On September 28, California’s governor signed a number of bills into law, including to regulate health care facilities’ use of artificial intelligence (“AI”).  This included AB 3030, which regulates certain California-licensed health care facilities’ use of AI and SB 1223, which amends the California Consumer Privacy Act (CCPA) to cover “neural data.”  We discuss each bill in turn below.

AB 3030

AB 3030 requires a health facility, clinic, physician’s office, or office of a group practice that uses generative AI to generate written or verbal patient communications pertaining to patient clinical information to provide certain disclosures to patients. 

In particular, AB 3030 requires the provision of “[a] disclaimer that indicates to the patient that the communication was generated by generative artificial intelligence.”  This disclaimer must be provided in a specific format, depending on the method through which the AI is interacting with the patient:

  • For written communications involving physical and digital media (e.g., letters, emails), the disclaimer must appear prominently at the beginning of each communication;
  • For written communications involving continuous only interactions (e.g., chat-based telehealth), the disclaimer must be prominently displayed through the interaction;
  • For audio communications, the disclaimer must be provided verbally at the start and the end of the interaction; and
  • For video communications, the disclaimer must be prominently displayed throughout the interaction.

In addition, regardless of the method of communication, AB 3030 requires that the AI-generated patient communications pertaining to patient clinical information include clear instructions describing how a patient may contact a health care provider, employee of the health facility, clinic, physician’s office, or office of a group practice, or other appropriate person.

However, AB 3030 does not apply to all patient communications that are generated using AI.  AI-generated communications that are read and reviewed by a human licensed or certified health care provider are not subject to these disclosure requirements in AB 3030.  In addition, AB 3030 does not regulate the use of AI for administrative matters.  AB 3030 applies only to communications pertaining to “patient clinical information,” which means “information relating to the health status of a patient . . . [and] does not include administrative matters, including, but not limited to, appointment scheduling, billing, or other clerical or business matters.”

SB 1223

SB 1223 amends the CCPA’s definition of “sensitive personal information” to include “a consumer’s neural data.”  “Neural data” is defined as “information that is generated by measuring the activity of a consumer’s central or peripheral nervous system, and that is not inferred from nonneural information.”  With the enactment of SB 1223, California becomes the second state, following Colorado, to amend its consumer privacy law to regulate neural data. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

As part of her practice, she also regularly represents clients in strategic transactions involving personal data and cybersecurity risk. She advises companies from all sectors on compliance with laws governing the handling of health-related data. Libbie is recognized as an Up and Coming lawyer in Chambers USA, Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Photo of Elizabeth Brim Elizabeth Brim

Elizabeth Brim is an associate in the firm’s Washington, DC office, where she is a member of the Data Privacy and Cybersecurity and Health Care Practice Groups and advises clients on a broad range of regulatory and compliance issues related to privacy and…

Elizabeth Brim is an associate in the firm’s Washington, DC office, where she is a member of the Data Privacy and Cybersecurity and Health Care Practice Groups and advises clients on a broad range of regulatory and compliance issues related to privacy and health care.

Elizabeth’s practice includes counseling clients on compliance with the complex web of health information privacy laws and regulations, such as HIPAA, the FTC’s Health Breach Notification Rule, and state medical and consumer health privacy laws as well as state consumer privacy and genetic privacy laws. She also advises clients on health care compliance issues, such as fraud and abuse, market access, and pricing and reimbursement activities.

Elizabeth routinely advises on regulatory compliance as part of transactions, clinical trial programs, collaborations and other activities that involve genetic data, and the development and operation of digital health products. As part of her practice, Elizabeth routinely counsels clients on drafting and negotiating privacy and health care terms with vendors and third parties and developing privacy notices and consent forms. In addition, Elizabeth maintains an active pro bono practice.

Elizabeth is an author of the American Health Law Association treatise, Pricing, Market Access, and Reimbursement Principles: Drugs, Biologicals and Medical Devices and the U.S. chapter of the Global Legal Insights treatise, Pricing & Reimbursement Laws and Regulations.