Privacy and data security partner Brandon Reilly authored an article for Bloomberg Law about California’s AB 713, which expanded the California Consumer Privacy Act (CCPA)’s exemptions of patient information to include research data and more information handled by business associates, and harmonized the law’s de-identification exemption with the federal Health Insurance Portability and Accountability Act (HIPAA). In the article, Reilly notes that while AB 713 helped clarify and expand healthcare-related exemptions under the CCPA, it also instituted a first-of-its-kind restriction on re-identification and introduced public disclosure and contract obligations. According to Reilly, “these new requirements mean that a surprise may be in store for healthcare companies that have assumed that their data sets are largely unregulated by the CCPA but regularly share, sell or license their deidentified patient information.”
Read the article here.