BILL NUMBER: SB 168 CHAPTERED
BILL TEXT
CHAPTER 720
FILED WITH SECRETARY OF STATE OCTOBER 11, 2001
APPROVED BY GOVERNOR OCTOBER 10, 2001
PASSED THE SENATE SEPTEMBER 14, 2001
PASSED THE ASSEMBLY SEPTEMBER 14, 2001
AMENDED IN ASSEMBLY SEPTEMBER 12, 2001
AMENDED IN ASSEMBLY SEPTEMBER 10, 2001
AMENDED IN ASSEMBLY SEPTEMBER 5, 2001
AMENDED IN ASSEMBLY JULY 5, 2001
AMENDED IN ASSEMBLY JUNE 28, 2001
AMENDED IN ASSEMBLY JUNE 14, 2001
AMENDED IN ASSEMBLY JUNE 11, 2001
AMENDED IN SENATE APRIL 16, 2001
INTRODUCED BY Senator Bowen
(Principal coauthor: Assembly Member Alquist)
(Coauthors: Senators Kuehl, Romero, and Soto)
(Coauthors: Assembly Members Aroner, Jackson, Keeley, Koretz, and
Longville)
FEBRUARY 5, 2001
An act to amend Section 1785.15 of, to add Sections 1785.11.1,
1785.11.2, 1785.11.3, 1785.11.4, and 1785.11.6 to, and to add Title
1.81.1 (commencing with Section 1798.85) to Part 4 of Division 3 of,
the Civil Code, relating to personal information.
LEGISLATIVE COUNSEL'S DIGEST
SB 168, Bowen. Personal information: confidentiality: identity
theft.
(1) The Consumer Credit Reporting Agencies Act and the federal
Fair Credit Reporting Act provide for the regulation of consumer
credit reporting agencies, commonly known as credit bureaus, which
collect credit-related information on consumers and report this
information to subscribers. The Consumer Credit Reporting Agencies
Act requires certain notices and disclosures to be provided to
consumers with a mailing address in California, including a
requirement for providing a copy of a consumer's credit file to the
consumer for a reasonable fee not exceeding $8, and a requirement to
provide a toll-free telephone number for certain purposes, including
the opportunity for a consumer to elect to have his or her name
removed from lists supplied to creditors that are used to make firm
offers of credit, as defined, that were not initiated by the
consumer.
This bill would require, beginning July 1, 2002, consumer credit
reporting agencies to also accept security alerts, as defined, by
written request or via a toll-free telephone number, from consumers,
and would allow a consumer to request a consumer credit reporting
agency to impose a security freeze on release of any information from
his or her file. The bill would require a consumer credit reporting
agency to place a security alert in a consumer credit report within
5 business days of receiving a request to do so and to notify persons
using consumer credit reports of the existence of a security alert.
The bill would require that the security alert remain in effect for
at least 90 days and would allow a consumer to renew it.
The bill would also require, beginning January 1, 2003, a consumer
credit reporting agency to place a security freeze, as defined, on a
consumer credit report within 5 business days of receiving a request
to do so in writing by certified mail, and would prohibit the
release of information from a consumer credit report while the freeze
is in place, except as provided. Among other things, the bill would
also require a consumer credit reporting agency to provide a
consumer an identification number to be used for temporarily lifting
a freeze upon a consumer credit report or authorizing the subsequent
release of information from a consumer credit report that is subject
to a security freeze. The bill would also provide that a security
freeze shall remain in place until either the consumer requests to
have the security freeze removed, or upon discovery by the consumer
credit reporting agency that the consumer's credit report was frozen
due to a material misrepresentation by the consumer. The bill would
provide that it does not prevent a consumer credit reporting agency
from charging a reasonable fee to freeze, remove a freeze, or
temporarily lift a freeze regarding access to a consumer credit
report.
The bill would further require, beginning January 1, 2003, that,
if a security freeze is in place, a consumer credit reporting agency
must provide a consumer with written confirmation within 30 days
after making specified changes to information in a consumer's credit
report.
This bill would also exempt specified information services
companies from the requirements of placing a security alert or a
security freeze. The bill would additionally exempt from its
requirements certain consumer credit reporting agencies that act only
as resellers of consumer credit information and that do not maintain
permanent consumer credit data bases from which new credit reports
are produced, but would require these consumer credit reporting
agencies to honor any security freeze placed on a credit report by
any other consumer credit reporting agency.
The bill would also revise the written summary of rights that a
consumer credit reporting agency is required to provide to a consumer
to include information about security alerts and security freezes
and their consequences.
(2) Existing law provides for the use of social security numbers
as a means of identification in numerous applications.
This bill would prohibit any person or entity, not including a
state or local agency, as of July 1, 2002, from using an individual's
social security number in certain ways, including posting it
publicly or requiring it for access to products or services. This
bill would provide an exception to the above-described provisions for
a person or entity that meets specified conditions, but would
provide that an individual may prohibit the use of his or her social
security number in these circumstances by making a written request
and that there may be no charge for implementing this request. This
bill would also provide that its provisions do not prevent the
collection, use, or retention of social security numbers as required
by state or federal law, or the use of social security numbers for
internal verification or administrative purposes. The bill would
exempt from its requirements certain records required to be open to
the public pursuant to specified state laws. The bill would also
provide that the prohibition on the use of social security numbers
shall apply to providers of health care, health care service plans,
licensed health care professionals, contractors, as defined, pursuant
to delayed operative provisions.
(3) This bill would enact other related provisions.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Section 1785.11.1 is added to the Civil Code, to read:
1785.11.1. (a) A consumer may elect to place a security alert in
his or her credit report by making a request in writing or by
telephone to a consumer credit reporting agency. "Security alert"
means a notice placed in a consumer's credit report, at the request
of the consumer, that notifies a recipient of the credit report that
the consumer's identity may have been used without the consumer's
consent to fraudulently obtain goods or services in the consumer's
name.
(b) A consumer credit reporting agency shall notify each person
requesting consumer credit information with respect to a consumer of
the existence of a security alert in the credit report of that
consumer, regardless of whether a full credit report, credit score,
or summary report is requested.
(c) Each consumer credit reporting agency shall maintain a
toll-free telephone number to accept security alert requests from
consumers 24 hours a day, seven days a week.
(d) The toll-free telephone number shall be included in any
written disclosure by a consumer credit reporting agency to any
consumer pursuant to Section 1785.15 and shall be printed in a clear
and conspicuous manner.
(e) A consumer credit reporting agency shall place a security
alert on a consumer's credit report no later than five business days
after receiving a request from the consumer.
(f) The security alert shall remain in place for at least 90 days,
and a consumer shall have the right to request a renewal of the
security alert.
SEC. 2. Section 1785.11.2 is added to the Civil Code, to read:
1785.11.2. (a) A consumer may elect to place a security freeze on
his or her credit report by making a request in writing by certified
mail to a consumer credit reporting agency. "Security freeze" means
a notice placed in a consumer's credit report, at the request of the
consumer and subject to certain exceptions, that prohibits the
consumer credit reporting agency from releasing the consumer's credit
report or any information from it without the express authorization
of the consumer. When a security freeze is in place, information
from a consumer's credit report shall not be released to a third
party without prior express authorization from the consumer. This
subdivision does not prevent a consumer credit reporting agency from
advising a third party that a security freeze is in effect with
respect to the consumer's credit report.
(b) A consumer credit reporting agency shall place a security
freeze on a consumer's credit report no later than five business
days after receiving a written request from the consumer.
(c) The consumer credit reporting agency shall send a written
confirmation of the security freeze to the consumer within 10
business days and shall provide the consumer with a unique personal
identification number or password to be used by the consumer when
providing authorization for the release of his or her credit for a
specific party or period of time.
(d) If the consumer wishes to allow his or her credit report to be
accessed for a specific party or period of time while a freeze is in
place, he or she shall contact the consumer credit reporting agency,
request that the freeze be temporarily lifted, and provide the
following:
(1) Proper identification, as defined in subdivision (c) of
Section 1785.15.
(2) The unique personal identification number or password provided
by the credit reporting agency pursuant to subdivision (c).
(3) The proper information regarding the third party who is to
receive the credit report or the time period for which the report
shall be available to users of the credit report.
(e) A consumer credit reporting agency that receives a request
from a consumer to temporarily lift a freeze on a credit report
pursuant to subdivision (d), shall comply with the request no later
than three business days after receiving the request.
(f) A consumer credit reporting agency may develop procedures
involving the use of telephone, fax, the Internet, or other
electronic media to receive and process a request from a consumer to
temporarily lift a freeze on a credit report pursuant to subdivision
(d) in an expedited manner.
(g) A consumer credit reporting agency shall remove or temporarily
lift a freeze placed on a consumer's credit report only in the
following cases:
(1) Upon consumer request, pursuant to subdivision (d) or (j).
(2) If the consumer's credit report was frozen due to a material
misrepresentation of fact by the consumer. If a consumer credit
reporting agency intends to remove a freeze upon a consumer's credit
report pursuant to this paragraph, the consumer credit reporting
agency shall notify the consumer in writing prior to removing the
freeze on the consumer's credit report.
(h) If a third party requests access to a consumer credit report
on which a security freeze is in effect, and this request is in
connection with an application for credit or any other use, and the
consumer does not allow his or her credit report to be accessed for
that specific party or period of time, the third party may treat the
application as incomplete.
(i) If a consumer requests a security freeze, the consumer credit
reporting agency shall disclose the process of placing and
temporarily lifting a freeze, and the process for allowing access to
information from the consumer's credit report for a specific party or
period of time while the freeze is in place.
(j) A security freeze shall remain in place until the consumer
requests that the security freeze be removed. A consumer credit
reporting agency shall remove a security freeze within three business
days of receiving a request for removal from the consumer, who
provides both of the following:
(1) Proper identification, as defined in subdivision (c) of
Section 1785.15.
(2) The unique personal identification number or password provided
by the credit reporting agency pursuant to subdivision (c).
(k) A consumer credit reporting agency shall require proper
identification, as defined in subdivision (c) of Section 1785.15, of
the person making a request to place or remove a security freeze.
(l) The provisions of this section do not apply to the use of a
consumer report by the following:
(1) A person or entity, or a subsidiary, affiliate, or agent of
that person or entity, or an assignee of a financial obligation owing
by the consumer to that person or entity, or a prospective assignee
of a financial obligation owing by the consumer to that person or
entity in conjunction with the proposed purchase of the financial
obligation, with which the consumer has or had prior to assignment an
account or contract, including a demand deposit account, or to whom
the consumer issued a negotiable instrument, for the purposes of
reviewing the account or collecting the financial obligation owing
for the account, contract, or negotiable instrument. For purposes of
this paragraph, "reviewing the account" includes activities related
to account maintenance, monitoring, credit line increases, and
account upgrades and enhancements.
(2) A subsidiary, affiliate, agent, assignee, or prospective
assignee of a person to whom access has been granted under
subdivision (d) of Section 1785.11.2 for purposes of facilitating the
extension of credit or other permissible use.
(3) Any state or local agency, law enforcement agency, trial
court, or private collection agency acting pursuant to a court order,
warrant, or subpoena.
(4) A child support agency acting pursuant to Chapter 2 of
Division 17 of the Family Code or Title IV-D of the Social Security
Act (42 U.S.C. et seq.).
(5) The State Department of Health Services or its agents or
assigns acting to investigate Medi-Cal fraud.
(6) The Franchise Tax Board or its agents or assigns acting to
investigate or collect delinquent taxes or unpaid court orders or to
fulfill any of its other statutory responsibilities.
(7) The use of credit information for the purposes of prescreening
as provided for by the federal Fair Credit Reporting Act.
(m) Nothing in this act shall prevent a consumer credit reporting
agency from charging a reasonable fee to a consumer who elects to
freeze, remove the freeze, or temporarily lift the freeze regarding
access to a consumer credit report, except that a consumer reporting
agency may not charge a fee to a victim of identity theft who has
submitted a valid police report or valid Department of Motor Vehicles
investigative report that alleges a violation of Section 530.5 of
the Penal Code.
SEC. 3. Section 1785.11.3 is added to the Civil Code, to read:
1785.11.3. (a) If a security freeze is in place, a consumer
credit reporting agency shall not change any of the following
official information in a consumer credit report without sending a
written confirmation of the change to the consumer within 30 days of
the change being posted to the consumer's file: name, date of birth,
social security number, and address. Written confirmation is not
required for technical modifications of a consumer's official
information, including name and street abbreviations, complete
spellings, or transposition of numbers or letters. In the case of an
address change, the written confirmation shall be sent to both the
new address and to the former address.
(b) If a consumer has placed a security alert, a consumer credit
reporting agency shall provide the consumer, upon request, with a
free copy of his or her credit report at the time the 90-day security
alert period expires.
SEC. 4. Section 1785.11.4 is added to the Civil Code, to read:
1785.11.4. The provisions of Sections 1785.11.1, 1785.11.2, and
1785.11.3 do not apply to a consumer credit reporting agency that
acts only as a reseller of credit information pursuant to Section
1785.22 by assembling and merging information contained in the data
base of another consumer credit reporting agency or multiple consumer
credit reporting agencies, and does not maintain a permanent data
base of credit information from which new consumer credit reports are
produced. However, a consumer credit reporting agency acting
pursuant to Section 1785.22 shall honor any security freeze placed on
a consumer credit report by another consumer credit reporting
agency.
SEC. 5. Section 1785.11.6 is added to the Civil Code, to read:
1785.11.6. The following entities are not required to place in a
credit report either a security alert, pursuant to Section 1785.11.1,
or a security freeze, pursuant to Section 1785.11.2:
(a) A check services company, which issues authorizations for the
purpose of approving or processing negotiable instruments, electronic
funds transfers, or similar methods of payments.
(b) A demand deposit account information service company, which
issues reports regarding account closures due to fraud, substantial
overdrafts, ATM abuse, or similar negative information regarding a
consumer, to inquiring banks or other financial institutions for use
only in reviewing a consumer request for a demand deposit account at
the inquiring bank or financial institution.
SEC. 6. Section 1785.15 of the Civil Code is amended to read:
1785.15. (a) A consumer credit reporting agency shall supply
files and information required under Section 1785.10 during normal
business hours and on reasonable notice. In addition to the
disclosure provided by this chapter and any disclosures received by
the consumer, the consumer has the right to request and receive all
of the following:
(1) Either a decoded written version of the file or a written copy
of the file, including all information in the file at the time of
the request, with an explanation of any code used.
(2) A credit score for the consumer, the key factors, and the
related information, as defined in and required by Section 1785.15.1.
(3) A record of all inquiries, by recipient, which result in the
provision of information concerning the consumer in connection with a
credit transaction that is not initiated by the consumer and which
were received by the consumer credit reporting agency in the 12-month
period immediately preceding the request for disclosure under this
section.
(4) The recipients, including end users specified in Section
1785.22, of any consumer credit report on the consumer which the
consumer credit reporting agency has furnished:
(A) For employment purposes within the two-year period preceding
the request.
(B) For any other purpose within the 12-month period preceding the
request.
Identification for purposes of this paragraph shall include the
name of the recipient or, if applicable, the fictitious business name
under which the recipient does business disclosed in full. If
requested by the consumer, the identification shall also include the
address of the recipient.
(b) Files maintained on a consumer shall be disclosed promptly as
follows:
(1) In person, at the location where the consumer credit reporting
agency maintains the trained personnel required by subdivision (d),
if he or she appears in person and furnishes proper identification.
(2) By mail, if the consumer makes a written request with proper
identification for a copy of the file or a decoded written version of
that file to be sent to the consumer at a specified address. A
disclosure pursuant to this paragraph shall be deposited in the
United States mail, postage prepaid, within five business days after
the consumer's written request for the disclosure is received by the
consumer credit reporting agency. Consumer credit reporting agencies
complying with requests for mailings under this section shall not be
liable for disclosures to third parties caused by mishandling of
mail after the mailings leave the consumer reporting agencies.
(3) A summary of all information contained in files on a consumer
and required to be provided by Section 1785.10 shall be provided by
telephone, if the consumer has made a written request, with proper
identification for telephone disclosure.
(4) Information in a consumer's file required to be provided in
writing under this section may also be disclosed in another form if
authorized by the consumer and if available from the consumer credit
reporting agency. For this purpose a consumer may request disclosure
in person pursuant to Section 1785.10, by telephone upon disclosure
of proper identification by the consumer, by electronic means if
available from the consumer credit reporting agency, or by any other
reasonable means that is available from the consumer credit reporting
agency.
(c) "Proper identification," as used in subdivision (b) means that
information generally deemed sufficient to identify a person. Only
if the consumer is unable to reasonably identify himself or herself
with the information described above, may a consumer credit reporting
agency require additional information concerning the consumer's
employment and personal or family history in order to verify his or
her identity.
(d) The consumer credit reporting agency shall provide trained
personnel to explain to the consumer any information furnished him or
her pursuant to Section 1785.10.
(e) The consumer shall be permitted to be accompanied by one other
person of his or her choosing, who shall furnish reasonable
identification. A consumer credit reporting agency may require the
consumer to furnish a written statement granting permission to the
consumer credit reporting agency to discuss the consumer's file in
that person's presence.
(f) Any written disclosure by a consumer credit reporting agency
to any consumer pursuant to this section shall include a written
summary of all rights the consumer has under this title and in the
case of a consumer credit reporting agency which compiles and
maintains consumer credit reports on a nationwide basis, a toll-free
telephone number which the consumer can use to communicate with the
consumer credit reporting agency. The written summary of rights
required under this subdivision is sufficient if in substantially the
following form:
"You have a right to obtain a copy of your credit file from a
consumer credit reporting agency. You may be charged a reasonable
fee not exceeding eight dollars ($8). There is no fee, however, if
you have been turned down for credit, employment, insurance, or a
rental dwelling because of information in your credit report within
the preceding 60 days. The consumer credit reporting agency must
provide someone to help you interpret the information in your credit
file.
You have a right to dispute inaccurate information by contacting
the consumer credit reporting agency directly. However, neither you
nor any credit repair company or credit service organization has the
right to have accurate, current, and verifiable information removed
from your credit report. Under the Federal Fair Credit Reporting
Act, the consumer credit reporting agency must remove accurate,
negative information from your report only if it is over seven years
old. Bankruptcy information can be reported for 10 years.
If you have notified a consumer credit reporting agency in writing
that you dispute the accuracy of information in your file, the
consumer credit reporting agency must then, within 30 business days,
reinvestigate and modify or remove inaccurate information. The
consumer credit reporting agency may not charge a fee for this
service. Any pertinent information and copies of all documents you
have concerning an error should be given to the consumer credit
reporting agency.
If reinvestigation does not resolve the dispute to your
satisfaction, you may send a brief statement to the consumer credit
reporting agency to keep in your file, explaining why you think the
record is inaccurate. The consumer credit reporting agency must
include your statement about disputed information in a report it
issues about you.
You have a right to receive a record of all inquiries relating to
a credit transaction initiated in 12 months preceding your request.
This record shall include the recipients of any consumer credit
report.
You may request in writing that the information contained in your
file not be provided to a third party for marketing purposes.
You have a right to place a "security alert" in your credit
report, which will warn anyone who receives information in your
credit report that your identity may have been used without your
consent and that recipients of your credit report are advised, but
not required, to verify your identity prior to issuing credit. The
security alert may prevent credit, loans, and services from being
approved in your name without your consent. However, you should be
aware that taking advantage of this right may delay or interfere with
the timely approval of any subsequent request or application you
make regarding a new loan, credit, mortgage, insurance, rental
housing, employment, investment, license, cellular phone, utilities,
digital signature, Internet credit card transaction, or other
services, including an extension of credit at point of sale. If you
place a security alert on your credit report, you have a right to
obtain a free copy of your credit report at the time the 90-day
security alert period expires. A security alert may be requested by
calling the following toll-free telephone number: (Insert applicable
toll-free telephone number).
You have a right to place a "security freeze" on your credit
report, which will prohibit a consumer credit reporting agency from
releasing any information in your credit report without your express
authorization. A security freeze must be requested in writing by
certified mail. The security freeze is designed to prevent credit,
loans, and services from being approved in your name without your
consent. However, you should be aware that using a security freeze
to take control over who gets access to the personal and financial
information in your credit report may delay, interfere with, or
prohibit the timely approval of any subsequent request or application
you make regarding a new loan, credit, mortgage, insurance,
government services or payments rental housing, employment,
investment, license, cellular phone, utilities, digital signature,
Internet credit card transaction, or other services, including an
extension of credit at point of sale. When you place a security
freeze on your credit report, you will be provided a personal
identification number or password to use if you choose to remove the
freeze on your credit report or authorize the release of your credit
report for a specific party or period of time after the freeze is in
place. To provide that authorization you must contact the consumer
credit reporting agency and provide all of the following:
(1) The personal identification number or password.
(2) Proper identification to verify your identity.
(3) The proper information regarding the third party who is to
receive the credit report or the period of time for which the report
shall be available.
A consumer credit reporting agency must authorize the release of
your credit report no later than three business days after receiving
the above information.
A security freeze does not apply to a person or entity, or its
affiliates, or collection agencies acting on behalf of the person or
entity, with which you have an existing account, that requests
information in your credit report for the purposes of reviewing or
collecting the account. Reviewing the account includes activities
related to account maintenance, monitoring, credit line increases,
and account upgrades and enhancements.
You have a right to bring civil action against anyone, including a
consumer credit reporting agency, who improperly obtains access to a
file, knowingly or willfully misuses file data, or fails to correct
inaccurate file data."
SEC. 7. Title 1.81.1 (commencing with Section 1798.85) is added to
Part 4 of Division 3 of the Civil Code, to read:
TITLE 1.81.1. CONFIDENTIALITY OF SOCIAL SECURITY NUMBERS
1798.85. (a) A person or entity, not including a state or local
agency, shall not do any of the following:
(1) Publicly post or publicly display in any manner an individual'
s social security number. "Publicly post" or "publicly display"
means to intentionally communicate or otherwise make available to the
general public.
(2) Print an individual's social security number on any card
required for the individual to access products or services provided
by the person or entity.
(3) Require an individual to transmit his or her social security
number over the Internet unless the connection is secure or the
social security number is encrypted.
(4) Require an individual to use his or her social security number
to access an Internet Web site, unless a password or unique personal
identification number or other authentication device is also
required to access the Web site.
(5) Print an individual's social security number on any materials
that are mailed to the individual, unless state or federal law
requires the social security number to be on the document to be
mailed. Notwithstanding this provision, applications and forms sent
by mail may include social security numbers.
(b) Except as provided in subdivision (c), subdivision (a) applies
only to the use of social security numbers on or after July 1, 2002.
(c) Except as provided in subdivision (f), a person or entity, not
including a state or local agency, that has used, prior to July 1,
2002, an individual's social security number in a manner inconsistent
with subdivision (a), may continue using that individual's social
security number in that manner on or after July 1, 2002, if all of
the following conditions are met:
(1) The use of the social security number is continuous. If the
use is stopped for any reason, subdivision (a) shall apply.
(2) The individual is provided an annual disclosure, commencing in
the year 2002, that informs the individual that he or she has the
right to stop the use of his or her social security number in a
manner prohibited by subdivision (a).
(3) A written request by an individual to stop the use of his or
her social security number in a manner prohibited by subdivision (a)
shall be implemented within 30 days of the receipt of the request.
There shall be no fee or charge for implementing the request.
(4) A person or entity, not including a state or local agency,
shall not deny services to an individual because the individual makes
a written request pursuant to this subdivision.
(d) This section does not prevent the collection, use, or release
of a social security number as required by state or federal law or
the use of a social security number for internal verification or
administrative purposes.
(e) This section does not apply to documents that are recorded or
required to be open to the public pursuant to Chapter 3.5 (commencing
with Section 6250), Chapter 14 (commencing with Section 7150) or
Chapter 14.5 (commencing with Section 7220) of Division 7 of Title 1
of, or Chapter 9 (commencing with Section 54950) of Part 1 of
Division 2 of Title 5 of, the Government Code. This section does not
apply to records that are required by statute, case law, or
California Rule of Court, to be made available to the public by
entities provided for in Article VI of the California Constitution.
(f) (1) In the case of a health care service plan, a provider of
health care, an insurer or a pharmacy benefits manager, or a
contractor as defined in Section 56.05, this section shall become
operative in the following manner:
(A) On or before January 1, 2003, the entities listed in paragraph
(1) of subdivision (f) shall comply with paragraphs (1), (3), (4),
and (5) of subdivision (a) as these requirements pertain to
individual policyholders.
(B) On or before January 1, 2004, the entities listed in paragraph
(1) of subdivision (f) shall comply with paragraphs (1) to (5),
inclusive, of subdivision (a) as these requirements pertain to new
individual policyholders and new employer groups issued on or after
January 1, 2004.
(C) On or before July 1, 2004, the entities listed in paragraph
(1) of subdivision (f) shall comply with paragraphs (1) to (5),
inclusive, of subdivision (a) for all policyholders and for all
enrollees of the Healthy Families and Medi-Cal programs, except that
individual and employer group policyholders in existence prior to
January 1, 2004, shall comply upon their renewal date, but no later
than July 1, 2005.
(2) A health care service plan, a provider of health care, an
insurer or a pharmacy benefits manager, or a contractor shall make
reasonable efforts to
cooperate, through systems testing and other means, to ensure that
the requirements of this article are implemented on or before the
dates specified in this section.
(3) Notwithstanding paragraph (2), the Director of the Department
of Managed Health Care, pursuant to the authority granted under
Section 1346 of the Health and Safety Code, or the Insurance
Commissioner, pursuant to the authority granted under Section 12921
of the Insurance Code, and upon a determination of good cause, may
grant extensions not to exceed six months for compliance by health
care service plans and insurers with the requirements of this section
when requested by the health care service plan or insurer. Any
extension granted shall apply to the health care service plan or
insurer's affected providers, pharmacy benefits manager, and
contractors.
(g) If a federal law takes effect requiring the United States
Department of Health and Human Services to establish a national
unique patient health identifier program, a provider of health care,
a health care service plan, a licensed health care professional, or a
contractor, as those terms are defined in Section 56.05, that
complies with the federal law shall be deemed in compliance with this
section.
SEC. 8. Section 1 of this act shall become operative on July 1,
2002. Sections 2 and 3 of this act shall become operative on January
1, 2003.