BILL ANALYSIS �Ó
AB 1755
Page 1
CONCURRENCE IN SENATE AMENDMENTS
AB 1755 (Gomez)
As Amended August 4, 2014
Majority vote
-----------------------------------------------------------------
|ASSEMBLY: |75-0 |(May 23, 2014) |SENATE: |34-0 |(August 7, |
| | | | | |2014) |
-----------------------------------------------------------------
Original Committee Reference: HEALTH
SUMMARY : Revises provisions of law requiring licensed health
facilities to prevent disclosure of patients' medical
information by extending the deadline for health facilities to
report unauthorized disclosures from five to 15 business days
after unlawful or unauthorized access, use, or disclosure has
been detected. This bill also authorizes the report made to the
patient or the patient's representative to be made by
alternative means, including email, as specified by the patient.
This bill also extends the deadline when reporting is delayed
for law enforcement purposes, as specified, from five to 15 days
business days after the end of the delay. This bill gives the
Department of Public Health (DPH) full discretion to consider
all factors when determining whether to conduct investigations
under these provisions.
The Senate amendments reduce from 60 to 15 days the maximum
period that a provider is allowed before notifying DPH of a
breach of patient information, clarify that the DPH has the
discretion to investigate unauthorized disclosures and
eliminates the ability of health facilities to consider the
sensitivity of medical information before deciding to notify
patients.
AS PASSED BY THE ASSEMBLY , this bill changed the requirements
for specified health facilities, regarding the protection of
patients' medical information, from preventing unlawful or
unauthorized access to, and use or disclosure of, medical
information, to a requirement that these health facilities must
prevent breaches of patients' medical information. This bill
also required reporting an incident involving a breach of
patient information to DPH and the patient with unreasonable
delay but less than 60 days.
�
AB 1755
Page 2
FISCAL EFFECT : None
COMMENTS : The author states that this bill will improve
California's notice requirement specific to breaches of medical
information by implementing three new changes. This bill will
extend the notification timeline from five business days to 15
business days and allow for an alternate notification process
besides. This bill also clarifies that DPH has discretion to
investigate a health facility when notified of a breach. The
author notes, existing law by strictly specifying how patients
must be notified of these breaches, does not provide adequate
security for patients, such as minors, who live at home but who
have exercised their constitutional right to keep their health
issues confidential.
This bill is cosponsored by Planned Parenthood Affiliates of
California (PPAC) and the California Medical Association (CMA).
PPAC states that the changes to current law related to unlawful
or unauthorized access to, and use or disclosure of, a patient's
medical information help limit the burden on facilities when
reporting and responding to breaches of medical information
while increasing protections for patient confidentiality.
CMA believes that at a time when managing health care costs and
maintaining access to care are essential, this bill ensures
patients are adequately alerted to serious medical information
breaches and given the sensitivity of medical information,
ensures that patients have the option of designating an
alternate address where notices can be sent or received.
There is no known opposition to this bill.
Analysis Prepared by : Roger Dunstan / HEALTH / (916) 319-2097
FN: 0004467