Chapter 3 - Use and Disclosure of Medical Information by Employers

California Civil Code — §§ 56.20-56.245

Sections (6)

Repealed and added by Stats. 1981, Ch. 782, Sec. 2.

(a)Each employer who receives medical information shall establish appropriate procedures to ensure the confidentiality and protection from unauthorized use and disclosure of that information. These procedures may include, but are not limited to, instruction regarding confidentiality of employees and agents handling files containing medical information, and security systems restricting access to files containing medical information.

(b)No employee shall be discriminated against in terms or conditions of employment due to that employee’s refusal to sign an authorization

under this part. However, nothing in this section shall prohibit an employer from taking such action as is necessary in the absence of medical information due to an employee’s refusal to sign an authorization under this part.

(c)No employer shall use, disclose, or knowingly permit its employees or agents to use or disclose medical information which the employer possesses pertaining to its employees without the patient having first signed an authorization under Section 56.11 or Section 56.21 permitting such use or disclosure, except as follows:

(1)The information may be disclosed if the disclosure is compelled by judicial or administrative process or by any other specific provision of law.

(2)That part of the information which is relevant in a lawsuit, arbitration, grievance, or other claim or challenge to which

the employer and employee are parties and in which the patient has placed in issue his or her medical history, mental or physical condition, or treatment may be used or disclosed in connection with that proceeding.

(3)The information may be used only for the purpose of administering and maintaining employee benefit plans, including health care plans and plans providing short-term and long-term disability income, workers’ compensation and for determining eligibility for paid and unpaid leave from work for medical reasons.

(4)The information may be disclosed to a provider of health care or other health care professional or facility to aid the diagnosis or treatment of the patient, where the patient or other person specified in subdivision (c) of Section 56. 21 is unable to authorize the disclosure.

(d)If an employer

agrees in writing with one or more of its employees or maintains a written policy which provides that particular types of medical information shall not be used or disclosed by the employer in particular ways, the employer shall obtain an authorization for such uses or disclosures even if an authorization would not otherwise be required by subdivision (c).

§ 56.21

Amended by Stats. 2023, Ch. 374, Sec. 4. (AB 1697) Effective January 1, 2024.

An authorization for an employer to disclose medical information shall be valid if the authorization complies with all of the following:

(a)Is handwritten or is in a typeface no smaller than 14-point type.

(b)Is clearly separate from any other language present on the same page and is executed by a signature that serves no purpose other than to execute the authorization.

(c)Is signed, including with an electronic or handwritten signature, and dated by one of the following:

(1)The patient, except that a patient who is a minor may only sign an

authorization for the disclosure of medical information obtained by a provider of health care in the course of furnishing services to which the minor could lawfully have consented under Part 4 (commencing with Section 6900) of Division 11 of the Family Code.

(2)The legal representative of the patient, if the patient is a minor or lacks the capacity to make the decision to authorize the release of medical information. However, authorization may not be given under this subdivision for the disclosure of medical information that pertains to a competent minor and that was created by a provider of health care in the course of furnishing services to which a minor patient could lawfully have consented under Part 4 (commencing with Section 6900) of Division 11 of the Family Code.

(3)The beneficiary, as defined in Section 24 of the Probate Code, or personal representative, as defined in

Section 58 of the Probate Code, of a deceased patient.

(d)States the limitations, if any, on the types of medical information to be disclosed.

(e)States the name or functions of the employer or person authorized to disclose the medical information.

(f)States the names or functions of the persons or entities authorized to receive the medical information.

(g)States the limitations, if any, on the use of the medical information by the persons or entities authorized to receive the medical information.

(h)States an expiration date or event. The expiration date or event shall limit the duration of the authorization to one year or less, unless the person signing the authorization requests a

specific date beyond a year or unless the authorization is related to an approved clinical trial, as defined in Section 1370.6 of the Health and Safety Code, or medical research study, in which case the authorization may extend beyond one year if the expiration date or event extends no longer than the completion of the relevant clinical trial or research study.

(i)Advises the person who signed the authorization of the right to receive a copy of the authorization.

(j)If an employer or any other entity seeks an authorization from an individual for a use or disclosure of protected health information, the employer or other entity shall provide the individual with a copy of the signed authorization and instructions on how to access additional copies or a digital version of the signed authorization.

§ 56.22

Repealed and added by Stats. 1981, Ch. 782, Sec. 2.

Upon demand by the patient or the person who signed an authorization, an employer possessing the authorization shall furnish a true copy thereof.

§ 56.23

Added by Stats. 1981, Ch. 782, Sec. 2.

An employer that discloses medical information pursuant to an authorization required by this chapter shall communicate to the person or entity to which it discloses the medical information any limitations in the authorization regarding the use of the medical information. No employer that has attempted in good faith to comply with this provision shall be liable for any unauthorized use of the medical information by the person or entity to which the employer disclosed the medical information.

§ 56.24

Repealed and added by Stats. 1981, Ch. 782, Sec. 2.

Nothing in this part shall be construed to prevent a person who could sign the authorization pursuant to subdivision (c) of Section 56.21 from cancelling or modifying an authorization. However, the cancellation or modification shall be effective only after the employer actually receives written notice of the cancellation or modification.

§ 56.245

Added by Stats. 1981, Ch. 782, Sec. 2.

A recipient of medical information pursuant to an authorization as provided by this chapter may not further disclose such medical information unless in accordance with a new authorization that meets the requirements of Section 56. 21, or as specifically required or permitted by other provisions of this chapter or by law.