BILL NUMBER: AB 1560 AMENDED
BILL TEXT
AMENDED IN ASSEMBLY MARCH 5, 2014
INTRODUCED BY Assembly Member Gorell
( Coauthors: Assembly Members
Bigelow, Chávez, Donnelly,
Hagman, Harkey, Jones, Nestande,
and Waldron )
( Coauthors: Senators
Berryhill, Gaines, Huff, and Vidak
)
JANUARY 29, 2014
An act to add Section 100509 to the Government Code, relating to
health care coverage, declaring the urgency thereof, to take effect
immediately.
LEGISLATIVE COUNSEL'S DIGEST
AB 1560, as amended, Gorell. California Health Benefit Exchange:
confidentiality of personal information.
Existing law, the federal Patient Protection and Affordable Care
Act (PPACA), requires each state to establish an American Health
Benefit Exchange by January 1, 2014, that makes available qualified
health plans to qualified individuals and small employers. PPACA
prohibits an Exchange from using or disclosing the personally
identifiable information it creates or collects other than to the
extent necessary to carry out specified functions. Existing law also
requires an Exchange to establish and implement privacy and security
standards that are consistent with specified principles and to
require the same or more stringent privacy and security standards as
a condition of contract or agreement with individuals or entities. A
person who knowingly and willfully uses or discloses information in
violation of PPACA is subject to a civil penalty of no more than
$25,000 per person or entity, per use or disclosure, in additional to
any other penalties prescribed by law.
Existing state law establishes the California Health Benefit
Exchange within state government, specifies the powers and duties of
the board governing the Exchange, and requires the board to
facilitate the purchase of qualified health plans through the
Exchange by qualified individuals and small employers by January 1,
2014. Existing law requires the board to employ necessary staff and
authorizes the board to enter into contracts. Under existing law, the
board of the Exchange is required to submit fingerprint images to
the Department of Justice for all employees, prospective employees,
contractors, subcontractors, volunteers, or vendors of the Exchange
whose duties include access to specified personal information for the
purposes of obtaining state or federal conviction records, as
specified.
This bill would prohibit the Exchange from disclosing an
individual's personal information, as defined, to 3rd parties for the
purpose of determining eligibility for, or enrolling the individual
in, health care coverage unless the Exchange obtains prior written
consent, as prescribed. The bill would also require the Exchange to
immediately notify the public of any breach of the security of
personal information created, collected, or maintained by the
Exchange, regardless of the severity of the breach and
regardless of whether personal information was acquired by an
unauthorized person during the breach .
This bill would declare that it is to take effect immediately as
an urgency statute.
Vote: 2/3. Appropriation: no. Fiscal committee: yes.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. Section 100509 is added to the Government Code, to
read:
100509. (a) The Exchange shall not disclose an individual's
personal information to third parties for the purpose of determining
eligibility for, or enrolling the individual in, health care coverage
unless the Exchange obtains prior written consent.
(b) To comply with subdivision (a), the Exchange shall include, as
part of its application for health care coverage, including its
online application, a stand-alone item in 12-point font that requests
the individual's consent for disclosure of personal information to
third parties for the purposes of determining eligibility for, or
enrolling the individual in, health care coverage.
(c) The Exchange shall immediately notify the public of any breach
of the security of personal information, regardless of the severity
of the breach and regardless of whether personal information was
acquired by an unauthorized person during the breach . This
subdivision shall apply in addition to any other disclosure
requirements applicable to the Exchange, including, but not limited
to, Section 1798.29 of the Civil Code.
(d) For purposes of the is this
section, "personal information" means any information that is
created, collected, or maintained by the Exchange that identifies or
describes an individual, including, but not limited to, his or her
name, social security number, physical description, home address,
home telephone number, education, financial matters, and medical or
employment history. "Personal information" includes statements made
by, or attributed to, the individual.
SEC. 2. This act is an urgency statute necessary for the immediate
preservation of the public peace, health, or safety within the
meaning of Article IV of the Constitution and shall go into immediate
effect. The facts constituting the necessity are:
The California Health Benefit Exchange is currently releasing to
third parties the personal information of individuals using the
Covered California Internet Web site without their knowledge. In
order to protect the privacy rights of individuals applying for
health care coverage through the Exchange, it is necessary that this
act take effect immediately.