MedicaidAdministrativeMedium impact
25-1048m Patient Privacy Matters: Key Requirements for Providers
Health Net·CA·Prior Authorization
We identified it
Jun 20, 2026
Summary
CalViva Health requires all participating providers to maintain HIPAA-compliant written privacy policies with specific procedures for protecting patient health information. The policy establishes strict requirements for handling sensitive services (mental health, reproductive health, STIs, substance use, gender-affirming care, intimate partner violence) including mandatory response timeframes for confidential communication requests.
Action Required
Immediately: Billing and administrative teams must ensure written HIPAA-compliant privacy policy is in place and accessible. Implement procedures to respond to confidential communication requests within 7 business days for electronic/phone requests and 14 business days for mailed requests. Update patient enrollment materials and annual communications to inform patients about confidential communication options. Train staff on sensitive service privacy requirements to prevent unauthorized disclosures without explicit patient permission.