2022 California Code
Civil Code - CIV
DIVISION 1 - PERSONS
PART 2.6 - CONFIDENTIALITY OF MEDICAL INFORMATION
CHAPTER 2.6 - Genetic Privacy
Section 56.184.
56.184. (a) The provisions of this chapter shall not reduce a direct-to-consumer genetic testing company’s duties, obligations, requirements, or standards under any applicable state and federal laws for the protection of privacy and security.
(b) In the event of a conflict between the provisions of this chapter and any other law, the provisions of the law that afford the greatest protection for the right of privacy for consumers shall control.
(c) This chapter shall not apply to any of the following:
(1) Medical information governed by the Confidentiality of Medical Information Act, Part 2.6 (commencing with Section 56), or to protected health information that is collected, maintained, used, or disclosed by a covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations established pursuant to the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) and the federal Health Information Technology for Economic and Clinical Health Act (Public Law 111-5).
(2) A provider of health care governed by the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56)) or a covered entity governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) and the federal Health Information Technology for Economic and Clinical Health Act, Title XIII of the federal American Recovery and Reinvestment Act of 2009 (Public Law 111-5), to the extent that the provider or covered entity maintains, uses, and discloses genetic information in the same manner as medical information or protected health information, as described in paragraph (1).
(3) A business associate of a covered entity governed by the privacy, security, and data breach notification rules issued by the United States Department of Health and Human Services, Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established pursuant to the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) and the federal Health Information Technology for Economic and Clinical Health Act, Title XIII of the federal American Recovery and Reinvestment Act of 2009 (Public Law 111-5), to the extent that the business associate maintains, uses, and discloses genetic information in the same manner as medical information or protected health information, as described in paragraph (1).
(4) Scientific research or educational activities conducted by a public or private nonprofit postsecondary educational institution that holds an assurance with the United States Department of Health and Human Services pursuant to Part 46 of Title 45 of the Code of Federal Regulations, to the extent that the scientific research and educational activities conducted by that institution comply with all applicable federal and state laws and regulations for the protection of human subjects in research, including, but not limited to, the Common Rule pursuant to Part 46 (commencing with Section 46.101) of Title 45 of the Code of Federal Regulations, United States Food and Drug Administration regulations pursuant to Parts 50 and 56 of Title 21 of the Code of Federal Regulations, the federal Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g), and the Protection of Human Subjects in Medical Experimentation Act, Chapter 1.3 (commencing with Section 24170) of Division 20 of the Health and Safety Code.
(5) The California Newborn Screening Program authorized by Chapter 1 (commencing with Section 124975) of Part 5 of Division 106 of the Health and Safety Code.
(6) Tests conducted exclusively to diagnose whether an individual has a specific disease, to the extent that all persons involved in the conduct of the test maintain, use, and disclose genetic information in the same manner as medical information or protected health information, as described in paragraph (1).
(7) Genetic data used or maintained by an employer, or disclosed by an employee to an employer, to the extent that the use, maintenance, or disclosure of that data is necessary to comply with a local, state, or federal workplace health and safety ordinance, law, or regulation.
(d) Nothing in this chapter shall be construed to affect access to information made available to the public by the consumer.
(Added by Stats. 2021, Ch. 596, Sec. 2. (SB 41) Effective January 1, 2022.)