California Medical Records Laws

Last updated 11/19/2019

Medical records are considered highly sensitive, available only to those who need to know and/or have been given consent. Federal laws govern the privacy protection of medical records, along with some state laws. California medical records laws state that a patient's information may not be disclosed without authorization unless it is pursuant to a court order, or for purposes of communicating important medical data to other health care providers, insurers, and other interested parties.

These laws are encoded in the Confidentiality of Medical Information Act, which defines "medical information" as any individually identifiable information that is kept in either physical or electronic form. Parties required to comply with the Act include heath care providers, health care service plan providers (insurers), pharmaceutical companies, and any other entities involved in handling sensitive medical data.

Additionally, the federal Health Insurance Portability and Accountability Act (HIPAA) sets national standards for the security of electronically stored or transmitted medical data.

The following table highlights the basics of California medical records laws. See Can Doctors Ever Give My Personal Medical Information to Others Without My Permission? for more general information.

Relevant laws	Civ. Code Section 56 Senate Bill No. 575: Requires healthcare providers to give a free copy to the patient if certain conditions are met Senate Bill No. 241: Regulates how much healthcare providers can charge patients for medical records Lanterman-Petris-Short Act: Permits healthcare providers serving mental health patients to disclose patient information to entities with aÂ HIPAA-compliant businessÂ
Who Has Access to Records?	May not be disclosed without authorization except for court order, insurance, HMO (Civ. Code Section 56)
What Privileges Apply to Medical Records?	Doctors, including psychotherapists and psychiatrists (Ev. Â§1010); patient must waive doctor-patient confidentiality when plaintiff in civil suit (Ev. Â§1016)
Mandatory Reporting Requirements	-
Patient Consent and Waiver	Patient must waive doctor-patient confidentiality when plaintiff in civil suit (Ev. Â§1016); other: Civ. Code Â§56.07
Insurance Companies	Insurer may obtain to the extent noted in (Civ. Code Â§56.10(c)(2)) Information disclosed to the extent necessary to allow responsibility for payment to be determined and made
Provisions Related to HIV/AIDS	Blood testing must be anonymous and test results may not disclose identities of persons tested even through subpoena (H&S 120975 and 121025)

Note: State laws are constantly changing -- contact a California health care attorney or conduct your own legal research to verify the state law(s) you are researching.

Research the Law:

California Law
Official State Codes - Links to the official online statutes (laws) in all 50 states and DC.

Related Resources for Medical Records Laws: