Today's Law As Amended


PDF |Add To My Favorites |Track Bill | print page

AB-2004 Medical test results: verification credentials.(2019-2020)



As Amends the Law Today


SECTION 1.
 The Legislature finds and declares the following:
(a) Public health experts have indicated that widespread medical testing is critical to an efficient response to the ongoing COVID-19 pandemic in order to assess the extent of infection, direct public health resources, and minimize interpersonal transmission.
(b) Due to the unique sensitivity of personal health information, the communication of this information, including medical test results, is subject to extensive state and federal regulation to protect the individual rights to privacy guaranteed by the California Constitution and the United States Constitution, respectively.
(c) Cryptography-based verifiable credential models, such as the Verifiable Credentials Data Model developed by the World Wide Web Consortium (W3C), show great promise for providing privacy-protective, secure, and portable avenues to communicate sensitive health information.
(d) Verifiable credential models should protect individuals from surveillance, discrimination, and fraud, while promoting accessibility for all. Verifiable credential models should not in any way compromise an individual's right to privacy.
(e) Though existing protections for health information maintained and communicated electronically may apply to test results communicated as verifiable health credentials, the practical application of those protections to this cutting-edge technology warrants clarification.
(f) Considering the immediate demand for widespread medical testing, development of technical infrastructure, standards, and practices for the use of this promising technology to securely communicate medical test results, including COVID-19 test results, is particularly timely.

SEC. 2.

 Section 2029 is added to the Business and Professions Code, to read:

2029.
 (a) For purposes of this section, the following definitions shall apply:
(1) “Verifiable health credential” means a portable electronic patient record issued by an authorized health care provider to a patient or patient’s personal representative, as defined in Section 123105 of the Health and Safety Code, for which the authenticity of the record can be independently verified cryptographically.
(2) “Authorized health care provider” means the holder of a physician’s or surgeon’s certificate, a nurse practitioner, a physician’s assistant or any other licensed healthcare provider who is engaged in the professional practice authorized by that certificate under the jurisdiction of a board within the Department of Consumer Affairs or the Medical Board of California and whose current license and name has been included in a verifiable issuer registry of health care providers authorized by the board to issue verifiable health credentials.
(3) “Verifiable issuer registry” means a repository of current licenses representing authorized health care providers maintained by their respective licensing agencies, against which verifiable health credentials may be checked to confirm their authenticity by verifying the identity and authorization status of the issuer of the credential.
(4) “Law enforcement agency” shall not include a federal law enforcement agency.
(b) The board shall establish a pilot program to explore methods of using verifiable health credentials for communication of COVID-19 test results or other medical test results in this state.
(c) To implement this pilot program, the board shall convene a working group of representatives from the public and private sectors, including state health-related agencies, health care providers, privacy and civil liberties groups, independent nonprofit or not-for-profit information technology groups with specific expertise in the development and use of verifiable credentials, and a business based in California that offers services centered on the provision and authentication of verifiable credentials.
(d) The purpose of the pilot program shall be to develop methods, using a verifiable credential model, to provide secure, private, and portable access to COVID-19 test results and other medical test results, as well as to develop best practices for the implementation of this technology in a manner that prioritizes privacy of personal information and equitable access.
(e) (1) The Department of Consumer Affairs shall maintain sole jurisdiction over the authorization of health care providers for the issuing of verifiable health credentials pursuant to the pilot program, and shall establish procedures for the authorization of issuers for verifiable health credentials, including developing and maintaining a verifiable issuer registry.
(2) The board may utilize blockchain technology for the purposes of the verifiable issuer registry pursuant to paragraph (1).
(f) A law enforcement agency shall not require a patient to show a verifiable health credential.
(g) This section shall not be construed to alter the scope of practice of a health care provider or authorize the delivery of health care services in a setting, or in a manner, not otherwise authorized by law.
(h) All laws regarding the confidentiality of health care information and a patient’s rights to the patient’s medical information shall apply to verifiable health credentials.
(i) All relevant laws and regulations governing professional responsibility, unprofessional conduct, and standards of practice that apply to a health care provider under the health care provider’s license shall apply to the issuing of verifiable health credentials by an authorized health care provider.