11546.10.
(a) For purposes of this section, the following definitions shall apply:(1) “Verifiable health credential” means a portable electronic patient record issued by an authorized health care provider to a patient or patient’s personal representative, as defined in Section 123105 of the Health and Safety Code, for which the authenticity of the record can be independently verified cryptographically.
(2) “Authorized health care provider”
means the holder of a physician’s or surgeon’s certificate, a nurse practitioner, a physician’s assistant or any other licensed healthcare provider who is engaged in the professional practice authorized by that certificate under the jurisdiction of a board within the Department of Consumer Affairs and whose current license and name has been included in a verifiable issuer registry of health care providers authorized to issue verifiable health credentials.
(3) “Verifiable issuer registry” means a repository of current licenses representing authorized health care providers maintained by their respective licensing agencies, against which verifiable health
credentials may be checked to confirm their authenticity by verifying the identity and authorization status of the issuer of the credential.
(4) “Law enforcement agency” shall not include a federal law enforcement agency.
(b) On or before July 1, 2021, the Government Operations Agency shall appoint a working group to explore methods of using verifiable health credentials for communication of COVID-19 test results or other medical test results in this state. The purpose of the working group shall be to develop methods, using a verifiable credential model, to provide secure, private, and portable access to COVID-19 test results and other medical test results, as well as to develop best practices for the implementation of this technology in a manner that prioritizes
privacy of personal information and equitable access.
(c) The working group shall consist of representatives from the public and private sectors, including state health-related agencies, health care providers, privacy and civil liberties groups, independent nonprofit or not-for-profit information technology groups with specific expertise in the development and use of verifiable credentials, and a business based in California that offers services centered on the provision and authentication of verifiable credentials.
(d) (1) On or before July 1, 2022, the working group shall report to the Legislature on the methods and best practices developed pursuant to subdivision (b).
(2) The working
group’s report shall include recommendations subject to enactment by the Legislature.
(3) A report submitted pursuant to this subdivision shall be submitted in compliance with Section 9795 of the Government Code.
(e) (1) The Department of Consumer Affairs shall maintain sole jurisdiction over the authorization of health care providers for the issuing of verifiable health credentials
and shall, in consultation with the working group, establish procedures for the authorization of issuers for verifiable health credentials, including developing and maintaining a verifiable issuer registry.
(2) The Department of Consumer Affairs may utilize blockchain technology for the purposes of the verifiable issuer registry pursuant to paragraph (1).
(f) A law enforcement agency shall not require a patient to show a verifiable health credential.
(g) This section shall not be construed to alter the scope of practice of a health care provider or authorize the delivery of health care services in a setting, or in a
manner, not otherwise authorized by law.
(h) All laws regarding the confidentiality of health care information and a patient’s rights to the patient’s medical information shall apply to verifiable health credentials.
(i) All relevant laws and regulations governing professional responsibility, unprofessional conduct, and standards of practice that apply to a health care provider under the health care provider’s license shall apply to the issuing of verifiable health credentials by an authorized health care provider.