Assembly Bill 713 was approved by California Gov. Gavin Newsom on Sept. 25, 2020, at which time its provisions went into effect. The legislation amends the California Consumer Privacy Act (CCPA) in part by addressing certain issues related to de-identified patient information.
The CCPA excludes from the definition of personal information any consumer information that has been deidentified, which “means information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer, provided that a business that uses deidentified information: 1) Has implemented technical safeguards that prohibit reidentification of the consumer to whom the information may pertain; 2) Has implemented business processes that specifically prohibit reidentification of the information; 3) Has implemented business processes to prevent inadvertent release of deidentified information; 4) Makes no attempt to reidentify the information.” §§ 1798.140(o)(3); 1798.140(h).
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, on the other hand, provides that individually identifiable health information is only deidentified if: 1) a formal determination is made by an expert; or 2) certain identifiers are removed. 45 C.F.R. § 164.514(b).
Thus, the legislation conforms the CCPA to the HIPAA Privacy Rule by requiring that, to be excluded, the information must be:
Assembly Bill 1281 was approved by Gov. Newsom on Sept. 29, 2020, and simply amends the CCPA by extending the existing exclusions for personal information associated with business-to-business communications and for certain personal information that is employment related. The exclusions are extended from Jan. 1, 2021, to Jan. 1, 2022. However, if the California Privacy Rights Act ballot initiative is approved by California voters in November, the exclusion will extend to Jan. 1, 2023.
Now is the time to fine-tune your CCPA compliance. Join me to learn how to get your business ready to comply with the CCPA during “CCPA Enforcement Is Almost Upon Us! Are You Ready?” Click here to register.