BILL NUMBER: SB 850CHAPTERED BILL TEXT CHAPTER 714 FILED WITH SECRETARY OF STATE OCTOBER 9, 2011 APPROVED BY GOVERNOR OCTOBER 9, 2011 PASSED THE SENATE SEPTEMBER 8, 2011 PASSED THE ASSEMBLY SEPTEMBER 7, 2011 AMENDED IN ASSEMBLY SEPTEMBER 1, 2011 AMENDED IN ASSEMBLY JUNE 22, 2011 AMENDED IN SENATE MAY 2, 2011 INTRODUCED BY Senator Leno FEBRUARY 18, 2011 An act to amend Section 56.101 of the Civil Code, relating to medical records. LEGISLATIVE COUNSEL'S DIGEST SB 850, Leno. Medical records: confidential information. The Confidentiality of Medical Information Act requires that every provider of health care, health care service plan, pharmaceutical company, and contractor who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical records do so in a manner that preserves the confidentiality of the information contained in the record, and provides that negligence in conducting these activities may result in damages or an administrative fine or civil penalty, as specified. This bill would require an electronic health or medical record system to automatically record and preserve any change or deletion of electronically stored medical information, and would require the record to include, among other things, the identity of the person who accessed and changed the medical information and the change that was made to the medical information. THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. Section 56.101 of the Civil Code is amended to read: 56.101. (a) Every provider of health care, health care service plan, pharmaceutical company, or contractor who creates, maintains, preserves, stores, abandons, destroys, or disposes of medical information shall do so in a manner that preserves the confidentiality of the information contained therein. Any provider of health care, health care service plan, pharmaceutical company, or contractor who negligently creates, maintains, preserves, stores, abandons, destroys, or disposes of medical information shall be subject to the remedies and penalties provided under subdivisions (b) and (c) of Section 56.36. (b) (1) An electronic health record system or electronic medical record system shall do the following: (A) Protect and preserve the integrity of electronic medical information. (B) Automatically record and preserve any change or deletion of any electronically stored medical information. The record of any change or deletion shall include the identity of the person who accessed and changed the medical information, the date and time the medical information was accessed, and the change that was made to the medical information. (2) A patient's right to access or receive a copy of his or her electronic medical records upon request shall be consistent with applicable state and federal laws governing patient access to, and the use and disclosures of, medical information. (c) This section shall apply to an "electronic medical record" or "electronic health record" that meets the definition of "electronic health record," as that term is defined in Section 17921(5) of Title 42 of the United States Code.