(1) The Confidentiality of Medical Information Act prohibits a provider of health care, a health care service plan, contractor, or corporation and its subsidiaries and affiliates from intentionally sharing, selling, using for marketing, or otherwise using any medical information, as defined, for any purpose not necessary to provide health care services to a patient, except as expressly authorized by the patient, enrollee, or subscriber, as specified, or as otherwise required or authorized by law. The act includes within the definition of “provider of health care,” any business organized for the purpose of maintaining medical information to allow an individual to manage his or her information, or for the treatment or diagnosis of the individual.
Violations of those provisions are subject to a civil action for compensatory
and punitive damages, and, if a violation results in economic loss or personal injury to a patient, it is punishable as a misdemeanor.
This bill would apply the prohibitions of the Confidentiality of Medical Information Act to any business that offers software or hardware to consumers, including a mobile application or other related device that is designed to maintain medical information to allow an individual to manage his or her information, or for the diagnosis, treatment, or management of a medical condition of the individual. By expanding an existing crime, this bill would impose a state-mandated local program.
(2) The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions
establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.