Bill Summary – FastDemocracy

Existing law, the Confidentiality of Medical Information Act, prohibits specified entities from intentionally sharing, selling, using for marketing, or otherwise using any medical information, as defined, for any purpose not necessary to provide health care services to a patient, unless a specified exception applies. Existing law, with specified exceptions, prohibits an employer from using, disclosing, or knowingly permitting its employees or agents to use or disclose medical information that the employer possesses pertaining to its employees without the prescribed permission of the patient. Existing law makes a violation of these provisions a crime. Existing law, the Insurance Information and Privacy Protection Act, generally regulates how insurers collect, use, and disclose information gathered in connection with insurance transactions.
Existing law specifies the manner in which a health care service plan or health insurer is required to maintain confidentiality of medical information regarding the treatment of an insured, subscriber, or enrollee, including requiring a health care service plan or health insurer to accommodate requests by insureds, subscribers, and enrollees relating to the form and format of communication of confidential medical information in situations involving sensitive services or situations in which disclosure would endanger the individual.
This bill, on and after July 1, 2022, would revise and recast these provisions to require the health care service plan or health insurer to accommodate requests for confidential communication of medical information regardless of whether there is a situation involving sensitive services or a situation in which disclosure would endanger the individual.
This bill, on and after July 1, 2022, would prohibit a health care service plan or health insurer from requiring a protected individual, as defined, to obtain the policyholder, primary subscriber, or other enrollee's authorization to receive sensitive services or to submit a claim for sensitive services if the protected individual has the right to consent to care. The bill would require the health care service plan or health insurer to direct all communications regarding a protected individual's receipt of sensitive services directly to the protected individual, and would prohibit the disclosure of that information to the policyholder, primary subscriber, or any plan enrollees without the authorization of the protected individual, as provided. This bill would require a health care service plan to notify subscribers and enrollees and a health insurer to notify insureds that they may request a confidential communication in a specified format and how to make the request, and would require a health care service plan and health insurer to provide the information in a specified manner, including on the internet website of the health care service plan or health insurer.
 Because a violation of these provisions by a health care service plan would be a crime, and because this bill would expand the scope of a crime, the bill would create a state-mandated local program. 
 The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.
Statutes affected: 
AB1184: 108940 HSC
02/18/21 - Introduced: 108940 HSC
03/25/21 - Amended Assembly: 108940 HSC
06/29/21 - Amended Senate: 56.05 CIV, 56.107 CIV, 56.35 CIV, 791.02 INS, 791.29 INS
07/15/21 - Amended Senate: 56.05 CIV, 56.107 CIV, 56.107 CIV, 56.35 CIV, 791.02 INS, 791.29 INS, 791.29 INS
08/31/21 - Amended Senate: 56.05 CIV, 56.107 CIV, 56.35 CIV, 791.02 INS, 791.29 INS
09/14/21 - Enrolled: 56.05 CIV, 56.107 CIV, 56.35 CIV, 791.02 INS, 791.29 INS
09/22/21 - Chaptered: 56.05 CIV, 56.107 CIV, 56.35 CIV, 791.02 INS, 791.29 INS
AB 1184: 108940 HSC