MedicaidAdministrativeHigh impact
24-1093m Safeguard Patient Privacy When Sharing Medical Records
Health Net·CA·Prior Authorization
We identified it
Jun 20, 2026
Summary
Health Net requires all participating providers to have written HIPAA compliance policies for protecting patient health information, with specific requirements for safeguarding sensitive services like mental health and reproductive care. Providers must respond to confidential communication requests within 7 days electronically or 14 days by mail, and grant Health Net access to EMR systems for case management without additional fees.
Action Required
Immediately: All providers must establish or update written HIPAA compliance policies (hard copy or electronic) that include safeguards against unauthorized PHI access. Front desk staff must notify all enrollees at initial enrollment and annually about confidential communication options. Billing team must ensure confidential communications (bills, EOBs, claim requests) are sent to member's designated address within 7 days for electronic requests or 14 days for mail requests. IT department must prepare to grant Health Net EMR access for case management and risk adjustment without charging additional fees.