Skip to Main Content

California Health & Wellness uses cookies. By continuing to use our site, you agree to our Privacy Policy and Terms of Use.

California Health & Wellness is no longer a Medi-Cal plan starting January 1, 2024. Regardless of the county you live in, your Medi-Cal service and benefits will not be impacted by the health plan changes since you will be assigned to a new health plan. The county you live in determines your new health plan. Learn more
California Health & Wellness is no longer a Medi-Cal plan starting January 1, 2024. Regardless of the county you live in, your Medi-Cal service and benefits will not be impacted by the health plan changes since you will be assigned to a new health plan. The county you live in determines your new health plan. Learn more

23-1512m Stay Informed for 2024: Updates for Electronic Signatures and Expiration Dates, Medical Information Definitions, and Data Exchange of Health Information

Date: 12/28/23

AB 1697, AB 254 and AB 352 update how doctors share patient information, how long that permission lasts, and include details on reproductive and sexual health definitions

Today, the Uniform Electronic Transactions Act allows for the use of electronic signatures on records but exempts certain authorizations including medical information releases and the release of genetic test results.

Effective January 1, 2024, Assembly Bills (AB) 1697 and 254 remove these exemptions, update the requirement for expiration dates on these authorizations, and revise the definition of medical information as described in this update.

Additionally, effective January 1, 2024, AB 352 discusses requirements for real time data exchange of health information with the California Health and Human Services Data Exchange Framework. Refer to the information in this update on health information related to abortion and abortion-related services.

Requirements for a valid authorization for release of information

You must obtain signed authorization from the member to use or disclose the member’s medical information. You also need to give instructions to members on how to access additional copies or digital versions of the signed authorization.

The signed authorization must:

  • Be written in plain language and no smaller than 14-point font.
  • Be dated and signed with an electronic or handwritten signature by the member or person authorized to act on behalf of the member.
  • Specify the type of individuals authorized to disclose information about the member.
  • Specify the nature of the information authorized to be disclosed.
  • State the name or functions of the persons or entities authorized to receive the information.
  • Specify the purposes for which the information is collected.
  • Specify the length of time the authorization shall remain valid.
  • State an expiration date or event. AB 1697 (56.05)(f) states that the expiration date for a valid signature is up to one year  unless the person signing the authorization requests a specific date beyond a year or the authorization is related to an approved clinical trial1 after which the provider, health care service plan, pharmaceutical company, or contractor is no longer authorized to disclose the medical information.

What is defined medical information?

“Medical information” is any individually identifiable information, in electronic or physical form, in possession of or derived from a provider of health care, health care service plan, pharmaceutical company, or contractor regarding a patient’s medical history, mental health application information, reproductive or sexual health application information, mental or physical condition, or treatment.

“Individually identifiable” means that the medical information includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as the patient’s name, address, electronic mail address, telephone number, or social security number, or other information that, alone or in combination with other publicly available information, reveals the identity of the individual.

Reproductive or sexual health application information

AB 254 (56.05)(p)(q) revises the definition of “medical information” to include:

  • Reproductive or sexual health application information – information about a consumer’s reproductive health, menstrual cycle, fertility, pregnancy, pregnancy outcome, plans to conceive, or type of sexual activity collected by a reproductive or sexual health digital service, including, but not limited to, information from which one can infer someone’s pregnancy status, menstrual cycle, fertility, hormone levels, birth control use, sexual activity, or gender identity.
  • Reproductive or sexual health digital service – a mobile-based application or internet website that collects reproductive or sexual health application information from a consumer, markets itself as facilitating reproductive or sexual health services to a consumer, and uses the information to facilitate reproductive or sexual health services to a consumer.

A business entity that offers a "sexual health digital service" is now considered a "provider" under the California Medical Information Act (CMIA, 56.06)(e).

  • Any business that offers a reproductive or sexual health digital service to a consumer for the purpose of allowing the individual to manage the individual’s information, or for the diagnosis, treatment, or management of a medical condition of the individual, shall be deemed to be a provider of health care subject to the requirements of this part. However, this section shall not be construed to make a business specified in this subdivision a provider of health care for purposes of any law other than this part, including, but not limited to, laws that specifically incorporate by reference the definitions of this part.

Real time data exchange of health information

AB 352 provides further clarification on the definition of health information related to real time data exchange of health information with the California Health and Human Services Data Exchange Framework. The following information has been adapted from Section 130290 of the Health and Safety code.

On or before January 31, 2024, minus the exceptions noted below, the following entities shall exchange health information or provide access to health information to and from every other of these same entities in real time as specified by the California Health and Human Services Agency pursuant to the California Health and Human Services Data Exchange Framework data sharing agreement for treatment, payment, or health care operations:

  • General acute care hospitals.
  • Physician organizations and medical groups.
  • Skilled nursing facilities that currently maintain electronic records.
  • Health care service plans and disability insurers that provide hospital, medical, or surgical coverage that are regulated by the Department of Managed Health Care or the Department of Insurance, and Medi-Cal managed care plans contracted with the State Department of Health Care.
  • Clinical laboratories regulated by the State Department of Public Health.
  • Acute psychiatric hospitals.

Exceptions

The exchange of health information described above does not apply to:

  • Physician practices of fewer than 25 physicians, rehabilitation hospitals, long-term acute care hospitals, acute psychiatric hospitals, critical access hospitals, and rural general acute care hospitals with fewer than 100 acute care beds, state-run acute psychiatric hospitals, and any nonprofit clinic with fewer than 10 health care providers until January 31, 2026.
  • Abortion and abortion-related services.

Additional information

For additional detail on any of the assembly bills referenced in this communication, please refer to the following links:

Providers are encouraged to access CHWP’s provider portal for real-time information, including eligibility verification, claims status, prior authorization status, plan summaries, and more.

If you have questions regarding the information contained in this update, contact CHWP at 877-658-0305.

 

This information applies to Physicians, Independent Practice Associations (IPAs), Hospitals, Ancillary providers, Community Supports (CS) Providers, and Enhanced Care Management (ECM) Providers.