Rebecca Bauer-Kahan
- Democratic
- Assemblymember
- District 16
Author
Existing federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) , establishes certain requirements relating to the provision of health insurance, including provisions relating to the confidentiality of health records. Existing state law, the Confidentiality of Medical Information Act (CMIA) , prohibits a provider of health care, a health care service plan, a contractor, a corporation and its subsidiaries and affiliates, or any business that offers software or hardware to consumers, including a mobile application or other related device, as defined, from intentionally sharing, selling, using for marketing, or otherwise using any medical information, as defined, for any purpose not necessary to provide health care services to a patient, except as provided. Existing law makes a violation of these provisions that results in economic loss or personal injury to a patient punishable as a misdemeanor. Existing law requires a person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, to disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California who meets certain criteria, including that the resident's unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Existing law requires a person or business that is required to issue a security breach notification pursuant to that provision to more than 500 California residents as a result of a single breach of the security system to electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. This bill would revise the definition of medical information to include mental health application information. The bill would define mental health application information to mean information related to a consumer's inferred or diagnosed mental health or substance use disorder, as specified, collected by a mental health digital service, as defined. The bill would provide that any business that offers a mental health digital service to a consumer for the purpose of allowing the individual to manage the individual's information, or for the diagnosis, treatment, or management of a medical condition of the individual, is deemed to be a provider of health care subject to the requirements of CMIA. The bill would require a business that offers a mental health digital service, when partnering with a provider of health care, to provide to the provider information regarding how to find data breaches reported pursuant to the provisions described above on the internet website of the Attorney General. Because the bill would expand the definition of a crime, it would impose a state-mandated local program. The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement. This bill would provide that no reimbursement is required by this act for a specified reason.
Approved by the Governor.
Chaptered by Secretary of State - Chapter 690, Statutes of 2022.
Enrolled and presented to the Governor at 3:30 p.m.
Senate amendments concurred in. To Engrossing and Enrolling. (Ayes 75. Noes 0. Page 5979.).
In Assembly. Concurrence in Senate amendments pending. May be considered on or after August 20 pursuant to Assembly Rule 77.
Read third time. Passed. Ordered to the Assembly. (Ayes 38. Noes 0. Page 4879.).
Read second time. Ordered to third reading.
From committee: Be ordered to second reading pursuant to Senate Rule 28.8.
From committee chair, with author's amendments: Amend, and re-refer to committee. Read second time, amended, and re-referred to Com. on APPR.
In committee: Hearing postponed by committee.
From committee: Do pass and re-refer to Com. on APPR. (Ayes 10. Noes 0.) (June 29). Re-referred to Com. on APPR.
From committee: Do pass and re-refer to Com. on HEALTH. (Ayes 11. Noes 0.) (June 21). Re-referred to Com. on HEALTH.
From committee chair, with author's amendments: Amend, and re-refer to committee. Read second time, amended, and re-referred to Com. on HEALTH.
In Senate. Read first time. To Com. on RLS. for assignment.
Read third time. Passed. Ordered to the Senate. (Ayes 70. Noes 1.)
Read second time. Ordered to third reading.
From committee: Do pass. (Ayes 13. Noes 0.) (May 19).
Joint Rule 62(a), file notice suspended. (Page 4736.)
In committee: Set, first hearing. Referred to suspense file.
Re-referred to Com. on APPR. pursuant to Joint Rule 10.5.
Read second time. Ordered to third reading.
Read second time and amended. Ordered returned to second reading.
From committee: Amend, and do pass as amended. (Ayes 10. Noes 0.) (April 19).
From committee: Do pass and re-refer to Com. on P. & C.P. (Ayes 12. Noes 1.) (April 5). Re-referred to Com. on P. & C.P.
From committee chair, with author's amendments: Amend, and re-refer to Com. on HEALTH. Read second time and amended.
From printer. May be heard in committee March 17.
Read first time. To print.
| Bill Text Versions | Format |
|---|---|
| AB2089 | HTML |
| 02/14/22 - Introduced | |
| 03/24/22 - Amended Assembly | |
| 04/21/22 - Amended Assembly | |
| 06/22/22 - Amended Senate | |
| 08/01/22 - Amended Senate | |
| 08/24/22 - Enrolled | |
| 09/28/22 - Chaptered |
| Document | Format |
|---|---|
| 04/01/22- Assembly Health | |
| 04/15/22- Assembly Privacy and Consumer Protection | |
| 05/16/22- Assembly Appropriations | |
| 05/20/22- ASSEMBLY FLOOR ANALYSIS | |
| 06/17/22- Senate Judiciary | |
| 06/29/22- Senate Health | |
| 08/10/22- Sen. Floor Analyses | |
| 08/19/22- ASSEMBLY FLOOR ANALYSIS |
Data on Open States is updated periodically throughout the day from the official website of the California State Legislature.
If you notice any inconsistencies with these official sources, feel free to file an issue.