BILL ANALYSIS Ó AB 1755 Page 1 CONCURRENCE IN SENATE AMENDMENTS AB 1755 (Gomez) As Amended August 4, 2014 Majority vote ----------------------------------------------------------------- |ASSEMBLY: |75-0 |(May 23, 2014) |SENATE: |34-0 |(August 7, | | | | | | |2014) | ----------------------------------------------------------------- Original Committee Reference: HEALTH SUMMARY : Revises provisions of law requiring licensed health facilities to prevent disclosure of patients' medical information by extending the deadline for health facilities to report unauthorized disclosures from five to 15 business days after unlawful or unauthorized access, use, or disclosure has been detected. This bill also authorizes the report made to the patient or the patient's representative to be made by alternative means, including email, as specified by the patient. This bill also extends the deadline when reporting is delayed for law enforcement purposes, as specified, from five to 15 days business days after the end of the delay. This bill gives the Department of Public Health (DPH) full discretion to consider all factors when determining whether to conduct investigations under these provisions. The Senate amendments reduce from 60 to 15 days the maximum period that a provider is allowed before notifying DPH of a breach of patient information, clarify that the DPH has the discretion to investigate unauthorized disclosures and eliminates the ability of health facilities to consider the sensitivity of medical information before deciding to notify patients. AS PASSED BY THE ASSEMBLY , this bill changed the requirements for specified health facilities, regarding the protection of patients' medical information, from preventing unlawful or unauthorized access to, and use or disclosure of, medical information, to a requirement that these health facilities must prevent breaches of patients' medical information. This bill also required reporting an incident involving a breach of patient information to DPH and the patient with unreasonable delay but less than 60 days. AB 1755 Page 2 FISCAL EFFECT : None COMMENTS : The author states that this bill will improve California's notice requirement specific to breaches of medical information by implementing three new changes. This bill will extend the notification timeline from five business days to 15 business days and allow for an alternate notification process besides. This bill also clarifies that DPH has discretion to investigate a health facility when notified of a breach. The author notes, existing law by strictly specifying how patients must be notified of these breaches, does not provide adequate security for patients, such as minors, who live at home but who have exercised their constitutional right to keep their health issues confidential. This bill is cosponsored by Planned Parenthood Affiliates of California (PPAC) and the California Medical Association (CMA). PPAC states that the changes to current law related to unlawful or unauthorized access to, and use or disclosure of, a patient's medical information help limit the burden on facilities when reporting and responding to breaches of medical information while increasing protections for patient confidentiality. CMA believes that at a time when managing health care costs and maintaining access to care are essential, this bill ensures patients are adequately alerted to serious medical information breaches and given the sensitivity of medical information, ensures that patients have the option of designating an alternate address where notices can be sent or received. There is no known opposition to this bill. Analysis Prepared by : Roger Dunstan / HEALTH / (916) 319-2097 FN: 0004467