with Clerk - CalMHSA BAA
CAO ANALYST:
Sonia M. De La Rosa