What You Need to Know About California’s Healthcare Bill (AB 133)

California has rolled out a new law -- AB 133 -- that mandates the creation of the nation's first statewide bidirectional data exchange framework. Here's what you need to know.

Healthcare data “interoperability” is not just a buzzword -- it’s critical to ensuring that patients get the care they need most when they need it. 

The Dobbs decision and recent cases involving the unauthorized sharing of patient data by companies like Better Health and GoodRx have revealed a serious void at the federal level with respect to the protection of health data. As a result, states have rushed in to fill the gaps, proposing hundreds of new bills aimed at strengthening patient data privacy, including the Virginia Consumer Data Protection Act,  the Colorado Privacy Act, the Connecticut Personal Data Privacy and Online Monitoring Act, and Utah’s Consumer Privacy Act.

California has gone in a different direction, rolling out a new law – AB 133 -- that mandates creating the nation’s first statewide bidirectional data exchange framework, the California Health and Human Services Data Exchange Framework. Led by a stakeholder advisory group, the initiative is focused on developing a common set of policies and procedures and putting in place a single data-sharing agreement that will govern the exchange of real-time health information among healthcare entities and government agencies in California. While the focus of the law is on making healthcare data more accessible for key stakeholders, it also addresses privacy and patients’ rights to control their own data.

Beginning in 2024, all of the state’s health plans, hospitals, physician organizations, and clinical laboratories will be required to participate in this new data exchange — a major step toward improving care coordination, while finally giving patients access to real-time treatment, payment, and healthcare operations information. While the new data exchange shares similarity with TEFCA, it is important to note that it remains separate and distinct from that federal framework, and participants in both frameworks must comply with both data-sharing rules.   

Among the provisions of AB 133 worth noting: 

  • Patients will have the right to access their healthcare data and to request that it be corrected or deleted.
  • Patients will have the right to opt out of having their data shared with third parties.
  • Healthcare organizations will be required to take steps to protect patient data from unauthorized access or disclosure.

It's still early days for this law, and there is much work to be done before California begins to truly see the benefits of the bill, but the effort is promising. The data exchange ruling does not go into full effect until January 31, 2024, in order to give providers time to develop the necessary technical and compliance infrastructure. However, as major proponents of data sharing and interoperability, we applaud California’s efforts to make it easier for patients and providers to securely exchange and access the data they need in furtherance of improving healthcare, and share their vision for a future where patients are guaranteed that they can simply and safely control their own data.