Sacramento – Patients in California whose electronic health information is lost or stolen must be notified of the breach under legislation the governor signed into law today, placing medical data on the same footing as bank records and other financial files.  Authored by State Assemblymember Dave Jones (D – Sacramento), the new law, AB 1298, responds to the push to digitize patients’ medical records despite concerns that electronic health records are more susceptible to data security breaches than paper files. 

“Medical records hold our most personal, private information,” said Jones.  “Patients should feel confident they can tell their doctors anything, and nothing they say will ever fall into the wrong hands.  Patients have their doubts about how secure their medical records really are.  This bill will make insurers, doctors, and everyone in the healthcare industry guard their patients’ medical info like it was their own.”

Jones’ bill builds on current California law that requires businesses to notify consumers when their social security numbers and other electronic financial information is breached.  That law has been credited with encouraging businesses to enhance data security practices.  Jones said the new law will have the same effect in the health sector.

A 2005 national survey by the California HealthCare Foundation found that 2/3 of respondents remain highly concerned about their health information privacy.  Consumers worried about their privacy use “privacy protective behavior” that could potentially harm their health, such as asking a doctor not to record a health problem or deciding not to be tested for a condition out of a concern for the confidentiality of the results.