Health care: legally protected health care activity.

With Assembly Member Ward guiding the measure, the proposal ties health‑care confidentiality to a broader set of public‑facing workers by extending address‑confidentiality protections to gender‑affirming health care providers, employees, volunteers, and patients who face threats or harassment, and by expanding prohibitions on publicly posting personal information online related to these individuals.

The core change centers on an expanded address‑confidentiality program. Definitions are broadened to cover “designated health care services” as including gender‑affirming and reproductive health care, and “designated health care services provider, employee, volunteer, or patient” to encompass those working with gender‑affirming facilities. The application process is made more detailed, requiring in‑person enrollment at a designated program, documentation of employment or volunteering at a designated facility, and specific attestations or orders (e.g., threat reports, restraining orders). The Secretary of State is designated as the agent for service of process, with timelines for forwarding notices to participants and a formal recordkeeping requirement. A new funding mechanism is created—the Address Confidentiality for Reproductive Health Care Services Fund in the General Fund—to support administration, with enrollment and renewal governed by formal fees and procedures. Certification terms are four years for most participants, with volunteers at facilities certified until six months after last service, and renewal procedures to be established by regulation.

Civil and criminal protections are broadened to shield designated health care participants from doxxing and targeted threats. Section 4 extends the prohibition on publicly posting or distributing personal information or images to cover gender‑affirming health care subjects and their home addresses, and it creates injunctive/declaratory relief and damages (up to three times actual damages, with a floor of $4,000) for violations, including a separate prohibition on soliciting, selling, or trading such information. An interactive computer service provider is shielded unless there is intentional involvement in causing harm, and the section preserves other penalties under existing law. The bill also deepens health‑data governance around controlled substances through the PDMP (CURES) framework, requiring reporting of a broad set of prescription information and establishing privacy safeguards, de‑identification for research uses, and conditions for interstate data sharing through agreements. A temporary exemption blocks reporting of testosterone or mifepristone until 2027, with a required purge of pre‑2026 records by 2027, and the PDMP framework includes penalties for unauthorized access or disclosure.

The legislation tightens enforcement and cross‑state cooperation around legally protected health care activity. It prohibits state and local agencies from arresting or cooperating with out‑of‑state actions seeking penalties for legally protected health care activity performed in California, and restricts out‑of‑state subpoenas unless accompanied by appropriate affidavits. It also creates civil penalties for false affidavits and imposes related procedural safeguards for cross‑state investigations. Bail provisions are amended to set zero bail in certain cross‑state proceedings involving legally protected health care activity in this state, and the rules around subpoenas and investigations are codified to align with the broader confidentiality framework. Finally, the bill contains sequencing provisions tying some amendments to SB 497, creating conditional operative timing dependent on enactment and ordering of the two measures.

Implementation and fiscal considerations are shaped by a governance structure that assigns administration to the Secretary of State and relies on new funds and fees to support the program, with no explicit statewide appropriation embedded in the measure but potential local costs treated as mandated under existing rules. The PDMP/CURES changes require final regulations, inter‑state data‑sharing agreements, and ongoing reporting about funding sources. The measure also contemplates local fiscal impacts as a state‑mandated local program and reserves reimbursement pathways if mandated costs are determined to exist. In sum, the proposal substantially broadens confidentiality and anti‑harassment protections for reproductive and gender‑affirming health care contexts, couples them with a data‑privacy framework for health information, and introduces procedural, fiscal, and regulatory scaffolding to implement these changes across state and local levels.