General acute care hospitals: patient directories.
- Requires hospitals to obtain patient consent before including their information in facility directories by July 2026.
- Mandates hospitals to provide privacy notices in both written and verbal formats during admission.
- Requires hospitals to translate privacy information into the top five non-English languages in their service area.
- Establishes criminal penalties for hospitals that fail to comply with the new privacy requirements.
Assembly Member Carrillo's patient privacy legislation requires general acute care hospitals to implement new protocols for managing protected health information in patient directories, establishing explicit notification and consent requirements that take effect July 1, 2026. The measure mandates that hospitals inform patients about their right to restrict directory information both verbally and through a separate written acknowledgment form containing a checkbox for patients to indicate their preferences.
The bill requires hospitals to provide these privacy notifications in the five most common non-English languages within their service areas, expanding access for diverse patient populations. Under existing federal HIPAA regulations, hospitals may maintain directories containing basic patient information and disclose it to individuals who request it by name, while California's Confidentiality of Medical Information Act permits release of limited details unless patients specifically request otherwise. The new requirements add procedural safeguards around these disclosures.
Hospitals must incorporate these notification protocols into their admission processes, with accommodations for emergency situations or patient incapacity. The measure classifies violations as criminal offenses subject to enforcement by the State Department of Public Health, which currently oversees hospital licensing and regulation. While the bill creates a state-mandated local program through these penalties, it specifies that local agencies will not require reimbursement since any costs stem from changes to criminal provisions.
 Anna CaballeroD Senator | Committee Member |  Not Contacted | |
 Tim GraysonD Senator | Committee Member | Not Contacted | |
 Megan DahleR Senator | Committee Member | Not Contacted | |
 Kelly SeyartoR Senator | Committee Member | Not Contacted | |
 Juan AlanisR Assemblymember | Bill Author | Not Contacted |
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 13 | 0 | 0 | 13 | PASS |
- Requires hospitals to obtain patient consent before including their information in facility directories by July 2026.
- Mandates hospitals to provide privacy notices in both written and verbal formats during admission.
- Requires hospitals to translate privacy information into the top five non-English languages in their service area.
- Establishes criminal penalties for hospitals that fail to comply with the new privacy requirements.
Email the authors or create an email template to send to all relevant legislators.
Introduced By
Assembly Member Carrillo's patient privacy legislation requires general acute care hospitals to implement new protocols for managing protected health information in patient directories, establishing explicit notification and consent requirements that take effect July 1, 2026. The measure mandates that hospitals inform patients about their right to restrict directory information both verbally and through a separate written acknowledgment form containing a checkbox for patients to indicate their preferences.
The bill requires hospitals to provide these privacy notifications in the five most common non-English languages within their service areas, expanding access for diverse patient populations. Under existing federal HIPAA regulations, hospitals may maintain directories containing basic patient information and disclose it to individuals who request it by name, while California's Confidentiality of Medical Information Act permits release of limited details unless patients specifically request otherwise. The new requirements add procedural safeguards around these disclosures.
Hospitals must incorporate these notification protocols into their admission processes, with accommodations for emergency situations or patient incapacity. The measure classifies violations as criminal offenses subject to enforcement by the State Department of Public Health, which currently oversees hospital licensing and regulation. While the bill creates a state-mandated local program through these penalties, it specifies that local agencies will not require reimbursement since any costs stem from changes to criminal provisions.
Latest Voting History
| Ayes | Noes | NVR | Total | Result |
|---|---|---|---|---|
| 13 | 0 | 0 | 13 | PASS |
Anna CaballeroD Senator | Committee Member | Not Contacted | |
Tim GraysonD Senator | Committee Member | Not Contacted | |
Megan DahleR Senator | Committee Member | Not Contacted | |
Kelly SeyartoR Senator | Committee Member | Not Contacted | |
Juan AlanisR Assemblymember | Bill Author | Not Contacted |