Libbie Canter and Tara Carrier of Covington & Burling write:
On September 1, the California legislature passed AB 713, a bill that creates a new healthcare-related exemption under the California Consumer Privacy Act of 2018 (“CCPA”). All provisions of the bill will take effect immediately to prevent the CCPA from “negatively impact[ing] certain health-related information and research,” except for the required contractual provisions described below.
Under the new exemption, information is not subject to the CCPA’s obligations if it meets both of the following requirements:
- (1) the information is deidentified in accordance with the deidentification requirements in the Privacy Rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as set forth in 45 C.F.R. § 164.514; and
- (2) the information is “derived from patient information that was originally collected, created, transmitted, or maintained by an entity regulated by” HIPAA, California’s Confidentiality of Medical Information Act (“CMIA”), or the Federal Policy for the Protection of Human Subjects, often referred to as the Common Rule.
Read more on InsidePrivacy.