BILL ANALYSIS                                                                                                                                                                                                    Ó






                             SENATE JUDICIARY COMMITTEE
                             Senator Noreen Evans, Chair
                              2013-2014 Regular Session


          SB 222 (Padilla)
          As Amended April 22, 2013
          Hearing Date: April 30, 2013
          Fiscal: Yes
          Urgency: No
          RD


                                        SUBJECT
                                           
                            Genetic Information: Privacy

                                      DESCRIPTION  

          This bill would enact the Genetic Information Privacy Act to  
          permit genetic information to be collected, stored, analyzed, or  
          disclosed only if the individual to whom the genetic information  
          pertains has provided a written authorization, except as  
          specified.  This bill would specify the information that must be  
          included in the authorization and impose various civil penalties  
          to be paid to the individual to whom the information pertains  
          for a violation of the bill's provisions, as specified.  

                                      BACKGROUND  

          Genetic testing is a sophisticated technique used to test for  
          genetic disorders.  More recently, direct-to-consumer genetic  
          testing has allowed individual consumers to provide genetic  
          samples in order to test for genetic disorders, identify their  
          ancestry, or take part in research studies.  This testing,  
          however, has not come without controversy and concerns.  

          Separately, a 2010 report by the General Accounting Office  
          (GAO), entitled "Direct-to-Consumer Genetic Tests: Misleading  
          Test Results are Further Complicated by Deceptive Marketing and  
          Other Questionable Practices," found test results that were  
          "misleading and of no practical use.  For example, GAO's donors  
          often received disease risk predictions that varied across the  
          four companies, indicating that identical DNA samples yield  
          contradictory results." (GAO, Highlights, Direct-to-Consumer  
          Genetic Tests: Misleading Test Results are Further Complicated  
                                                                (more)



          SB 222 (Padilla)
          Page 2 of ?



          by Deceptive Marketing and Other Questionable Practices (Jul.  
          22, 2010)  [as of Apr.  
          4, 2013].)  Furthermore, the GAO found egregious examples of  
          deceptive marketing, including two companies who "told GAO's  
          fictitious consumer that she could secretly test her fiancé's  
          DNA to 'surprise' him with test results," despite the fact that  
          surreptitious genetic testing is restricted in many states. 
          In 2009, two reporters from New Scientist demmonstrated that it  
          was possible to bypass and ignore consent requirements of  
          certain companies and submit someone else's DNA for testing.   
          Their article detailing the experience stated:

            The terms and conditions for the deCODEme service state that  
            someone submitting DNA must have the legal authority to do so,  
            and that the sample must be taken from the cheek.  We wanted  
            to test whether deCODEme is vulnerable to abuse from someone  
            prepared to ignore these terms, so Michael pipetted some of  
            Peter's DNA onto deCODEme's swabs and sent them off for  
            analysis under his own name.  As far as Decode was concerned,  
            it was a sample of Michael's DNA taken by swabbing his own  
            cheek.  . . .  [The reporters submitted a sample to another  
            company.]  This company also has terms and conditions  
            specifying that customers must have the necessary consents and  
            approvals to submit samples.  Mimicking a hacker who would be  
            willing to ignore these terms, Michael submitted the amplified  
            DNA for scanning.  . . .  Both of these back-up plans worked.   


          Additionally, the Genetics and Public Policy Center has found  
          "[ten] states that restrict surreptitious collection, analysis,  
          and/or disclosure for both health- and non-health related  
          purposes, 15 states that restrict surreptitious testing for  
          health-related purposes only, six states with restrictions in  
          the context of court-ordered parentage proceedings, and two  
          states with employment-related restrictions only." (Genetics and  
          Public Policy Center, State laws pertaining to surreptitious DNA  
          testing (Jan. 21, 2009)  
           [as of Apr. 25, 2013].)

          More generally, in October 2012, the Presidential Commission for  
          the Study of Bioethical Issues (an advisory panel of the  
          nation's leaders in medicine, science, ethics, religion, law,  
          and engineering) released a report recommending the adoption of  
          policies to help ensure privacy and security, as the field of  
          genomics advances, and urged federal and state governments to  
                                                                      



          SB 222 (Padilla)
          Page 3 of ?



          ensure a consistent floor of privacy protections covering whole  
          genome sequencing data regardless of how they were obtained.   
          (Press Release: President's Bioethics Commission Releases Report  
          on Genomics and Privacy (Oct. 11, 2012)  
           [as of Apr. 25, 2013].)  

          Currently, federal and state laws offer various protections for  
          genetic testing.  For example, in 2008, the federal government  
          enacted the Genetic Information and Nondiscrimination Act (GINA)  
          to prohibit discrimination in group health plan coverage and  
          employment based on genetic information.  Last year, this  
          Committee approved SB 1267 (Padilla, 2012), similar to this  
          bill, which would have similarly permitted genetic information  
          to be obtained, analyzed, retained or disclosed only with the  
          written authorization of the individual to whom the information  
          pertains.  That bill would have imposed the same civil penalties  
          as this bill, but also included several other important  
          requirements such as obtaining a new authorization for each new  
          use of the genetic information as well as the destruction of the  
          genetic information or DNA sample upon completion of the purpose  
          authorization was obtained that are not in this bill.  SB 1267  
          passed this Committee, but ultimately died in the Senate  
          Appropriations Committee.  

          This bill is a renewed effort to permit genetic information to  
          be collected, stored, analyzed, or disclosed only where the  
          individual to whom the genetic information pertains has provided  
          a written authorization, except as specified, and subject to  
          various civil penalties.   

                                CHANGES TO EXISTING LAW
           
           Existing law  , the California Constitution, provides that all  
          people have inalienable rights, including the right to pursue  
          and obtain privacy.  (Cal. Const., art. I, Sec. 1.)  
           
          Existing law  prohibits, under the State Confidentiality of  
          Medical Information Act (CMIA), providers of health care, health  
          care service plans, or contractors, as defined, from sharing  
          medical information without the patient's written authorization,  
          subject to exceptions, including among others, certain research.  
           (Civ. Code Sec. 56 et seq.)  
           
          Existing federal law  , the Health Insurance Portability and  
          Accountability Act (HIPAA), specifies privacy protections for  
          patients' protected health information and generally provides  
                                                                      



          SB 222 (Padilla)
          Page 4 of ?



          that a covered entity, as defined (health plan, health care  
          provider, and health care clearing house), may not use or  
          disclose protected health information except as specified or as  
          authorized by the patient in writing.  (45 C.F.R. Sec. 164.500  
          et seq.)  
           
          Existing law  prohibits discrimination under the Unruh Civil  
          Rights Act and the Fair Employment and Housing Act (FEHA) on the  
          basis of genetic information.  (Civ. Code Sec. 51 and Gov. Code  
          Sec. 12920 et seq.)

           Existing federal law  prohibits, under the Genetic Information  
          and Nondiscrimination Act (GINA), discrimination in group health  
          plan coverage and employment based on genetic information.   
          (Pub. Law 110-233.)

           Existing law  provides for the various penalties concerning the  
          disclosure of genetic tests.  (Ins. Code Sec. 10149.1.)

           This bill  makes various legislative findings and declarations,  
          including, among others that the Legislature intends to enact  
          legislation that would:
           ensure that genetic information is personal information that  
            is not collected, stored, or disclosed without the  
            individual's authorization;
           provide protections for the collection, storage, and  
            authorized use of genetic information; and
           promote the use of genetic information for legitimate reasons,  
            as specified.
           
          This bill  would provide that genetic information is protected by  
          the constitutional right of privacy and prohibit genetic  
          information from being collected, stored, analyzed, or disclosed  
          without the written authorization of the individual to whom the  
          information pertains.  The authorization must among other  
          things: 
           specify the types of persons authorized to disclose  
            information about the individual;
           specify the nature of the information authorized to be  
            disclosed;
           state the name or functions of the person or entities  
            authorized to receive the information; and
           specify the purposes for which the information is being  
            collected. 

           This bill  would provide exceptions to the above authorization  
                                                                      



          SB 222 (Padilla)
          Page 5 of ?



          requirement for the following instances, as specified:
           a law enforcement official in the execution of his or her  
            official duties consistent with existing law; 
           a hospital, laboratory, or physician carrying out  
            court-ordered tests for genetic information; 
           a licensed health care professional in medical emergencies; 
           a coroner or medical examiner in the execution of his or her  
            official duties consistent with existing law; 
           any screening of newborn infants required by state or federal  
            law.
           if the information is in the form of deidentified data; and
           for any person or entity covered and required to comply with  
            any of the following
             o    the HIPAA of 1996;
             o    the informed consent provision of the CMIA, as  
               specified; 
             o    the informed consent provision of the Insurance Code, as  
               specified; or 
             o    federal regulations, as specified. 
          
           This bill  would provide for civil penalties to be paid to the  
          individual to whom the genetic information pertains under the  
          following circumstances:
           any person who negligently violates the bill's authorization  
            requirement shall be assessed a civil penalty not to exceed  
            $1,000, plus court costs; 
           any person who willfully violates the bill's authorization  
            requirement shall be assessed a civil penalty in an amount not  
            less than $1,000 and not more than $5,000, plus court costs;  
            and 
           in addition to the above, a person who commits an act  
            described in the above two penalty provisions shall be liable  
            for all actual damages, including damages for economic,  
            bodily, or emotional harm which is proximately caused by the  
            act.

           This bill  would also provide that any person who willfully or  
          negligently violates the bill's authorization requirement and  
          the violation results in economic, bodily, or emotional harm to  
          the individual to whom the genetic information pertains is  
          guilty of a misdemeanor punishable by a fine not to exceed  
          $10,000.

           This bill  would make each violation of the bill is a separate  
          and actionable offense. 

                                                                      



          SB 222 (Padilla)
          Page 6 of ?



           This bill  would provide definitions for "deidentified data,"  
          "DNA sample," "genetic characteristic," "genetic information,"  
          "genetic service," "genetic test," and "person." 
                                        COMMENT
           
          1.   Stated need for the bill  

          According to the author:

            We have laws to protect the privacy of our financial  
            information, our medical records, and even the books we check  
            out from the local library. SB 222 would extend California  
            privacy protections to a person's genetic material and  
            information. We need genomic privacy protections because there  
            is nothing more personal than a person's DNA. Analysis of  
            genetic material can allow for early detection of disease long  
            before symptoms become apparent. Genetic markers can also  
            suggest propensity for diseases that may or may not ever  
            develop. 

            While genomics continues to lead to important medical  
            discoveries, genetic information can also be misused in ways  
            that could harm individuals and their families. Such examples  
            include, but are not limited to: conducting paternity tests  
            without a court order or the consent of all parties, using  
            genetic information collected surreptitiously to harm a  
            personal enemy or competitor, collecting DNA without consent  
            to determine genealogical history.  

            [ . . . ]  This bill would protect individuals from the  
            unauthorized collection, storage, analysis and use of their  
            genetic information while encouraging the authorized use of  
            genetic information for legitimate reasons, including health  
            care, research and educational purposes, as the field of  
            genomics advances.
          
          2.  Informed consent and privacy protections 
           
          Under this bill, genetic information could be collected, stored,  
          analyzed, or disclosed only if the individual to whom the  
          information pertains has provided a written authorization that  
          meets specified requirements.  That authorization would not be  
          required, however, if one of the bill's included exceptions  
          applies.  (See Comment 3.)   Violations of the written  
          authorization requirement would result in various penalties and  
          civil liability that parallel existing provisions under the  
                                                                      



          SB 222 (Padilla)
          Page 7 of ?



          Insurance Code and the State Confidentiality of Medical  
          Information Act. 

              a.   The informed consent requirements in SB 1267 are missing  
               from this bill 
                
            This bill currently requires that the authorization meet  
            certain requirements, including that it be in clear language  
            of at least 14 point type; be dated and signed;  specify the  
            types of persons authorized to disclose information about the  
            individual; specify the nature of the information authorized  
            to be disclosed; state the name or functions of the person or  
            entities authorized to receive the information; specify the  
            purposes for which the information is being collected; and  
            specify the length of time for which the authorization shall  
            be valid. 
            From a policy standpoint, permitting genetic information to be  
            collected, stored, analyzed, or disclosed provided that the  
            individual to whom the genetic information pertains has given  
            his or her consent raises the question of how best to ensure  
            that an individual is making a fully informed decision before  
            providing consent to another party to use such private  
            information.  Because DNA is unique to every individual, and  
            could potentially even be linked back to the individual after  
            being "deidentified" (see Comment 6), it is important that  
            people know where their information is going, for what  
            purposes it is being used, and what happens to their  
            information after that purpose is fulfilled. 

            To this end, this bill requires that the authorization specify  
            the following: the types of persons authorized to disclose  
            information about the individual, the purposes for which the  
            information is being collected, and the length of time that  
            the authorization shall remain valid.  That provision is  
            important because it would allow a party to indicate limits on  
            the use of his or her information for commercial, research, or  
            other purposes.  For example, in some cases, a consumer may  
            want to give his or her genetic information only for a limited  
            purpose such as testing for genetic disorders or risks or  
            ancestry, but not want it shared with others or used for any  
            other purpose.  The written authorization required would allow  
            the individual to do so.  

            At the same time, however, this bill leaves out important  
            notices that SB 1267 was amended to provide within the written  
            authorization and which was approved by this Committee last  
                                                                      



          SB 222 (Padilla)
          Page 8 of ?



            year. Namely, in addition to the above, SB 1267 would have  
            required that the authorization contain certain information  
            aimed at helping the individual to make a decision and direct  
            the use of his or her genetic information.  This information  
            included, among other things: a statement that the  
            authorization shall remain valid for as long as it takes to  
            carry out the purpose; a notification that the individual has  
            the right to limit the purpose for which his or her genetic  
            information is used; a notification that once the purpose is  
            fulfilled, the genetic information and sample must be  
            destroyed; and, whether the genetic information will remain  
            identifiable or be made non-identifiable.  That bill also  
            required a separate authorization for each new use-thereby  
            avoiding blanket authorizations. 

            Given that the above elements were important factors in this  
            Committee's approval of SB 1267 last year, the author may wish  
            to consider adding amendments that would incorporate similar  
            components into this bill.

              b.   Other significant protections that were in SB 1267 are  
               missing from this bill  

            In addition to the information discussed above, SB 1267 also  
            included important measures that sought to ensure that the  
            person that obtains, analyzes, retains, or discloses this  
            information comports with certain requirements.  Those  
            requirements included that: 
                 the person may not obtain, analyze, retain, or disclose  
               the genetic information for any purpose other than the  
               purpose authorized by the individual to whom the  
               information pertains;
                 once the specific purpose authorized by the individual  
               to whom the genetic information pertains has been  
               fulfilled, the individual's genetic information and DNA  
               sample shall be destroyed; 
                 the person shall permit an individual to revoke their  
               written authorization; and
                 the person shall provide an individual who has signed  
               the written authorization with a copy of that authorization  
               upon request.  

            Without those statutory mandates, any written authorization  
            form would have to notify the person providing their consent  
            with certain information relating to their rights and what  
            will happen with their genetic information, but the entity or  
                                                                      



          SB 222 (Padilla)
          Page 9 of ?



            person seeking to use the genetic information or DNA sample  
            would not be required to comply with those requirements under  
            the law.  

            In other words, while the bill would require that the written  
            authorization specify the purpose for which authorization is  
            granted, in the interest of protecting the privacy of  
            individuals even where consent is provided for specific  
            purposes, the bill should also, as a matter of law, restrict  
            the use of the information to the purpose for which it was  
            collected.   This purpose limitation, in particular, is a  
            fundamental tenet of privacy law and appears in other statutes  
            where personal information-often name, address, or other  
            information that is arguably not as unique to an individual as  
            his or her DNA-is permitted to be shared or disclosed for a  
            particular purpose.  (See, e.g., Fam. Code Sec. 17528; Pub.  
            Util. Code Secs. 8380, 8381; Veh. Code Secs. 1808.23, 21455.5,  
            40248.) 

            Given that the above elements were important factors in this  
            Committee's approval of SB 1267 last year, the author may wish  
            to consider adding amendments that would incorporate similar  
            components into this bill.

          3.    The exemptions to this bill's authorization requirements  
          are potentially problematic
           
          Under this bill, genetic information cannot be collected,  
          stored, analyzed, or disclosed without the statutory  
          authorization described above, except in specified  
          circumstances.   Similar to SB 1267 (Padilla, 2012), this bill  
          would create limited exceptions for, among others: a law  
          enforcement official in the execution of his or her official  
          duties consistent with existing law; a hospital, laboratory, or  
          physician carrying out court-ordered tests for genetic  
          information; and any screening of newborn infants required by  
          law.  This bill, as recently amended, however, also includes  
          numerous other exceptions for which a party shall not be  
          required to comply with the written authorizations of this  
          bill-namely, where the data is deidentified or a person or  
          entity is otherwise covered by and complies with various  
          existing federal or state laws and regulations.   

          Staff notes that the broad exception for any and all information  
          that is in the form of deidentified data is problematic.   
          Potentially, this exception sought to make allowances for  
                                                                      



          SB 222 (Padilla)
          Page 10 of ?



          deidentified data that is already being used to conduct medical  
          research, but it does so in an arguably overbroad way to achieve  
          the public policy goal of promoting important research from  
          genetic information.  An exception could be drawn much more  
          narrowly to mirror a similar exception in SB 1267, in order to  
          permit medical researchers to maintain access to that data for  
          research, while requiring that, moving forward, consent be  
          provided at least at the outset, for use of any newly collected  
          genetic data.  

          Staff also notes that the remaining exceptions for persons or  
          entities covered by and required to comply with specified acts  
          or sections of law raise significant issues.  As noted by  
          several organizations in opposition, if the aim of the bill is  
          to target the surreptitious testing in the commercial context,  
          these exceptions do not go far enough.  For example, the bill  
          does not appear to include an exception for scenarios in which  
          medical entities are required-by law-to share information with  
          public entities.  This bill would prohibit the medical entity  
          from disclosing that information without a prior authorization,  
                                                         and the public entity would be prohibited from collecting,  
          analyzing, storing, or sharing it.  Moreover, staff notes that  
          the exceptions would arguably suggest that existing informed  
          consent provisions are sufficient to address the unique concerns  
          and issues raised by genome sequencing and genetic  
          research-which is debatable.  As noted by, the Department of  
          Health and Human Services in a 2009 progress report, genetic  
          information raises unique ethical and legal issues that other  
          types of medical information may not:  

            A particular concern is that whole-genome scans will provide a  
            unique DNA identifier that could potentially be linked with  
            data obtained or stored in other contexts, which has  
            implications for consent and privacy.  Thus, the issue of  
            informed consent should be revisited whether the evolving  
            research paradigm using large databases of genomic information  
            and the growth of personalized medicine challenges long-held  
            assumptions about informed consent.  

          (A Progress Report and Future Directions of the Secretary's  
          Advisory Committee on Genetics, Health, and Society, The  
          Integration of Genetic Technologies Into Health Care and Public  
          Health, January 2009, p. 8.)

          Also of note, whether or not the existing law requirements are  
          sufficient in the medical treatment or research context is  
                                                                      



          SB 222 (Padilla)
          Page 11 of ?



          already the subject of studies, including an LAO report that the  
          author has reportedly requested.  It may be prudent to assess  
          what the actual shortcomings are before drawing exceptions.  It  
          may also be prudent to assess those shortcomings before assuming  
          that an additional consent process is needed.  

          This Committee may wish to reserve its right to review this bill  
          again if it continues through the process to ensure that  
          outstanding issues have been addressed. 

          4.    Penalties

           Under this bill, any offending giver, discloser, or receiver, of  
          information who violates the written authorization requirements  
          of this bill, would be subject to the penalties and liabilities  
          specified by the bill.  Namely, any person who negligently  
          violates the written authorization requirement would be assessed  
          a civil penalty not to exceed $1000, plus court costs, as  
          determined by the court, which penalty and costs shall be paid  
          to the individual to whom the genetic information pertains.  A  
          person who willfully violates the written authorization  
          requirement shall be assessed a penalty not less than $1,000 and  
          not to exceed $5,000, plus court costs, as determined by the  
          court, which penalty and costs shall be paid to the individual  
          to whom the genetic information pertains.  In addition, under  
          this bill, any person who violates the requirements, whether  
          negligently or willfully, shall be liable to the person to whom  
          the genetic information pertains for all actual damages,  
          including damages for economic, bodily, and emotional harm that  
          is proximately caused by that act.  The bill also contains a  
          misdemeanor, punishable by a fine not to exceed $10,000 where  
          the violation results in economic, bodily, or emotional harm to  
          the individual to whom the genetic information pertains-also  
          regardless of whether the violation was negligent or willful. 

          These penalties are based on existing Insurance Code Section  
          10149.1 and, in fact, mirror those provisions which relate to  
          the disclosure of test results for a genetic characteristic.   
          Under Section 10149.1, penalties are imposed when such a  
          disclosure is made to any third party in a manner which  
          identifies or provides identifying characteristics of the person  
          to whom the test results apply.

          5.    Definitions 

           The definitions contained in this bill have been changed in many  
                                                                      



          SB 222 (Padilla)
          Page 12 of ?



          respects from the definitions that were in SB 1267.  Many of the  
          bill's definitions are drawn from various definitions in federal  
          or state law.  Those definitions, however, were tailored for  
          specific areas of law-such as the employment discrimination or  
          insurance discrimination context.  Those definitions are not as  
          applicable or appropriate in the context of this bill and could  
          cause confusion, if not potentially have adverse consequences in  
          terms of the application of the bill.  There are also issues  
          with respect to redundant definitions (as is the case with  
          "genetic services" and "genetic tests"), or incomplete  
          definitions (as is the case with "DNA sample" and "genetic  
          characteristics").  Furthermore, the current definition for  
          deidentified data is arguably vague and unclear.  

          Even if the Committee were to approve this bill in current form,  
          the author may wish to consider amending the definitions to more  
          closely mirror the definitions in SB 1267 to otherwise add  
          clarity. 




          6.    Unique issues raised by genetic information 
           
          While existing law is fairly established for medical and health  
          providers with respect to the sharing of medical information,  
          there may be considerations that are unique to genetic  
          information that is not raised by other types of medical  
          information.  

          While all medical information is personal and carries with it a  
          right to privacy, medical information in the context of genome  
          sequencing can present special challenges.  For example, in a  
          recent article calling for a more nuanced approach in protecting  
          genetic privacy, it was commented that a group at Massachusetts  
          Institute of Technology was able to put names to samples of DNA  
          donated to research by cross-referencing information from public  
          databases.  (Misha Angrist, Genetic Privacy Need a More Nuanced  
          Approach, Nature International Weekly Journal of Science (Feb.  
          6, 2013)  
           [as of Apr. 25, 2013].)  While the potential  
          of "re-identification" raises privacy concerns, at the same  
          time, there may be public policy reasons in which the potential  
          gain in medical breakthroughs may warrant some measured risks.  

                                                                      



          SB 222 (Padilla)
          Page 13 of ?



          Thus, even though the concerns with maintaining privacy exist in  
          any other medical information context, the requirements or  
          precautions necessary to protect a person's right to make  
          informed choices and to keep information from the wrong hands  
          may face great challenges in the context of genetic information.  
           

          7.    Opposition to this bill
           
          Stanford (comprised of Stanford University; Stanford Hospital  
          and Clinics and Lucile Packard Children's Hospital University of  
          California), writes in opposition, raising two main points: (1)  
          Information-sharing in the health care and biomedical research  
          industries is highly complex and is already regulated  
          extensively at the federal and state levels.   Stanford notes,  
          among other things, that the State's health information privacy  
          law data base yields over 1,000 California statutory provisions  
          in a search for medical privacy, and many of these laws relate  
          to protecting health information such as family medical history  
          and other health information that this bill seeks to address;  
          and  (2) Stanford is concerned about the bill's over-breadth  
          given both its broad application both in terms of the entities  
          it applies to and its application to all DNA samples and all  
          genetic information.  Stanford argues that creating universal  
          rule subject to listed exceptions is a "dangerous approach" as  
          many other California laws "protect privacy and permit  
          information-sharing based on the Legislature's deliberate  
          balancing of interests" and as it is difficult to identify every  
          person or entity that merits an exception. 

          Stanford offers examples of problems that this bill would raise  
          for their entity, and similar entities.  One such example is  
          where hospitals are currently require to report cancer patient  
          information to the State cancer registry and that information is  
          not fully deidentified.  Stanford writes that "[e]xisting  
          federal and state laws permit and even require such reporting,  
          but this bill would appear to require the State registry to  
          obtain individuals' authorization before the registry collected,  
          stored, or analyzed any genetic information, including family  
          medical history."  This burden of the written authorization,  
          they argue, could fall on them to obtain given that the state's  
          registry does not have a relationship with individual patients.   
          Stanford also believes the current language would require that  
          individuals' would have to sign an authorization before they  
          could collect, analyze or store their own information which they  
          have a long-standing right to access.  Finally, Stanford  
                                                                      



          SB 222 (Padilla)
          Page 14 of ?



          provides an example whereby the Centers for Disease Control and  
          Prevention (CDC) would need patient's written authorization to  
          obtain this medical information pursuant to public health laws.   
          Stanford argues that "[t]hese examples underscore that health  
          information sharing is highly complex.  These existing broad  
          array of California and national laws balance privacy interests  
          with data-sharing for appropriate purposes.  This bill would  
          have serious unintended consequences through its over-breadth  
          and universal approach, with limited listed exceptions." 

          In opposition to this bill, the University of Southern  
          California (USC) argues, that "[w]hile the recent bill language  
          exempts certain entities, the language as drafted proposes to  
          codify a universal approach for all others.  Such an approach  
          could result in the omission of a person and/or entity that  
          deserves an exception (or an unexpected exception that results  
          from future treatment/research advancements) and subject that  
          entity to severe future civil penalties."  USC also concurs on  
          the concerns outlined Stanford's letter, concluding that the  
          current bill language "would create serious consequences for all  
          California research universities, medical facilities, and the  
          biotech industry." 

          USC suggests that if the author's interest is to focus on  
          "addressing the surreptitious testing companies, which provides  
          a number of discreet DNA testing services," they would recommend  
          that the bill language "affirmatively outline who is being  
          regulated and what is being protected.  This would ensure that  
          the Senator's specific goal is met while also avoiding having to  
          identify exceptions omitted in this bill through countless  
          future legislative efforts."  

          The above concerns have also been echoed by the University of  
          California. 


           Support  :  None Known

           Opposition  :  California Hospital Association; Lucile Packard  
          Children's Hospital University of California; Stanford  
          University; Stanford Hospital and Clinics 

                                        HISTORY
           
           Source  :  Author

                                                                      



          SB 222 (Padilla)
          Page 15 of ?



           Related Pending Legislation  :  None Known  Prior Legislation  :

          SB 1267 (Padilla, 2012), See Background.  

          SB 559 (Padilla, Ch. 261, Stats. 2011) prohibited discrimination  
          on the basis of genetic information under the Unruh Civil Rights  
          Act and Fair Employment and Housing Act.  

          SB 482 (Padilla, 2009) was introduced to relate to  
          direct-to-consumer genetic testing.  Under existing law, the  
          Department of Public Health has required direct-to-consumer  
          genetic testing companies to be licensed as clinical  
          laboratories.  SB 482, would have specifically provided that  
          such companies are not clinical labs and therefore not subject  
          to requirements for those laboratories, and would have instead  
          created a separate regulatory scheme.  That bill died in this  
          Committee.

                                   **************