California’s Confidentiality of Medical Information Act (CMIA)

On September 27, 2023, Governor Newsom signed AB 254 and AB 352, which both amend the California Confidentiality of Medical Information Act (“CMIA”).  Specifically, AB 254 expands the scope of the CMIA to expressly cover reproductive or sexual health services that are delivered through digital health solutions and the associated health information generated from these services.  AB 352 imposes new requirements on how electronic health record (“EHR”) systems must store medical information related to gender affirming care, abortion and related services, and contraception and the ability of providers of health care, health care service plans, contractors, or employers to disclose such information.Continue Reading California Enacts Amendments to the CMIA

Legislation that would amend California’s Confidentiality of Medical Information Act (“CMIA”) is working its way through California’s Senate and passed in the Senate Health Committee earlier this week.  The proposed bill passed in the state’s Assembly back in April.  Introduced by Democratic California Assemblymember Edwin Chau, who sits on the Privacy and Consumer Protection Committee, the proposed legislation (AB 1436) expands the definition of “provider of health care.”  Under the CMIA, providers of health care are subject to various obligations, including provisions that restrict the disclosure of medical information without a prior valid authorization, subject to certain exceptions.
Continue Reading Proposed Bill Would Expand the Scope of the CMIA

California Attorney General Xavier Becerra (“AG”) announced in September a settlement against Glow, Inc., resolving allegations that the fertility app had “expose[d] millions of women’s personal and medical information.”  In the complaint, the AG alleged violations of certain state consumer protection and privacy laws, stemming from privacy and security “failures” in Glow’s mobile application