Manatt’s Brandon Reilly, counsel in the firm’s privacy and data security group, spoke with Healthcare Innovation about the potential impact of the California Consumer Privacy Act (CCPA).
The CCPA goes into effect on Jan. 1, 2020, and will be the nation’s strictest consumer privacy and data protection law, according to Healthcare Innovation.
Nonprofit healthcare providers and entities that handle medical information will be exempt from the law. However, the law could have a significant impact on for-profit healthcare companies and companies providing consumer-targeted health or lifestyle services.
When asked how health systems and insurers could be impacted, Reilly said it is “complicated,” and that “the first task for health companies is to verify the extent to which the exemption for HIPAA-related data applies to them. Most healthcare insurers and providers typically will start with the assumption that all their personal data is exempt from the CCPA, but you really have to test it, because the HIPAA definition of PHI is so context-specific.”
Reilly also noted that California provider organizations will have to make an effort to determine whether the CCPA’s exclusions make them exempt.
“Certainly the exclusions give a large degree of comfort to healthcare companies, but given that the business of health is increasingly data-driven, you have to take a hard look at it,” he concluded.