(a) Information identifying the names, addresses, or social security numbers of patients, their medical conditions, or the names of their primary caregivers, received and contained in the records of the State Department of Public Health and by any county public health department are hereby deemed “medical information” within the meaning of the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code) and shall not be disclosed by the department or by any county public health department except in accordance with the restrictions on disclosure of individually identifiable information under the Confidentiality of Medical Information Act.

(b) Within 24 hours of receiving any request to disclose the name, address, or social security number of a patient, their medical condition, or the name of their primary caregiver, the State Department of Public Health or any county public health agency shall contact the patient and inform the patient of the request and if the request was made in writing, a copy of the request.

Terms Used In California Health and Safety Code 11362.713

(c) Notwithstanding § 56.10 of the Civil Code, neither the State Department of Public Health, nor any county public health agency, shall disclose, nor shall they be ordered by agency or court to disclose, the names, addresses, or social security numbers of patients, their medical conditions, or the names of their primary caregivers, sooner than the 10th day after which the patient whose records are sought to be disclosed has been contacted.

(d) No identification card application system or database used or maintained by the State Department of Public Health or by any county department of public health or the county’s designee as provided in Section 11362.71 shall contain any personal information of any qualified patient, including, but not limited to, the patient’s name, address, social security number, medical conditions, or the names of their primary caregivers. Such an application system or database may only contain a unique user identification number, and when that number is entered, the only information that may be provided is whether the card is valid or invalid.

(Added November 8, 2016, by initiative Proposition 64, Sec. 5.2.)