- California AG Rob Bonta issued letters to eight large pharmacy chains and five health data companies reminding the companies of their obligations to comply with California’s Confidentiality of Medical Information Act (CMIA) and new requirements from Assembly Bill (AB 352), that went into effect on July 1, 2024.
- The letters remind the pharmacies that the CMIA prohibits them from disclosing patient medical information without patient authorization, unless certain exceptions apply, and that this prohibition applies to requests from law enforcement unless there is a search warrant, with no exception for subpoenas. In some of the letters, the AG mentions reports of medical information being released to law enforcement without a warrant, noting that such actions could potentially violate state law.
- The letters to all the companies also describe the additional requirements related to AB 352, explaining that the law prohibits knowingly disclosing, sharing, or otherwise granting access to abortion-related information across state lines without patient authorization unless specified circumstances apply. Additionally, the law requires businesses that electronically store or maintain medical information about gender-affirming care, abortion and abortion-related services, and contraception to limit access to and segregate this information as mandated.
- The AG asks the companies to provide policies and other information demonstrating compliance with state laws governing privacy in medical information by July 31, 2024.