Who is affected by this change?

This affects Health Net in CA on Medicaid plans.

Back to dashboard

MedicaidAdministrativeHigh impact

24-1092m Safeguard Patient Privacy When Sharing Medical Records

Health Net·CA·Prior Authorization

Effective date

Not stated

We identified it

Jun 20, 2026

Days to comply

—

Summary

Health Net requires participating providers to have written HIPAA-compliant policies for protecting patient health information, with specific requirements for handling sensitive services and confidential communications. Providers must respond to confidential communication requests within 7 days electronically or 14 days by mail, and grant Health Net access to EMR systems for case management.

Action Required

Action needed

Immediately: Ensure written HIPAA policy is in place and accessible. Billing team must establish processes to respond to confidential communication requests within 7 calendar days for electronic/phone requests and 14 calendar days for mail requests. Configure systems to direct all communications about sensitive services (mental health, reproductive health, substance abuse, etc.) to member's designated address only, not primary subscriber. Grant Health Net access to EMR systems when requested for case management and risk adjustment.

Related policy hubs

Health Net policies CA policy changes