California Extends Privacy Rules – Adult Use – The Medicinal and Adult-Use Cannabis Regulation and Safety Act, among other things, provides for the licensure and regulation of commercial cannabis activity, including cultivation, manufacturing, distribution, and retail sale. Existing law requires licensees to maintain specified records of commercial cannabis transactions.
Existing law, the California Uniform Controlled Substances Act, makes various acts involving marijuana a crime except as authorized by law. Existing law, the Medical Marijuana Program (MMP),
requires counties to administer an identification card program for qualified patients and provides immunity from arrest to qualified patients with a valid identification card or designated primary caregivers, within prescribed limits.
Existing law requires information identifying the names of patients, their medical conditions, or the names of their primary caregivers received and contained in records kept by the Bureau of Cannabis Control for the purposes of administering the act to be maintained in accordance with state law relating to patient access to his or her health records, the Confidentiality of Medical Information Act, and other state and federal laws relating to confidential patient information, and provides that this information is confidential and exempt from disclosure under the California Public Records Act, except as specified.
The existing law deems information contained in a physician’s recommendation to use cannabis for medical purposes to be “medical information” within the meaning of the Confidentiality of Medical Information Act, and prohibits a licensee from disclosing this information, except as specified.
California Extends Privacy Rules – Adult Use
Existing law, the Confidentiality of Medical Information Act, prohibits providers of health care, health care service plans, contractors, employers, and 3rd-party administrators, among others, from disclosing medical information, as defined, without the patient’s written authorization, subject to certain exceptions, as specified. A violation of the act resulting in economic loss or personal injury to a patient is a misdemeanor and subjects the violating party to liability for specified damages and administrative fines and penalties.
This bill would prohibit a licensee from disclosing a consumer’s personal information, as defined, to a 3rd party, as specified, except to the extent necessary to allow responsibility for payment to be determined and payment to be made or if the consumer has consented to the licensee’s disclosure of the personal information. The bill would prohibit a licensee from discriminating against a consumer or denying a consumer a product or service because he or she has not provided consent to authorize the licensee to disclose the consumer’s nonpublic personal information to a 3rd party not directly related to the transaction.
This bill would deem a business licensed under the Medicinal and Adult-Use Cannabis Regulation and Safety Act that is authorized to receive or receives identification cards issued pursuant to the MMP or information contained in a physician’s recommendation to be a provider of healthcare subject to the requirements of the Confidentiality of Medical Information Act.
The bill would provide exceptions to the prohibitions on disclosure of a consumer’s personal information, identification cards, and information contained in a physician’s recommendation for a contractor providing software services to a licensee, as specified. By expanding the scope of a crime, the bill would impose a state-mandated local program.
Managing Director & CEO of integrated transactional financial advisory, tax, and technology consulting firm - aBIZinaBOX Inc
New York, Chicago, and OaklandCPA.CITP.CISM.CGEIT.CGMAExpertise with: Alt. Investments/Private Equity, Real Estate, Professional Services, CA Cannabis, Tech Start-Ups and Distressed Assets/DebtTechnology Certifications including:Advanced & High Complexity Cloud Integrator
AICPA PCPS, CAQ,, IMTA, CITP
ISACA CGEIT, CISMState CPA Societies in California, Florida, Illinois, New York and TexasExpertise with Regulatory Compliance - US - HIPAA, FINRA, SEC Rule 17(a)(3)/(4), eDiscovery, FINCEN - EU- EBA, ESMA, EIOPA UK - BoE, PRA, FCA View all posts by abizcannabis