State Codes and Statutes
Statutes > California > Civ > 56.26-56.265CIVIL CODE
SECTION 56.26-56.265
56.26. (a) No person or entity engaged in the business of furnishing administrative services to programs that provide payment for health care services shall knowingly use, disclose, or permit its employees or agents to use or disclose medical information possessed in connection with performing administrative functions for a program, except as reasonably necessary in connection with the administration or maintenance of the program, or as required by law, or with an authorization. (b) An authorization required by this section shall be in the same form as described in Section 56.21, except that "third party administrator" shall be substituted for "employer" wherever it appears in Section 56.21. (c) This section shall not apply to any person or entity that is subject to the Insurance Information Privacy Act or to Chapter 2 (commencing with Section 56.10) or Chapter 3 (commencing with Section 56.20). 56.265. A person or entity that underwrites or sells annuity contracts or contracts insuring, guaranteeing, or indemnifying against loss, harm, damage, illness, disability, or death, and any affiliate of that person or entity, shall not disclose individually identifiable information concerning the health of, or the medical or genetic history of, a customer, to any affiliated or nonaffiliated depository institution, or to any other affiliated or nonaffiliated third party for use with regard to the granting of credit.