124991.
(a) (1) The Birth Defects Monitoring Program, within the State Department of Public Health, shall collect and store any umbilical cord blood samples it receives from hospitals for storage and research. For purposes of ensuring financial stability, the Birth Defects Monitoring Program shall ensure that the following conditions, alone or in combination, are met:(A) The fees paid by researchers pursuant to subdivision (c) shall be used for, and be sufficient to cover the cost of, collecting and storing blood samples, including umbilical cord blood samples.
(B) The department receives confirmation that a researcher has requested umbilical cord blood samples from the Birth Defects Monitoring Program for research or has requested umbilical cord blood samples to be included within a request for pregnancy or newborn blood samples through the program and has provided satisfactory evidence that adequate funding will be provided to the department from the fees paid by the researcher for the request.
(C) The department receives federal grant moneys to pay for initial startup costs for the collection and storage of umbilical cord blood samples.
(2) The department may limit the number of umbilical cord blood samples the program collects each year.
(b) (1) All information relating to umbilical cord blood samples collected and utilized by the department shall be confidential, and shall be used solely for the purposes of the program, or, if approved by the department, research. Access to confidential information shall be limited to authorized persons who agree, in writing, to maintain the confidentiality of that information. Notwithstanding any other provision of law, when the blood samples specified in subdivision (c), including those samples with any information identifying the person from whom the samples were obtained, are stored, processed, analyzed, or otherwise shared for research purposes with nondepartment staff, those samples may be shared by the program with department-authorized researchers for research purposes, and department representatives approved by the department, subject to the confidentiality and security requirements for confidential information established in this section and in Section 103850.
(2) The department shall maintain an accurate record of all persons who are given confidential information pursuant to this section, and any disclosure of confidential information shall be made only upon written agreement that the information will be kept confidential, used for its approved purpose, and not be further disclosed.
(3) A person who, in violation of a written agreement to maintain confidentiality, discloses information provided pursuant to this section, or who uses information provided pursuant to this section in a manner other than as approved pursuant to this section may be denied further access to confidential information maintained by the department, and shall be subject to a civil penalty not exceeding one thousand dollars ($1,000). The penalty provided in this section does not limit or otherwise restrict a remedy, provisional or otherwise, provided by law for the benefit of the department or a person covered by this section.
(c) In order to implement this section, the department shall establish fees in an amount that shall not exceed the costs of administering the program and the collection and storage of these samples, which the department shall collect from researchers who have been approved by the department and who seek to use the following types of blood samples for research:
(1) Umbilical cord blood.
(2) Pregnancy blood collected by the Genetic Disease Screening Program, and stored by the Birth Defects Monitoring Program.
(3) Newborn blood collected by the Genetic Disease Screening Program.
(d) Fees collected pursuant to subdivision (c) shall be collected by the department and deposited into the Birth Defects Monitoring Program Fund, the Genetic Disease Testing Fund, created pursuant to Section 124996, or the Cord Blood Banking Fund, which is hereby created as a special fund in the State Treasury. The amount of fees deposited into each of these funds shall be based on the program that is providing those pregnancy blood samples, and the purpose for which the blood sample was obtained. Notwithstanding any other provision of law, the moneys in the Birth Defects Monitoring Program Fund, the Genetic Disease Testing Fund, and the Cord Blood Banking Fund that are collected pursuant to subdivision (c), may be used by the department, upon appropriation by the Legislature, for the purposes specified in subdivision (e).
(e) Moneys in those funds shall be used for the costs related to reporting, data management, including data linkage and entry, and blood collection, storage, retrieval, processing, inventory, and shipping.
(f) The department shall comply with the existing requirements in the Birth Defects Monitoring Program, as set forth in Chapter 1 (commencing with Section 103825) of Part 2 of Division 102.
(g) The department, any entities approved by the department, and researchers shall maintain the confidentiality of patient information and blood samples in accordance with existing law and in the same manner as other medical record information with patient identification that they possess, and shall use the information only for the following purposes:
(1) Research to identify risk factors for children’s and women’s diseases.
(2) Research to develop and evaluate screening tests.
(3) Research to develop and evaluate prevention strategies.
(4) Research to develop and evaluate treatments.
(h) (1) For purposes of ensuring the security of a donor’s personal information, before any blood samples are released pursuant to this section for research purposes, the State Committee for the Protection of Human Subjects (CPHS) shall determine if all of the following criteria have been met:
(A) The department, contractors, researchers, or other entities approved by the department have provided a plan sufficient to protect personal information from improper use and disclosures, including sufficient administrative, physical, and technical safeguards to protect personal information from reasonable anticipated threats to the security or confidentiality of the information.
(B) The department, contractors, researchers, or other entities approved by the department have provided a sufficient plan to destroy or return all personal information as soon as it is no longer needed for the research activity, unless the program contractors, researchers, or other entities approved by the department have demonstrated an ongoing need for the personal information for the research activity and have provided a long-term plan sufficient to protect the confidentiality of that information.
(C) The department, contractors, researchers, or other entities approved by the department have provided sufficient written assurances that the personal information will not be reused or disclosed to a person or entity, or used in a manner not approved in the research protocol, except as required by law or for authorized oversight of the research activity.
(2) As part of its review and approval of the research activity for the purpose of protecting personal information held in agency databases, CPHS shall accomplish at least all of the following:
(A) Determine whether the requested personal information is needed to conduct the research.
(B) Permit access to personal information only if it is needed for the research activity.
(C) Permit access only to the minimum personal information necessary for the research activity.
(D) Require the assignment of unique subject codes that are not derived from personal information in lieu of social security numbers if the research can be conducted without social security numbers.
(E) If feasible, and if cost, time, and technical expertise permit, require the agency to conduct a portion of the data processing for the researcher to minimize the release of personal information.
(i) In addition to the fees described in subdivision (c), the department may bill a researcher for the costs associated with the department’s process of protecting personal information, including, but not limited to, the department’s costs for conducting a portion of the data processing for the researcher, removing personal information, encrypting or otherwise securing personal information, or assigning subject codes.
(j) This section does not prohibit the department from using its existing authority to enter into written agreements to enable other institutional review boards to approve research activities, projects or classes of projects for the department, provided that the data security requirements set forth in this section are satisfied.