Existing law, the Reproductive Privacy Act, provides that every individual possesses a fundamental right of privacy with respect to their personal reproductive decisions. Existing law prohibits the state from denying or interfering with a person's right to choose or obtain an abortion prior to viability of the fetus, or when the abortion is necessary to protect the life or health of the person.
Existing law, the Confidentiality of Medical Information Act (CMIA) , generally prohibits a provider of health care, a health care service plan, or a contractor from disclosing medical information regarding a patient, enrollee, or subscriber without first obtaining an authorization, unless a specified exception applies. The CMIA requires every provider of health care, health care service plan, pharmaceutical company, or contractor who, among other things, maintains or stores medical information to do so in a manner that preserves the confidentiality of the information contained therein. The CMIA also prohibits a provider of health care, a health care service plan, a contractor, or an employer from releasing medical information that would identify an individual or related to an individual seeking or obtaining an abortion in response to a subpoena or a request or to law enforcement if that subpoena, request, or the purpose of law enforcement for the medical information is based on, or for the purpose of enforcement of, either another state's laws that interfere with a person's rights to choose or obtain an abortion or a foreign penal civil action. Existing law makes a violation of the CMIA that results in economic loss or personal injury to a patient punishable as a misdemeanor.
This bill would require specified businesses that electronically store or maintain medical information on the provision of sensitive services on behalf of a provider of health care, health care service plan, pharmaceutical company, contractor, or employer to develop capabilities, policies, and procedures, on or before July 1, 2024, to enable certain security features, including limiting user access privileges and segregating medical information related to gender affirming care, abortion and abortion-related services, and contraception, as specified. The bill would additionally prohibit a provider of health care, health care service plan, contractor, or employer from cooperating with any inquiry or investigation by, or from providing medical information to, an individual, agency, or department from another state or, to the extent permitted by federal law, to a federal law enforcement agency that would identify an individual or that is related to an individual seeking or obtaining an abortion or abortion-related services that are lawful under the laws of this state, unless the request for medical information is authorized in accordance with specified existing provisions of law. The bill would exempt a provider of health care from liability for damages or from civil or enforcement actions relating to cooperating with, or providing medical information to, another state or a federal law enforcement agency before January 31, 2026, if the provider of health care is working diligently and in good faith to comply with the prohibition. Because the bill would expand the scope of an existing crime, it would impose a state-mandated local program.
Existing law requires the California Health and Human Services Agency, in consultation with stakeholders and local partners, to establish the California Health and Human Services Data Exchange Framework that includes a single data sharing agreement and common set of policies and procedures that govern and require the exchange of health information among health care entities and government agencies in California. Existing law requires, on or before January 31, 2024, that specified entities, including general acute care hospitals and skilled nursing facilities, exchange health information, as defined, in real time.
This bill would exclude the exchange of health information related to abortion and abortion-related services from automatically being shared on the California Health and Human Services Data Exchange Framework.
This bill would incorporate additional changes to Section 130290 of the Health and Safety Code proposed by SB 582 to be operative only if this bill and SB 582 are enacted and this bill is enacted last.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.

Statutes affected:
03/23/23 - Amended Assembly: 56.101 CIV, 56.108 CIV, 130290 HSC
05/18/23 - Amended Assembly: 56.101 CIV, 56.108 CIV, 130290 HSC
09/08/23 - Amended Senate: 56.101 CIV, 56.108 CIV, 130290 HSC, 130290 HSC
09/18/23 - Enrolled: 56.101 CIV, 56.108 CIV, 130290 HSC, 130290 HSC
09/27/23 - Chaptered: 56.101 CIV, 56.108 CIV, 130290 HSC, 130290 HSC