In a new post on the Covington Inside Privacy blog, our colleagues discuss the passage of California’s AB 713, a bill that creates a new healthcare-related exemption under the California Consumer Privacy Act of 2018 (“CCPA”) for certain information that has been deidentified in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Importantly, this new patient-specific exemption is in addition to, and separate from, the CCPA’s current language that excludes from the scope of “personal information” certain “deidentified” information. (As a refresh, under the CCPA, deidentified information is information that cannot reasonably identify a particular consumer, provided that the business has put in places certain safeguards and processes identified in the statute to limit risk of reidentification.) Thus, there is now an alternative basis to argue that patient information that has been deidentified for purposes of HIPAA is also exempt from the CCPA’s obligations. To read the post, please click here.