Back to California

AB-2448 • 2026

Medical information: confidentiality.

Medical information: confidentiality.

Abortion Crime Education Healthcare Labor Privacy
Passed Legislature

This bill passed both chambers and reached final enrollment, even if later executive action is not shown here.

Sponsor
Berman (A) , Bauer-Kahan
Last action
2026-04-20
Official status
From committee: Do pass and re-refer to Com. on APPR. (Ayes 11. Noes 3.) (April 16). Re-referred to Com. on APPR.
Effective date
Not listed

Plain English Breakdown

The bill summary and digest do not provide details on enforcement mechanisms or penalties for non-compliance.

Medical Information Privacy

AB-2448 requires certain businesses to protect medical information related to sensitive services such as gender affirming care, abortion and abortion-related services, and contraception by limiting access and segregating data.

What This Bill Does

  • Requires specified businesses that electronically store or manage medical records for healthcare providers, health plans, pharmaceutical companies, contractors, or employers to develop security measures for specific types of health information.
  • Limits who can see medical information about gender affirming care, abortion, and contraception by setting up policies and procedures before July 1, 2024.
  • Separates sensitive medical information from other patient data to keep it private.

Who It Names or Affects

  • Businesses that electronically store or manage health records for healthcare providers, health plans, pharmaceutical companies, contractors, or employers.
  • Patients whose medical information is protected under this law.

Terms To Know

Confidentiality of Medical Information Act (CMIA)
A California law that stops doctors, hospitals, and other health care providers from sharing patient information without permission.
Sensitive services
Healthcare procedures or treatments like gender affirming care, abortion, and contraception that need extra privacy protection.

Limits and Unknowns

  • Does not specify who will enforce the new rules.
  • The bill does not say what happens if businesses do not follow these requirements.
  • It is unclear how much it will cost to implement these changes.

Bill History

  1. 2026-04-20 California Legislative Information

    From committee: Do pass and re-refer to Com. on APPR. (Ayes 11. Noes 3.) (April 16). Re-referred to Com. on APPR.

  2. 2026-04-20 California Legislative Information

    Coauthors revised.

  3. 2026-04-08 California Legislative Information

    From committee: Do pass and re-refer to Com. on P. & C.P. (Ayes 12. Noes 3.) (April 7). Re-referred to Com. on P. & C.P.

  4. 2026-03-09 California Legislative Information

    Referred to Coms. on HEALTH and P. & C.P.

  5. 2026-02-21 California Legislative Information

    From printer. May be heard in committee March 23.

  6. 2026-02-20 California Legislative Information

    Read first time. To print.

Official Summary Text

AB 2448, as introduced, Berman.
Medical information: confidentiality.
Existing law, the Confidentiality of Medical Information Act (CMIA), generally prohibits a provider of health care, a health care service plan, or a contractor from disclosing medical information regarding a patient, enrollee, or subscriber without first obtaining an authorization, unless a specified exception applies. Existing law makes a violation of the CMIA that results in economic loss or personal injury to a patient punishable as a misdemeanor. Existing law requires specified businesses that electronically store or maintain medical information on the provision of sensitive services on behalf of a provider of health care, health care service plan, pharmaceutical company, contractor, or employer to develop capabilities, policies, and procedures, on or before July 1, 2024, to enable certain security features, including limiting user access privileges and segregating medical information
related to gender affirming care, abortion and abortion-related services, and contraception, as specified.
This bill would also require those specified businesses to enable the above-specified capabilities, policies, and procedures for those security features, as specified. Because the bill would expand the scope of an existing crime, it would impose a state-mandated local program.
The California Constitution requires the state to reimburse local agencies and school districts for certain costs mandated by the state. Statutory provisions establish procedures for making that reimbursement.
This bill would provide that no reimbursement is required by this act for a specified reason.

Current Bill Text

Read the full stored bill text
Download Bill PDF