Reproductive Privacy Act

Provider Type

  • Physicians
  • Participating Physician Groups (PPG) 
    (does not apply to HSP)
  • Hospitals
  • Ancillary

Certain businesses handling medical information on sensitive services must develop security policies for data related to gender-affirming care, abortion, abortion-related services, and contraception. California law also prohibits health care providers, plans, contractors, or employers from sharing medical information for investigations or inquiries from other states or federal agencies regarding lawful abortions unless authorized by existing law.

Data for gender-affirming and abortion-related services must be omitted from data exchanged via health information exchanges (HIEs) and not be transmitted to California HIEs.

State law specifically states:1

  • A business that electronically stores or maintains medical information on the provision of sensitive services, including, but not limited to, on an electronic health record system or electronic medical record system, on behalf of a provider of health care, health care service plan, pharmaceutical company, contractor, or employer, must have capabilities, policies, and procedures that enable all of the following:
    • Limit user access privileges to information systems that contain medical information related to gender-affirming care, abortion and abortion-related services, and contraception only to those persons who are authorized to access specified medical information.
    • Prevent the disclosure, access, transfer, transmission, or processing of medical information related to gender-affirming care, abortion and abortion-related services, and contraception to persons and entities outside of the state of California.
    • Segregate medical information related to gender-affirming care, abortion and abortion-related services, and contraception from the rest of the patient’s record.
    • Provide the ability to automatically disable access to segregated medical information related to gender-affirming care, abortion and abortion-related services, and contraception by individuals and entities in another state.

Additionally, state law prohibits the collection or disclosure of information outside California for operational claims payment purposes. State law includes requirements for provider licensing, enhanced protections for individuals and providers in sensitive services and "legally protected health care activity," including preventing the disclosure of medical information related to sensitive services outside the state, segregating such information from the patient's record, and enabling automatic disabling of access by entities outside the state.

  • Legally protected health care activity includes, but is not limited to:
    • Reproductive health care services,
    • Gender-affirming health care services, and
    • Gender-affirming mental health care services.
  • Sensitive services include, but are not limited to:
    • Services related to mental/behavioral health,
    • Sexual and reproductive health,
    • Sexually transmitted infections,
    • Substance use disorder,
    • Gender affirming care, and
    • Intimate partner violence

Requirements for providers

Physicians and other health care providers must incorporate and/or adhere to the following:

  • Specified businesses that store or maintain medical information regarding sensitive services must develop specific policies, procedures and capabilities that protects sensitive information.
  • Health care service plans, providers and others may not cooperate with any inquiry or investigation from any individual, outside state, or federal agency that would identify an individual that is seeking, obtaining, or has obtained an abortion or related services that are lawful in California. Exceptions may be authorized if the individual has provided authorization for the disclosure.
  • The exchange of health information related to abortion and abortion-related services is excluded from automatically being shared on the California Health and Human Services Data Exchange Framework.

1Information taken or derived from Assembly Bill 352, Senate Bill 345, or information at https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240AB352 or https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB345.