The Center for Data Insights and Innovation (CDII) has responsibility for the statewide leadership, coordination, policy formulation, direction, and oversight of the implementation and compliance of the Health Insurance Portability and Accountability Act (HIPAA) by state departments. CDII is focused on state departments that are covered entities, business associates, or HIPAA-impacted. Specifically, CDII performs the following functions:

• Evaluate, monitor and report on state department compliance – refer to the Compliance Review page for more information
• Monitor, develop and revise HIPAA compliance policies – refer to the Statewide Health Information Policy Manual (SHIPM) page for more information
• Conduct periodic assessments of state entities to determine which state departments must be HIPAA compliant – refer to HIPAA Entity Status Assessment page for more information
• Provide overall leadership and guidance to state departments on HIPAA and other related state and federal laws – refer to Federal and State Health Laws page

Our Mission

• CDII assists state departments to protect and secure access to health information.

Our Vision

• A statewide culture of compliance through leadership, education, and policy.

Statutory Authority

California Health and Safety Code § 130300 et seq. details the statutory authority and responsibility CDII has regarding implementation and compliance with state and federal privacy laws – CDII provides a summary of the laws.