United States of America: Implemented bill on mental health digital services and mental health application information

On 1 January 2023, Assembly Bill (AB) 2089 on mental health privacy was implemented. The Bill amends the California Confidentiality of Medical Information Act (CMIA) by revising the definition of medical information to include mental health application information. As a result, providers will be prohibited from sharing, selling, or using mental health application information for any purpose not necessary for providing healthcare services to a patient. According to the proposed amendments of the CMIA, mental health application information will be defined as information related to a consumer’s inferred or diagnosed mental health or substance use disorder, as defined in Section 1374.72 of the Health and Safety Code, collected by a mental health digital service. In addition, the Bill will require any entity that provides a digital mental health service, when working with a health care provider, to provide information regarding how to find data breaches reported on the internet website of the Attorney General.