(a) (1) All personal consumer information obtained or maintained by the program shall be confidential.
(2) Only deidentified aggregate patient or other consumer data shall be included in a publicly available analysis, data product, or research.
(b) All policies and procedures developed in implementing this chapter shall ensure that the privacy, security, and confidentiality of consumers’ individually identifiable health information is protected, consistent with state and federal privacy laws, including the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA)(Public Law 104-191) and the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code), and data shall not be disclosed until the office has developed a policy regarding the release of data.
(c) (1) The system and all program data shall be exempt from the disclosure requirements of the California Public Records Act (Chapter 3.5 (commencing with Section 6250) of Division 7 of Title 1 of the Government Code), and shall not be made available except pursuant to this chapter.
(2) The office shall develop policies and procedures for the disclosure of information described in paragraph (2) of subdivision (a).
(d) Program data shall not be used for determinations regarding individual patient care or treatment and shall not be used for any individual eligibility or coverage decisions or similar purposes.
(Added by Stats. 2020, Ch. 12, Sec. 28. (AB 80) Effective June 29, 2020.)