BILL ANALYSIS �
AB 952
Page 1
Date of Hearing: May 5, 2009
ASSEMBLY COMMITTEE ON HEALTH
Dave Jones, Chair
AB 952 (Krekorian) - As Introduced: February 26, 2009
SUBJECT : Health information: health plans.
SUMMARY : Revises the Confidentiality of Medical Information
Act (CMIA) to authorize, notwithstanding any other provision of
law, a health plan, as defined in federal law, to disclose
summary health information (SHI) and protected health
information (PHI) to the health plan's third party
administrator, or to another health plan, to the extent
authorized by, and in a manner consistent with the federal
Health Insurance Portability and Accountability Act of 1996
(HIPAA) and HIPAA regulations. For purposes of this bill, and
the disclosures authorized, makes applicable in CMIA the federal
HIPAA definitions of health plan, PHI and SHI. Specifically,
this bill :
1)Authorizes a health plan, as that term is defined in federal
HIPAA, notwithstanding any other provision of law, to disclose
SHI and PHI to the health plan's third party administrator, or
to another health plan, to the extent authorized by, and in a
manner consistent with federal HIPAA and HIPAA regulations.
2)Defines the following, for purposes of this bill, by reference
to federal HIPAA regulations:
a) "Health plan" as an individual or group plan that
provides, or pays the cost of, medical care, and which
includes the following, singly or in combination, among
other specified entities: an employer welfare benefit plan;
specified state and federal coverage plans; a group health
plan, organized pursuant to the Employer Income Retirement
Security Act (ERISA); a health insurance issuer or an HMO;
or any other individual or group plans that provide or pay
for medical care;
b) "PHI" as individually identifiable health information,
which identifies an individual or can be used to identify
an individual; and,
c) "SHI" as information that may be individually
identifiable health information and that summarizes claims
history, claims expenses, or types of claims experienced by
�
AB 952
Page 2
individuals for whom a plan sponsor has provided health
benefits under a group health plan, and from which
individual identifying information has been removed (such
as name, social security numbers, health plan membership
number, e-mail addresses or any number, characteristic or
code that can be used to identify an individual) and which
need only be aggregated to the geographic zip code level.
EXISTING LAW :
1)Provides for regulation of health plans by the Department of
Managed Health Care (DMHC) under the Knox-Keene Health Care
Service Plan Act of 1975 (Knox-Keene) and for regulation of
health insurers by the California Department of Insurance
(CDI) under the Insurance Code.
2)Prohibits health plans and health insurers, under Knox-Keene
and the Insurance Code, respectively, from releasing any
information to an employer that would directly or indirectly
indicate that an employee is receiving or has received
services from a health care provider covered by the health
plan or insurer unless authorized to do so by the employee.
3)Prohibits, under the CMIA, a provider of health care, health
care service plan, or health care contractor from disclosing a
person's medical information without first obtaining that
person's authorization, except as specified.
4)Requires under the CMIA, notwithstanding 3) above, a health
care provider, health care service plan, or health care
contractor to disclose medical information if required by a
subpoena, search warrant, or other court order.
5)Permits under the CMIA, a provider, plan, or contractor to
disclose information in other specified circumstances,
including for purposes of diagnosis or treatment or as
necessary to provide billing or other administrative services
to the provider or plan. Prohibits a provider, plan, or
contractor from disclosing a person's medical information for
marketing purposes, or any other purpose not necessary to
provide health care services to the patient, without express
authorization from that person.
6)Prohibits, under the California Insurance Information and
Privacy Protection Act, insurers, including health insurers,
�
AB 952
Page 3
from disclosing any personal or privileged individual
information collected or received in an insurance transaction,
except as specified, including that the information may be
disclosed to insurers, agents, or self-insurers if related to
an insurance transaction involving the individual, as
specified, and to a group policyholder for the purpose of
reporting claims experience or conducting an audit of an
insurer or agent, as specified.
7)Under HIPAA, prohibits, with exceptions, covered entities from
using or disclosing PHI, except pursuant to a written
authorization signed by the patient or for treatment, payment
or health care operations, and generally requires a covered
entity to make reasonable efforts to limit the use or
disclosure of PHI to the minimum necessary to accomplish the
intended purpose of the disclosure.
8)Defines in federal HIPAA regulations:
a) "Group health plan" as an employee welfare benefit plan,
as defined in ERISA, including insured and self-insured
plans;
b) "Health insurance issuer" as an insurance company,
insurance service or insurance organization, including an
HMO, licensed to engage in the business of insurance in a
state and subject to state laws that regulate insurance;
c) "PHI" as individually identifiable health information,
which identifies an individual or can be used to identify
an individual; and,
d) "SHI" as information that may be individually
identifiable health information and that summarizes claims
history, claims expenses, or types of claims experienced by
individuals for whom a plan sponsor has provided health
benefits under a group health plan, and from which
individual identifying information has been removed (such
as name, social security numbers, health plan membership
number, e-mail addresses or any number, characteristic or
code that can be used to identify an individual) and which
need only be aggregated to the geographic zip code level.
9)Under federal ERISA, authorizes one or more employers, or
employee organizations, to voluntarily establish an employee
welfare benefit plan for the purpose of providing for its
participants or their beneficiaries, through the purchase of
insurance or otherwise, specified benefits, including health
�
AB 952
Page 4
care benefits, and sets minimum standards related to the
rights and protection of individuals in these plans, subject
to oversight by the federal Department of Labor (DOL).
10)Defines in federal ERISA regulations:
a) "Employer" as any person acting directly as an employer,
or indirectly in the interest of an employer, in relation
to an employee benefit plan;
b) "Plan" as an employee welfare benefit plan, which means
any plan, fund, or program established or maintained by an
employer or employee organization, or by both, for the
purposes of providing employee benefits, including but not
limited to, health benefits;
c) "Plan administrator" as the person specifically
designated by the terms of the plan; and,
d) "Plan sponsor" as an employer or employee organization,
or joint employer-employee plan or trust.
FISCAL EFFECT : This bill has not yet been analyzed by a fiscal
committee.
COMMENTS :
1)PURPOSE OF THIS BILL . According to the author, California has
some of the most strict and effective patient privacy
regulations for health plans governed by DMHC and CDI. The
author acknowledges that these regulations, codified in the
CMIA, contain intentionally greater protections than are
provided under federal HIPAA. However, according to the
author, in recently adopted federal regulations around HIPAA,
a problem has emerged with provisions that give deference in
the implementation of HIPAA to more strict state law. As a
result, a uniquely structured class of health plans present in
California (ERISA Taft-Hartley Trusts regulated by the federal
DOL) is unduly burdened by a quirk in state law. The author
contends that both HIPAA and the CMIA allow appropriate PHI to
be shared with appropriate health plan administrators in order
to facilitate efficient and proper administration of health
benefits for patients and consumers. The author argues that
if PHI is not allowed to be shared with the Taft-Hartley plan,
consistent with HIPAA and CMIA, the Taft-Hartley plan will not
know whether it is paying health care providers for the
appropriate benefits, for the right patients and consumers,
and at the appropriate level of compensation. The author
�
AB 952
Page 5
indicates that the unfortunate quirk in CMIA is that it does
not recognize an ERISA DOL Taft-Hartley Health plan as a
"health plan, " and therefore health care providers, in the
absence of state law regarding Taft-Hartley plans, are
imposing requirements for sharing PHI that are even more
stringent than state law. According to the author, this bill
allows for Taft-Hartley Trusts to share PHI and SHI in a
manner consistent with and as authorized by HIPAA.
2)BACKGROUND . According to the Privacy Rights Clearinghouse
(PRC) in San Diego, California, many people consider
information about their health to be highly sensitive,
deserving of the strongest protection under the law.
Long-standing laws in many states and the age-old tradition of
doctor-patient privilege have been the mainstay of privacy
protection for decades. The federal HIPAA sets a national
standard for privacy of health information, under the Privacy
Rule, but HIPAA only applies to medical records maintained by
health care providers, health plans, and health clearinghouses
- and only if the facility maintains and transmits records in
electronic form. PRC points out that a great deal of
health-related information exists outside of health care
facilities and the files of health plans, and thus beyond the
reach of HIPAA. The extent of privacy protection given to
medical information often depends on where the records are
located and the purpose for which the information was
compiled. The laws that cover privacy of medical information
vary by situation. PRC indicates that confidentiality is
likely to be lost in return for insurance coverage, an
employment opportunity, application for a government benefit,
or an investigation of health and safety at a work site.
Medical records are created when a patient receives treatment
from a health professional such as a physician, nurse,
dentist, chiropractor, or psychiatrist. Records may include a
person's medical history, details about lifestyle (such as
smoking or involvement in high-risk sports), and family
medical history. In addition, medical records contain
laboratory test results, medications prescribed, and reports
that indicate the results of operations and other medical
procedures. Medical records could also include the results of
genetic testing used to predict future health.
3)HIPAA . The privacy regulations enacted pursuant to HIPAA
became effective April 14, 2003. HIPAA Privacy Rules only
apply to covered entities, including health care providers,
�
AB 952
Page 6
health plans and health care clearinghouses, such as medical
billing services. HIPAA applies to covered entities when they
use electronic means to perform HIPAA covered transactions,
including transmission of health claims, remittance and
payment advice, and even simply accessing a health plan's web
site to check the eligibility of a patient. If a provider or
health plan is covered by HIPAA, then all PHI held by the
provider, whether in paper, oral, or electronic form, is
subject to HIPAA Privacy Rules. HIPAA covers any information
about a person's past, present or future mental or physical
health, including information about payment for health care
services. A person's health information, combined with some
fact that identifies the person, (name, address, telephone
number, social security number, etc.) is referred to as PHI.
PHI can be oral, handwritten or entered into a computer.
HIPAA generally requires patient authorization to disclose
information for non-treatment purposes, such as to employers,
life insurers, underwriters, or researchers. Under federal
law, patient authorization is not required when medical
information is used for treatment, payment or health care
operations disclosed as part of specified "business associate"
relationships established through contract. Disclosure for
non-treatment purposes must generally be limited to the
minimum necessary to accomplish the purpose of the disclosure.
Under federal law, if a HIPAA provision conflicts with a
provision of state law, the provision that is most protective
of patient privacy prevails.
4)CMIA . As a general rule, under CMIA, health care providers
and Knox-Keene health care service plans are prohibited from
disclosing a patient's confidential medical information
without the consent of the patient. (Note: Health insurers
subject to the jurisdiction of the Insurance Commissioner are
covered by Insurance Code privacy protections related to
personal or privileged information collected or transmitted in
an insurance transaction, but are not subject to CMIA.)
However, there are many exceptions to this rule, where
disclosure by the plan or provider is either required or
permitted by law. Under CMIA, a provider or health plan is
required to release medical record information, even without a
patient's written authorization, to the following, among
others:
a) A court pursuant to a court order;
b) A board, commission, or administrative agency for
�
AB 952
Page 7
purposes of resolving a dispute pursuant to its lawful
authority;
c) A party to a proceeding before a court or administrative
agency pursuant to an investigative subpoena;
d) An arbitrator or arbitration panel, when arbitration is
lawfully requested by either party pursuant to a subpoena;
and,
e) A government law enforcement agency pursuant to a search
warrant.
Under CMIA, a health plan or health care provider ma y, in
their discretion, release medical information without the
patient's written authorization to the following entities in
the following limited circumstances:
f) Billing, claims management, medical data processing or
other administrative services for the health care provider
or health plan;
g) Organizations or professional societies that review the
competence or qualifications of health care professionals;
h) Any private or public body responsible for licensing or
accrediting health care providers or health plans for
review at the premises of the health care provider or
health plan;
i) County coroner in the course of an investigation by the
coroner's office;
j) Agencies, investigators, and educational and research
organizations engaged in bona fide research projects
provided that the recipient does not further disclose a
person's identity;
aa) An employer who has paid for employment-related health
care services in connection with a lawsuit or arbitration
dispute where the medical condition is an issue, provided
that the information is disclosed only in connection to the
proceeding, or when used to determine entitlement to leave
from work for medical reasons or physical limitations that
prevent a person from performing his or her job;
bb) The sponsor, insurer, or administrator of a group or
individual health plan for the purpose of evaluating the
application for coverage of benefits;
cc) A health care service plan for the purpose of
transferring a patient to other health care providers in
the plan;
dd) Probate officers or domestic relations investigators for
the purposes of determining the need for a conservatorship
�
AB 952
Page 8
or guardianship;
ee) Organ procurement organizations or tissue banks for
purpose of aiding a transplant;
ff) Federal Food and Drug Administration when medical
information relates to problems with drug products or
medical devices;
gg) Disaster relief organizations for the purpose of
responding to disaster welfare inquiries, but only basic
information such as name, city of residence, age, sex and
general condition may be disclosed;
hh) Third parties for purposes of encoding, encrypting, or
otherwise making information anonymous; and,
ii) Disease management organizations that provide services
to patients in order to improve their overall health in
accordance with certain practice guidelines to which a
physician refers a patient.
5)ERISA . ERISA is a federal law that sets minimum standards for
most pension and group health plans (group benefit plans)
voluntarily established by employers and employee
organizations, including Taft-Hartley group benefit plans, or
trusts (Taft-Hartley Trusts). ERISA requires group benefit
plans to provide participants with plan information including
important information about plan features and funding;
provides fiduciary responsibilities for those who manage and
control plan assets; requires plans to establish a grievance
and appeals process for participants to get benefits from
their plans; and gives participants the right to sue for
benefits and breaches of fiduciary duty. ERISA's treatment of
group benefit plans is both complicated and confusing. ERISA
has been interpreted as dividing group benefit plans into two
groups regulated differently under the law: a) individuals who
are covered by self-insured group benefit plans for which the
employer, rather than an insurer, assumes the risk for paying
for covered services; and b) individuals who are covered by
insurance purchased by the group benefit plan. ERISA also
distinguishes between the regulation of group benefit plans
and the business of insurance, for purposes of determining
federal and state regulatory authority. As these
distinctions are not clear cut, ERISA has been the subject of
many court cases. Generally speaking, ERISA permits states to
regulate the business of insurance, including instances where
an ERISA plan contracts with a state licensed insurer to
provide health care to the employees, in which case the
contracted insurer is subject to state insurance regulation.
�
AB 952
Page 9
ERISA generally preempts states from regulating health
benefits provided by a self-insured ERISA plan. Some ERISA
group benefit plans offer choice of coverage to employees,
which might include a self-insured coverage option, generally
a Preferred Provider Organization, and a fully insured
coverage option, such as an HMO.
In short, only ERISA applies to self-insured health plans,
while both ERISA and state insurance regulatory authority
apply to insured health plans covering employees in an ERISA
group benefit plan. The distinction is important because
federal and state laws governing health plans are different in
areas such as consumer rights, provider compensation, claims
payment, access to care and mandated coverage.
6)TAFT-HARTLEY TRUSTS . Under ERISA, Taft-Hartley Trusts can be
established as group benefit plans to provide employee
benefits for private sector unionized employees. Taft-Hartley
Trusts have five basic characteristics: a) one or more
employers contribute to the plan; b) the plan is collectively
bargained with each participating employer; c) the plan and
its assets are managed by a joint board of trustees equally
representative of labor and management; d) assets are placed
in a trust fund; and, e) mobile employees can change employers
without losing health or pension coverage provided the new job
is with an employer who participates in the same Taft-Hartley
trust fund. Unions negotiate for employer contributions to a
Taft-Hartley plan, rather than for specific benefits and cost
sharing provisions. Typically, employer contributions are a
flat rate based on covered employment, such as $1.75 per hour
of covered service. Some unions negotiate for monthly
contributions to provide for more financial stability. The
number of hours employees must work during a given time period
to be eligible for coverage is negotiated with the employer.
A new Taft-Hartley Trust cannot provide benefits to its
members until sufficient reserves have been accumulated.
Taft-Hartley Trusts may provide more than just health benefits
and, for example, can also include pension benefits, life and
disability insurance, vacation, severance and holiday
benefits, child care centers, legal services, and financial
assistance for employee housing. According to an article in
the newsletter of the American Federation of State, County and
Municipal Employees, approximately 93% of Taft-Hartley plans
are wholly or partially self-funded for health care. As
�
AB 952
Page 10
discussed above, as ERISA group benefit plans, Taft-Hartley
Trusts are exempt from state insurance regulation, including
mandated benefit requirements. According to the California
HealthCare Foundation nearly three million Californians
receive their health care coverage through a Taft-Hartley
Trust.
7)SUPPORT . Pacific Federal (Pac-Fed), sponsor of this bill,
writes in support that this bill will benefit health care
coverage provided to the three million Californians who are
covered in DOL health plans. According to Pac-Fed, federal
HIPAA law permits the sharing of information between state and
federal regulated plans. Pac-Fed identifies areas when this
exchange of information is necessary including: verifying
accuracy of claims; coordinating courses of treatment;
establishing and conducting wellness programs; funding
appropriate reserves for future claims; advocating for claims
payment; establishing pricing for contracted health plan
services; monitoring large claims; and transferring risk and
reinsurance to a new contracted health plan. Valley Industry
and Commerce Association (VICA) writes that California law
places restrictions on the flow of SHI and PHI between health
plans, which makes it difficult for Taft-Hartley Trusts to
rapidly deliver services to those who rely on them. According
to VICA, this bill will allow for the flow of information
between health plans that otherwise would not be able to
occur. Western Alliance Trust (WAT) Fund supports this bill
and argues that the exchange of PHI is a necessary component
of health plan treatment, risk-sharing or reinsurance
relationships. WAT complains that one provider would not
share medical information, claiming that California law is
applicable not federal law.
Neighborhood Legal Services (NLS) of California supports this
bill because NLS believes that it strikes the right balance
between protecting individual rights and ensuring the health
insurance delivery system is able to meet the needs of working
Californians. According to NLS, the primary impact of this
bill is to conform California law to federal HIPAA by
permitting the sharing of administrative and PHI between
health plans and health plan business associates.
8)OPPOSE UNLESS AMENDED . Kaiser Permanente opposes this bill
unless it is amended to limit disclosures of individually
identifiable medical information to those currently permitted
for payment purposes under the CMIA, and to expressly provide
�
AB 952
Page 11
that no further use or disclosure of the information may be
made. According to Kaiser, as written, this bill puts health
plans like Kaiser Permanente between competing statutory
directions--on the one hand to disclose PHI with third party
administrators and on the other to comply with the strict
dictates of CMIA, which permits only very limited disclosures
of medical information without the express written
authorization of the individuals affected. Kaiser writes that
it understands the need of certain third party administrators,
including Taft-Hartley trusts to secure limited medical
information for paying claims and other payment-related
purposes. Kaiser would therefore remove its opposition if
this bill is amended: a) to incorporate changes to the
existing CMIA payment exception that expressly incorporate the
HIPAA definition of "health plan" that includes Taft-Hartley
trusts and other entities involved in payment of health care
claims; and b) to expressly provide that no further use or
disclosure of the medical information received for payment
purposes may be permitted.
9)OPPOSITION . World Privacy Forum (the Forum) is opposed to
this bill and objects to the inclusion of the clause
"notwithstanding any other provision of law" because it is
unclear what it means. The Forum expresses the concern that
the inclusion of that phrase may be interpreted to exempt the
disclosures permitted in this bill from the possibility of any
civil or criminal liability. According to the Forum, if there
is some specific provision of California law that would
prohibit the disclosure which is being sought it should be
clearly identified on the record so that the reasons for
changing it can be evaluated. The Forum is also concerned
about the placement of the new section added in this bill
outside of the existing CMIA. The Forum contends that since
this bill places a new section outside of CMIA it would appear
to completely exempt all disclosures authorized from the
limitations and restrictions of CMIA, including the
prohibition on a provider or health plan using a person's
medical information, without their authorization, for purposes
not necessary to provide health care service to the patient.
The Forum recommends that, presuming the specific statutory
barrier and the need for a new disclosure authorization can be
justified on the public record, any new disclosures authorized
be included within the existing provisions of CMIA. Finally,
the Forum suggests that any new authorizations for disclosure
of medical information include restrictions on the entities
�
AB 952
Page 12
receiving the information and their subsequent use of the
information to ensure that information disclosed for health
plan purposes cannot be used against an employee in any way.
Privacy Rights Clearinghouse (PRC) writes in opposition to this
bill that while HIPAA may allow the disclosures in this bill,
it appears that no provision of the CMIA authorizes the
disclosures. PRC writes further that just because a
particular disclosure is allowed by the HIPAA health privacy
rule does not mean that it should be allowed under California
law. PRC writes with the particular concern that this bill
may result in the disclosure of summary health information to
a plan sponsor - for example, an employer -- which might be
identifiable, notwithstanding the required removal of some
identifiers to meet HIPAA standards. PRC writes that it is
strongly opposed to provisions of law that have the potential
to sweep away privacy and patient protections.
10)RELATED LEGISLATION . AB 562 (Cook) would require a health
insurance issuer to, upon request, provide specified aggregate
and individual health care claims information, for employers
with more than 50 employees, to an employee welfare benefit
plan (maintained by an employer(s) or employee
organization(s)), joint employer-employee plan, a governmental
entity, or plan administrator, as specified. AB 562 failed
passage in the Assembly Health Committee on April 21, 2009.
11)DOUBLE REFERRAL . This bill is double referred, should it
pass out of this committee, it will be referred to the
Committee on Judiciary.
12)POLICY ISSUES .
a) Confusion of terminology in state and federal law . This
bill would incorporate federal definitions into a new
section in the CMIA, including the federal HIPAA definition
of a health plan. The federal definition, intended to
apply HIPAA protections broadly to any and all entities
engaged in providing health care services across the 50
states, is necessarily broad and all-inclusive. For
example, the federal definition takes in all employer
welfare benefit plans and group benefit plans, even those
that are self-insured for health care. However, at the
state level, a health plan or insurer is an entity subject
to state insurance regulation and would not include
�
AB 952
Page 13
self-insured ERISA plans, such as Taft-Hartley Trusts.
Federal ERISA prohibits states from including ERISA plans
as health plans for state law purposes and precludes their
regulation as health plans under state law. To be a
health plan under California law, an entity would have to
be either licensed by DMHC or certificated as an insurer by
CDI. This bill authorizes "health plans" to provide
specified information to other health plans, incorporating
the federal definition in California's CMIA, which
generally applies to health care providers and
DMHC-regulated health plans. It is unclear what the effect
of this bill would be, specifically what the impact would
be of including all types of health plans anticipated in
federal law within the state privacy law. It is also
unclear which entities subject to state oversight would be
authorized to disclose the medical information of patients
and to whom they would be authorized to disclose it under
this bill.
b) Self-insured v. fully insured . Proponents of this bill
state that they are seeking an information exchange between
Taft-Hartley Trusts and the fully-insured health plans that
are contracted to provide health care services to workers
eligible to receive health care through the Trust. They
seek the information exchange on the basis that they are a
health plan. CMIA already allows for disclosure by a
health care provider or health plan of medical information,
to various entities, including employee benefit plans, to
the extent necessary to allow responsibility for payment to
be determined and payment to be made. However, once a
Trust or other group benefit plan contracts with a fully
insured health plan, such as an HMO licensed under
Knox-Keene, the Knox-Keene plan is obligated to assume all
administrative functions, pay all claims, set provider
fees, respond to consumer complaints, bear all financial
risk and coordinate and provide for treatment. In this
instance, the Taft-Hartley is a purchaser of insurance,
which pays premiums, but no longer has responsibility for
day-to-day claims payment or the administrative functions
typically performed by a health plan. It is unclear why a
Taft-Hartley trust contracted with a state licensed health
plan needs PHI, as if it is acting as a health plan,
without the enrollee's authorization, on a day-to-day
basis, when it is functioning primarily as a purchaser of
health coverage.
�
AB 952
Page 14
c) Patient authorization . Both HIPAA and CMIA contemplate
disclosure and exchange of SHI and PHI among health care
providers and health plans providing authorization is first
obtained from the patient or enrollee. Given the suggested
uses of this information by proponents, many of which
appear likely to be helpful or in the interest of the
patient and enrollee, why is there a need to provide for
such disclosure without any of the protections of CMIA as
proposed in this bill and without patient permission?
Would the Taft-Hartley trusts be able to obtain patient
authorization for disclosure of medical information when
the trust is acting in the interests of the patient? What
are the specific statutory barriers in this regard?
d) Scope of this bill . According to the author and
sponsors of this bill, the goal is to enable disclosure of
information to Taft-Hartley Trusts, and their
administrators, to allow the Trusts to assist members and
advocate for claims payment among other administrative
functions. However, this bill is drafted much more broadly
and could permit disclosures to employers as well as trust
administrators. Should this bill be narrowed to permit
specified disclosures specifically to Taft-Hartley trusts
and their administrators?
e) Use of the information . Once information is provided
under this bill to any entity that meets the definition of
a health plan under federal law, PHI may be in the
possession of entities not subject to HIPAA protections and
there is at least the potential for PHI disclosed to be
used against an employee. The Committee may wish to
consider imposing restrictions on the subsequent and
secondary use of the information. Specifically, the
committee may wish to prohibit any further use or
disclosure by the recipient of information provided under
this bill, in a manner that would directly or indirectly
violate CMIA or HIPAA, including the manipulation of the
information in any way that might reveal individually
identifiable medical information.
REGISTERED SUPPORT / OPPOSITION :
Support
Pacific Federal (sponsor)
�
AB 952
Page 15
California Association of Joint Powers Authorities
International Union of Security, Police and Fire Professionals
of America and Participating Employers Health and Welfare Fund
Liberty Dental Fund
Professional Musicians, Local 47, and Employers' Health and
Welfare Fund
Public Employees Benefit Trust Fund
South Bay Teamster and Employers Health and Welfare Related
Benefits Trust
Teamsters Local Union 572
Western Alliance Trust Fund
Oppose unless amended
Kaiser Permanente
Opposition
Privacy Rights Clearinghouse
World Privacy Forum
Analysis Prepared by : Deborah Kelch / HEALTH / (916) 319-2097