BILL NUMBER: AB 262 INTRODUCED
BILL TEXT
INTRODUCED BY Assembly Member Chan
FEBRUARY 4, 2003
An act to amend Sections 56.05 and 56.10 of the Civil Code,
relating to personal information.
LEGISLATIVE COUNSEL'S DIGEST
AB 262, as introduced, Chan. Personal information.
(1) Existing law prohibits a provider of health care, a health
care service plan contractor, or corporation and its subsidiaries and
affiliates from intentionally sharing, selling, or otherwise using
any medical information, as defined, for any purpose not necessary to
provide health care services to a patient, except as expressly
authorized by the patient, enrollee, or subscriber, as specified, or
as otherwise required or authorized by law. Violation of these
provisions are subject to a civil action for compensatory and
punitive damages; and if a violation results in economic loss of
personal injury to a patient, it is punishable as a misdemeanor.
This bill would provide that this prohibition also applies to the
marketing of medical information, as defined, excluding from the
definition of marketing communications that are not made for
compensation from a 3rd party or for specified descriptive purposes,
or that are tailored to the circumstances of a particular individual,
as specified.
(2) The California Constitution requires the state to reimburse
local agencies and school districts for certain costs mandated by the
state. Statutory provisions establish procedures for making that
reimbursement.
This bill would provide that no reimbursement is required by this
act for a specified reason.
Vote: majority. Appropriation: no. Fiscal committee: yes.
State-mandated local program: yes.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Section 56.05 of the Civil Code is amended to read:
56.05. For purposes of this part:
(a) "Authorization" means permission granted in accordance with
Section 56.11 or 56.21 for the disclosure of medical information.
(b) "Authorized recipient" means any person who is authorized to
receive medical information pursuant to Section 56.10 or 56.20.
(c) "Contractor" means any person or entity that is a medical
group, independent practice association, pharmaceutical benefits
manager, or a medical service organization and is not a health care
service plan or provider of health care. "Contractor" does not
include insurance institutions as defined in subdivision (k) of
Section 791.02 of the Insurance Code or pharmaceutical benefits
managers licensed pursuant to the Knox-Keene Health Care Service Plan
Act of 1975 (Chapter 2.2 (commencing with Section 1340) of Division
2 of the Health and Safety Code).
(d) "Health care service plan" means any entity regulated pursuant
to the Knox-Keene Health Care Service Plan Act of 1975 (Chapter 2.2
(commencing with Section 1340) of Division 2 of the Health and Safety
Code).
(e) "Licensed health care professional" means any person licensed
or certified pursuant to Division 2 (commencing with Section 500) of
the Business and Professions Code, the Osteopathic Initiative Act or
the Chiropractic Initiative Act, or Division 2.5 (commencing with
Section 1797) of the Health and Safety Code.
(f) "Market" means to make a communication about a product or
service, a purpose of which is to encourage recipients of the
communication to purchase or use the product or service. "Marketing"
does not include any of the following:
(1) Communications made orally for which the writer does not
receive direct or indirect remuneration from a third party for making
the communication.
(2) Communications made for the purpose of describing a provider's
participation in a health care provider network or health plan
network, or for the purpose of describing if, and the extent to
which, a product or service, or payment for a product or service, is
provided by a provider or plan or included in a plan of benefits.
(3) Communications that are tailored to the circumstances of a
particular individual, if the communications are either made by a
health care provider to an individual as part of the treatment of the
individual, and for the purpose of furthering the treatment of that
individual, or made by a health care provider or health plan to an
individual in the course of managing the treatment of that individual
or for the purpose of directing or recommending to that individual
alternative treatments, therapies, health care providers, or settings
of care, so long as the health care provider or health plan is not
separately remunerated by a third party solely for making the
communication.
(g) "Medical information" means any individually
identifiable information, in electronic or physical form, in
possession of or derived from a provider of health care, health care
service plan, pharmaceutical company, or contractor regarding a
patient's medical history, mental or physical condition, or
treatment. "Individually identifiable" means that the medical
information includes or contains any element of personal identifying
information sufficient to allow identification of the individual,
such as the patient's name, address, electronic mail address,
telephone number, or social security number, or other information
that, alone or in combination with other publicly available
information, reveals the individual's identity.
(g)
(h) "Patient" means any natural person, whether or not still
living, who received health care services from a provider of health
care and to whom medical information pertains.
(h)
(i) "Pharmaceutical company" means any company or business,
or an agent or representative thereof, that manufactures, sells, or
distributes pharmaceuticals, medications, or prescription drugs.
"Pharmaceutical company" does not include a pharmaceutical benefits
manager, as included in subdivision (c), or a provider of health
care.
(i)
(j) "Provider of health care" means any person licensed or
certified pursuant to Division 2 (commencing with Section 500) of the
Business and Professions Code; any person licensed pursuant to the
Osteopathic Initiative Act or the Chiropractic Initiative Act; any
person certified pursuant to Division 2.5 (commencing with Section
1797) of the Health and Safety Code; any clinic, health dispensary,
or health facility licensed pursuant to Division 2 (commencing with
Section 1200) of the Health and Safety Code. "Provider of health
care" does not include insurance institutions as defined in
subdivision (k) of Section 791.02 of the Insurance Code.
SEC. 2. Section 56.10 of the Civil Code is amended to read:
56.10. (a) No provider of health care, health care service plan,
or contractor shall disclose medical information regarding a patient
of the provider of health care or an enrollee or subscriber of a
health care service plan without first obtaining an authorization,
except as provided in subdivision (b) or (c).
(b) A provider of health care, a health care service plan, or a
contractor shall disclose medical information if the disclosure is
compelled by any of the following:
(1) By a court pursuant to an order of that court.
(2) By a board, commission, or administrative agency for purposes
of adjudication pursuant to its lawful authority.
(3) By a party to a proceeding before a court or administrative
agency pursuant to a subpoena, subpoena duces tecum, notice to appear
served pursuant to Section 1987 of the Code of Civil Procedure, or
any provision authorizing discovery in a proceeding before a court or
administrative agency.
(4) By a board, commission, or administrative agency pursuant to
an investigative subpoena issued under Article 2 (commencing with
Section 11180) of Chapter 2 of Part 1 of Division 3 of Title 2 of the
Government Code.
(5) By an arbitrator or arbitration panel, when arbitration is
lawfully requested by either party, pursuant to a subpoena duces
tecum issued under Section 1282.6 of the Code of Civil Procedure, or
any other provision authorizing discovery in a proceeding before an
arbitrator or arbitration panel.
(6) By a search warrant lawfully issued to a governmental law
enforcement agency.
(7) By the patient or the patient's representative pursuant to
Chapter 1 (commencing with Section 123100) of Part 1 of Division 106
of the Health and Safety Code.
(8) By a coroner, when requested in the course of an investigation
by the coroner's office for the purpose of identifying the decedent
or locating next of kin, or when investigating deaths that may
involve public health concerns, organ or tissue donation, child
abuse, elder abuse, suicides, poisonings, accidents, sudden infant
death, suspicious deaths, unknown deaths, or criminal deaths, or when
otherwise authorized by the decedent's representative. Medical
information requested by the coroner under this paragraph shall be
limited to information regarding the patient who is the decedent and
who is the subject of the investigation and shall be disclosed to the
coroner without delay upon request.
(9) When otherwise specifically required by law.
(c) A provider of health care, or a health care service plan may
disclose medical information as follows:
(1) The information may be disclosed to providers of health care,
health care service plans, contractors, or other health care
professionals or facilities for purposes of diagnosis or treatment of
the patient. This includes, in an emergency situation, the
communication of patient information by radio transmission or other
means between emergency medical personnel at the scene of an
emergency, or in an emergency medical transport vehicle, and
emergency medical personnel at a health facility licensed pursuant to
Chapter 2 (commencing with Section 1250) of Division 2 of the Health
and Safety Code.
(2) The information may be disclosed to an insurer, employer,
health care service plan, hospital service plan, employee benefit
plan, governmental authority, contractor, or any other person or
entity responsible for paying for health care services rendered to
the patient, to the extent necessary to allow responsibility for
payment to be determined and payment to be made. If (A) the patient
is, by reason of a comatose or other disabling medical condition,
unable to consent to the disclosure of medical information and (B) no
other arrangements have been made to pay for the health care
services being rendered to the patient, the information may be
disclosed to a governmental authority to the extent necessary to
determine the patient's eligibility for, and to obtain, payment under
a governmental program for health care services provided to the
patient. The information may also be disclosed to another provider
of health care or health care service plan as necessary to assist the
other provider or health care service plan in obtaining payment for
health care services rendered by that provider of health care or
health care service plan to the patient.
(3) The information may be disclosed to any person or entity that
provides billing, claims management, medical data processing, or
other administrative services for providers of health care or health
care service plans or for any of the persons or entities specified in
paragraph (2). However, no information so disclosed shall be
further disclosed by the recipient in any way that would be violative
of this part.
(4) The information may be disclosed to organized committees and
agents of professional societies or of medical staffs of licensed
hospitals, licensed health care service plans, professional standards
review organizations, independent medical review organizations and
their selected reviewers, utilization and quality control peer review
organizations as established by Congress in Public Law 97-248 in
1982, contractors, or persons or organizations insuring, responsible
for, or defending professional liability that a provider may incur,
if the committees, agents, health care service plans, organizations,
reviewers, contractors, or persons are engaged in reviewing the
competence or qualifications of health care professionals or in
reviewing health care services with respect to medical necessity,
level of care, quality of care, or justification of charges.
(5) The information in the possession of any provider of health
care or health care service plan may be reviewed by any private or
public body responsible for licensing or accrediting the provider of
health care or health care service plan. However, no
patient-identifying medical information may be removed from the
premises except as expressly permitted or required elsewhere by law,
nor shall that information be further disclosed by the recipient in
any way that would violate this part.
(6) The information may be disclosed to the county coroner in the
course of an investigation by the coroner's office when requested for
all purposes not included in paragraph (8) of subdivision (b).
(7) The information may be disclosed to public agencies, clinical
investigators, including investigators conducting epidemiologic
studies, health care research organizations, and accredited public or
private nonprofit educational or health care institutions for bona
fide research purposes. However, no information so disclosed shall
be further disclosed by the recipient in any way that would disclose
the identity of any patient or be violative of this part.
(8) A provider of health care or health care service plan that has
created medical information as a result of employment-related health
care services to an employee conducted at the specific prior written
request and expense of the employer may disclose to the employee's
employer that part of the information that:
(A) Is relevant in a lawsuit, arbitration, grievance, or other
claim or challenge to which the employer and the employee are parties
and in which the patient has placed in issue his or her medical
history, mental or physical condition, or treatment, provided that
information may only be used or disclosed in connection with that
proceeding.
(B) Describes functional limitations of the patient that may
entitle the patient to leave from work for medical reasons or limit
the patient's fitness to perform his or her present employment,
provided that no statement of medical cause is included in the
information disclosed.
(9) Unless the provider of health care or health care service plan
is notified in writing of an agreement by the sponsor, insurer, or
administrator to the contrary, the information may be disclosed to a
sponsor, insurer, or administrator of a group or individual insured
or uninsured plan or policy that the patient seeks coverage by or
benefits from, if the information was created by the provider of
health care or health care service plan as the result of services
conducted at the specific prior written request and expense of the
sponsor, insurer, or administrator for the purpose of evaluating the
application for coverage or benefits.
(10) The information may be disclosed to a health care service
plan by providers of health care that contract with the health care
service plan and may be transferred among providers of health care
that contract with the health care service plan, for the purpose of
administering the health care service plan. Medical information may
not otherwise be disclosed by a health care service plan except in
accordance with the provisions of this part.
(11) Nothing in this part shall prevent the disclosure by a
provider of health care or a health care service plan to an insurance
institution, agent, or support organization, subject to Article 6.6
(commencing with Section 791) of Part 2 of Division 1 of the
Insurance Code, of medical information if the insurance institution,
agent, or support organization has complied with all requirements for
obtaining the information pursuant to Article 6.6 (commencing with
Section 791) of Part 2 of Division 1 of the Insurance Code.
(12) The information relevant to the patient's condition and care
and treatment provided may be disclosed to a probate court
investigator engaged in determining the need for an initial
conservatorship or continuation of an existent conservatorship, if
the patient is unable to give informed consent, or to a probate court
investigator, probation officer, or domestic relations investigator
engaged in determining the need for an initial guardianship or
continuation of an existent guardianship.
(13) The information may be disclosed to an organ procurement
organization or a tissue bank processing the tissue of a decedent for
transplantation into the body of another person, but only with
respect to the donating decedent, for the purpose of aiding the
transplant. For the purpose of this paragraph, the terms "tissue
bank" and "tissue" have the same meaning as defined in Section 1635
of the Health and Safety Code.
(14) The information may be disclosed when the disclosure is
otherwise specifically authorized by law, such as the voluntary
reporting, either directly or indirectly, to the federal Food and
Drug Administration of adverse events related to drug products or
medical device problems.
(15) Basic information, including the patient's name, city of
residence, age, sex, and general condition, may be disclosed to a
state or federally recognized disaster relief organization for the
purpose of responding to disaster welfare inquiries.
(16) The information may be disclosed to a third party for
purposes of encoding, encrypting, or otherwise anonymizing data.
However, no information so disclosed shall be further disclosed by
the recipient in any way that would be violative of this part,
including the unauthorized manipulation of coded or encrypted medical
information that reveals individually identifiable medical
information.
(17) For purposes of disease management programs and services as
defined in Section 1399.901 of the Health and Safety Code,
information may be disclosed as follows: (A) to any entity
contracting with a health care service plan or the health care
service plan's contractors to monitor or administer care of enrollees
for a covered benefit, provided that the disease management services
and care are authorized by a treating physician, or (B) to any
disease management organization, as defined in Section 1399.900 of
the Health and Safety Code, that complies fully with the physician
authorization requirements of Section 1399.902 of the Health and
Safety Code, provided that the health care service plan or its
contractor provides or has provided a description of the disease
management services to a treating physician or to the health care
service plan's or contractor's network of physicians. Nothing in
this paragraph shall be construed to require physician authorization
for the care or treatment of the adherents of any well-recognized
church or religious denomination who depend solely upon prayer or
spiritual means for healing in the practice of the religion of that
church or denomination.
(d) Except to the extent expressly authorized by the patient or
enrollee or subscriber or as provided by subdivisions (b) and (c), no
provider of health care, health care service plan contractor, or
corporation and its subsidiaries and affiliates shall intentionally
share, sell, market, or otherwise use any medical
information for any purpose not necessary to provide health care
services to the patient.
(e) Except to the extent expressly authorized by the patient or
enrollee or subscriber or as provided by subdivisions (b) and (c), no
contractor or corporation and its subsidiaries and affiliates shall
further disclose medical information regarding a patient of the
provider of health care or an enrollee or subscriber of a health care
service plan or insurer or self-insured employer received under this
section to any person or entity that is not engaged in providing
direct health care services to the patient or his or her provider of
health care or health care service plan or insurer or self-insured
employer.
(f) This section shall become operative January 1, 2003.
SEC. 3. No reimbursement is required by this act pursuant to
Section 6 of Article XIII B of the California Constitution because
the only costs that may be incurred by a local agency or school
district will be incurred because this act creates a new crime or
infraction, eliminates a crime or infraction, or changes the penalty
for a crime or infraction, within the meaning of Section 17556 of the
Government Code, or changes the definition of a crime within the
meaning of Section 6 of Article XIII B of the California
Constitution.