On June 26, 2024, California Attorney General Rob Bonta sent letters to eight major pharmacy chains and five health data companies, reminding them of their obligations under the Confidentiality of Medical Information Act (CMIA) and the new requirements introduced by Assembly Bill (AB) 352. This bill aims to provide additional protections for patients’ reproductive health and gender-affirming care information.
Key Aspects of AB 352
- Effective Date: 1 July 2024
- Primary Requirements:
- Prohibition on Disclosure: Pharmacies and health data companies are generally prohibited from disclosing information related to abortion care to out-of-state entities unless authorized by the patient or an exception under CMIA applies.
- Enhanced Data Security: Entities must implement security features to segregate and protect information related to abortion, contraception, and gender-affirming care, preventing unauthorized access across state lines.
AB 352 strengthens existing CMIA provisions by specifically targeting the protection of sensitive health information. This legislative effort is particularly significant in light of the United States Senate Committee on Finance’s findings, which revealed that some major pharmacy chains had been disclosing protected health information (PHI) to law enforcement without warrants, often without patient knowledge. These practices, while not violating federal laws, conflict with California’s stricter privacy standards.
Compliance Requirements
Attorney General Bonta has requested that the addressed pharmacy chains and health data companies, including Walmart, CVS Health, Walgreens, and Amazon Pharmacy, among others, provide their policies demonstrating compliance with AB 352 by 31 July 2024. These policies should include:
- Warrant Requirements: Policies ensuring that medical information is only disclosed to law enforcement with a warrant if the request involves California patient data.
- Data Security Measures: Documentation from pharmacies and their electronic health record (EHR) subcontractors showing adherence to the new security requirements to protect reproductive and gender-affirming care information.
AG Bonta emphasizes the critical importance of protecting the privacy of medical information, especially in the current climate following the repeal of Roe v. Wade. The state’s stringent privacy laws reflect a commitment to safeguarding the confidentiality and rights of patients seeking sensitive healthcare services.
👉 Read more here.
♻️ Share this if you found it useful.
💥 Follow me on Linkedin for updates and discussions on privacy, digital and AI education.
📍 Subscribe to my newsletter for weekly updates and insights – subscribers get an integrated view of the week and more information than on the blog.