(a) Every provider of health care, health care service plan, pharmaceutical company, or contractor who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical information shall do so in a manner that preserves the confidentiality of the information contained therein. Any provider of health care, health care service plan, pharmaceutical company, or contractor who negligently creates, maintains, preserves, stores, abandons, destroys, or disposes of medical information shall be subject to the remedies and penalties provided under subdivisions (b) and (c) of Section 56.36.
(b) (1) An electronic health record system or electronic medical record system shall do the following:
(A) Protect and preserve the integrity of electronic medical information.
(B) Automatically record and preserve any change or deletion of any electronically stored medical information. The record of any change or deletion shall include the identity of the person who accessed and changed the medical information, the date and time the medical information was accessed, and the change that was made to the medical information.
(2) A patient’s right to access or receive a copy of his or her electronic medical records upon request shall be consistent with applicable state and federal laws governing patient access to, and the use and disclosures of, medical information.
(c) This section shall apply to an “electronic medical record” or “electronic health record” that meets the definition of “electronic health record,” as that term is defined in Section 17921(5) of Title 42 of the United States Code.
(Amended by Stats. 2011, Ch. 714, Sec. 1. (SB 850) Effective January 1, 2012.)