BILL ANALYSIS �Ó
AB 2399
Page 1
ASSEMBLY THIRD READING
AB 2399 (John A. Pérez)
As Amended April 24, 2014
Majority vote
JUDICIARY 10-0 APPROPRIATIONS 17-0
-----------------------------------------------------------------
|Ayes:|Wieckowski, Wagner, |Ayes:|Gatto, Bigelow, |
| |Alejo, Chau, Dickinson, | |Bocanegra, Bradford, Ian |
| |Garcia, Gorell, | |Calderon, Campos, |
| |Maienschein, Muratsuchi, | |Donnelly, Eggman, Gomez, |
| |Stone | |Holden, Jones, Linder, |
| | | |Pan, Quirk, |
| | | |Ridley-Thomas, Wagner, |
| | | |Weber |
|-----+--------------------------+-----+--------------------------|
| | | | |
-----------------------------------------------------------------
SUMMARY : Authorizes an organ procurement organization to swipe
a driver's license or identification card to transmit a donor's
personal information to the organ and tissue donor register, as
specified. Specifically, this bill :
1)Provides that an organ procurement organization may swipe a
driver's license or identification card issued by the
Department of Motor Vehicles (DMV) in an electronic device to
transmit information to the Donate Life California Organ and
Tissue Donor Registry for the purposes of allowing an
individual to identify himself or herself as a registered
organ donor.
2)Requires that information gathered or transmitted by the
procurement organization comply with the DMV Information
Security Agreement.
3)Prohibits an organ procurement organization from retaining or
using any of the information obtained by electronic means for
any purpose other than operating the organ and donor registry.
4)Defines "organ procurement organization" to mean a person
designated by the Secretary of the United States Department of
Health and Human Services as an organ procurement
�
AB 2399
Page 2
organization.
5)Revises existing reference to "general characteristics" of
donors to instead refer to "aggregated data" of donors amend
annual report requirements accordingly.
FISCAL EFFECT : According to the Assembly Appropriations
Committee, negligible fiscal impact to the DMV.
COMMENTS : The Uniform Anatomical Gift Act allows a person to
make a gift of his or her body (or any part, organ, or tissue)
for the purpose of performing transplants or for medical
research or education purposes. Since the Uniform Anatomical
Gift Act was first enacted in 1988, most donor registrations
have occurred through the DMV when someone applies for, or
renews, a driver's license or identification card. In 2003, SB
112 (Speier), Chapter 405, authorized four non-profit "organ
procurement organizations" to establish and maintain the Donate
Life California (DLC) Organ and Tissue Donor Registry
(Registry). As in the past, most donor registrations occur at
the time of license application or renewal. Online registration
is also available, but apparently seldom used. Donor
procurement organizations also proactively register donors
through outreach at a variety of community events, often by
setting up informational tables, collecting information from
voluntary donors, and recording information on paper forms.
Information collected is then subsequently entered into the
Registry. These outreach events give the organizations the
opportunity to reach people during the five years before a
license or identification card must be renewed.
However, this existing paper-form system has its drawbacks. To
begin with, paper forms take more time to complete, and the
information may be recorded illegibly or inaccurately. Paper
forms must then be transported to a place where the information
on the form can be entered into the Registry (which is not only
time-consuming but also presents another opportunity for error).
Allowing the use of electronic swiping and transmission, DLC
believes, will be faster and more accurate, and it will avoid
the need to transport paper forms. Information scanned from the
magnetic stripe - the same information that is on the front of
the license - can be encrypted and sent to the Registry in real
time. The device that swipes information from the magnetic
stripe can be easily attached to a smart phone, making
�
AB 2399
Page 3
collection and transmission all the easier.
Pursuant to the legislation creating the donor registry, DLC
became an official state partner of DMV. As such, it must
adhere to the DMV Information Security Agreement, which
incorporates information security standards promulgated by the
National Institute of Standards and Technology (NIST). NIST
standards represent current "best practices" in information
system management and technical safeguards that are designed to
protect the confidentiality, integrity, and availability of the
system and its information. These standards cover everything
from training and access authentication to technical safeguards
such as encryption. (NIST, Special Publication (SP) 800-53.)
Under existing law, the NIST standards already protect the
integrity and security of the Registry itself. This bill will
require that the DMV Information Security Agreement and the NIST
standards also apply to the gathering and transmission of the
information to the Registry. In particular, information
collected by electronic devices - most likely attached to smart
phones - will be encrypted. Once submitted to the Registry, the
sponsor states, any information remaining on the device will be
deleted. Indeed the bill prohibits the organ procurement
organizations from maintaining or using the information for any
purpose beyond those authorized by the bill - that is, to submit
the information to the Registry, and nothing else. There is, of
course, no perfectly secure means of collecting and transmitting
digitized data, just as there is no perfectly secure means of
handling paper forms containing the same information.
Analysis Prepared by : Thomas Clark / JUD. / (916) 319-2334
FN: 0003499