BILL ANALYSIS                                                                                                                                                                                                    

                                                                  AB 1755
                                                                  Page  1

          AB 1755 (Gomez)
          As Amended  August 4, 2014
          Majority vote
          |ASSEMBLY:  |75-0 |(May 23, 2014)  |SENATE: |34-0 |(August 7,     |
          |           |     |                |        |     |2014)          |
           Original Committee Reference:   HEALTH  

           SUMMARY  :  Revises provisions of law requiring licensed health  
          facilities to prevent disclosure of patients' medical  
          information by extending the deadline for health facilities to  
          report unauthorized disclosures from five to 15 business days  
          after unlawful or unauthorized access, use, or disclosure has  
          been detected.  This bill also authorizes the report made to the  
          patient or the patient's representative to be made by  
          alternative means, including email, as specified by the patient.  
           This bill also extends the deadline when reporting is delayed  
          for law enforcement purposes, as specified, from five to 15 days  
          business days after the end of the delay.  This bill gives the  
          Department of Public Health (DPH) full discretion to consider  
          all factors when determining whether to conduct investigations  
          under these provisions.

           The Senate amendments  reduce from 60 to 15 days the maximum  
          period that a provider is allowed before notifying DPH of a  
          breach of patient information, clarify that the DPH has the  
          discretion to investigate unauthorized disclosures and  
          eliminates the ability of health facilities to consider the  
          sensitivity of medical information before deciding to notify  

           AS PASSED BY THE ASSEMBLY  , this bill changed the requirements  
          for specified health facilities, regarding the protection of  
          patients' medical information, from preventing unlawful or  
          unauthorized access to, and use or disclosure of, medical  
          information, to a requirement that these health facilities must  
          prevent breaches of patients' medical information.  This bill  
          also required reporting an incident involving a breach of  
          patient information to DPH and the patient with unreasonable  
          delay but less than 60 days.


                                                                  AB 1755
                                                                  Page  2

           FISCAL EFFECT  :  None

           COMMENTS  :  The author states that this bill will improve  
          California's notice requirement specific to breaches of medical  
          information by implementing three new changes.  This bill will  
          extend the notification timeline from five business days to 15  
          business days and allow for an alternate notification process  
          besides.  This bill also clarifies that DPH has discretion to  
          investigate a health facility when notified of a breach.  The  
          author notes, existing law by strictly specifying how patients  
          must be notified of these breaches, does not provide adequate  
          security for patients, such as minors, who live at home but who  
          have exercised their constitutional right to keep their health  
          issues confidential.

          This bill is cosponsored by Planned Parenthood Affiliates of  
          California (PPAC) and the California Medical Association (CMA).   
          PPAC states that the changes to current law related to unlawful  
          or unauthorized access to, and use or disclosure of, a patient's  
          medical information help limit the burden on facilities when  
          reporting and responding to breaches of medical information  
          while increasing protections for patient confidentiality. 

          CMA believes that at a time when managing health care costs and  
          maintaining access to care are essential, this bill ensures  
          patients are adequately alerted to serious medical information  
          breaches and given the sensitivity of medical information,  
          ensures that patients have the option of designating an  
          alternate address where notices can be sent or received.

          There is no known opposition to this bill.

           Analysis Prepared by  :    Roger Dunstan / HEALTH / (916) 319-2097  

          FN: 0004467