DIVISION 109. Center for Data Insights and Innovation [130200 - 130211]
( Division 109 repealed and added by Stats. 2021, Ch. 696, Sec. 11. )
There is hereby established within the California Health and Human Services Agency the Center for Data Insights and Innovation to ensure the enforcement of state law mandating the confidentiality of medical information. The Center for Data Insights and Innovation shall be administered by a director who shall also serve as the California Health and Human Services Chief Data Officer and shall be appointed by the Secretary of California Health and Human Services.
(Repealed and added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
The Legislature finds and declares all of the following:
(a) The California Health and Human Services Agency manages great amounts of valuable data on all aspects of life for Californians, including, but not limited to, health care delivery, business, social services, child welfare, and public health.
(b) California has long recognized that securing individual privacy rights and confidentiality of personal health and medical records is of paramount importance to establishing public confidence in the provision of state services, and that ensuring transparent accountability, governance, and oversight are critical components to maintaining the public’s trust.
(c) Data is a fundamental asset that can be more fully utilized without compromising patient privacy and data security. Improving and streamlining collection practices, interoperability of data and technology, data infrastructure, data security, and data sharing is critical to the improvement of the lives of Californians and will foster person-centered and not program-centered decisionmaking.
(d) When data practices safeguard individual privacy, interpreting and using data improves public programs and policies and enriches the lives of people in many ways, including, but not limited to, all of the following:
(1) Analytics increase efficiency and help target resources to vulnerable and underserved populations.
(2) Data analytics allow for optimal use of
existing resources and information assets to drive operational decisions and avoid changes that may result in adverse impacts or negative outcomes for vulnerable and underserved populations.
(3) Health and social services outcomes are improved through use of analytics to identify underserved populations, detect gaps in services, and improve and facilitate access to programs and services.
(4) Demographic and services information can be assessed to identify and address disparities, including racial, ethnic, gender, and geographic disparities, in health and socioeconomic status to advance equity and improve person-centered outcomes.
(e) Information sharing among state departments for integrated health and social services has been hindered by a lack of standardized interpretation and application of health privacy laws
throughout the state. State departments often do not share information for integrated health and social services, even when sharing is appropriate, lawful, and permissible to all identifiable individuals. In order to provide efficient and effective health and social services, information should be securely exchanged among state departments in a manner that prioritizes individual privacy and autonomy over access to personal data.
(f) Unmitigated sharing and centralization of personal data relating to individuals presents unique risks to privacy, as that data can be used in concert to produce profiles revealing intimate details of individuals’ personal lives. Any policy related to data sharing, especially among governmental entities, must, therefore, be responsive to potential risks to personal privacy and include safeguards against invasive or excessive sharing of personal information.
(g) Data sharing has the potential to positively affect health and social services outcomes by linking vulnerable populations to services for which they are eligible.
(h) It is the intent of the Legislature to establish the Center for Data Insights and Innovation to do all of the following:
(1) Establish health information sharing guidance that balances the need for patient privacy with the benefits of data sharing to support and encourage integrated care and services to assist California health and social services organizations.
(2) Increase privacy protections by ensuring only required health data is transmitted for purposes and uses consistent with state and federal law.
(3) Administer the State Committee for the Protection of Human
Subjects.
(4) Collect data and publish reports on quality of care and patient experience.
(5) Administer the California Health and Human Services Agency Open Data Portal.
(6) Develop and administer the California Health and Human Services Agency Research Data Hub and other future data initiatives.
(7) Improve and strengthen the security of data processes within the departments of the California Health and Human Services Agency.
(8) Identify and guide tangible and program-specific efforts, from the California Health and Human Services Agency leadership perspective, toward enhanced person-centered services that bridge and connect access to all health and social services programs for which an
individual may be eligible.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
For the purposes of this division, the following definitions apply:
(a) “Bona fide research” has the same meaning as subdivision (f) of Section 820 of Title 11 of the California Code of Regulations.
(b) “Center” means the Center for Data Insights and Innovation.
(c) “Chief Data Officer” means the Director of the Center for Data Insights and Innovation.
(d) “CHHS Open Data Portal” means the California Health and Human Services Agency Open Data Portal.
(e) “Director” means the Director of the Center for Data
Insights and Innovation.
(f) “HIPAA” means the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191).
(g) “Research Data Hub” means the California Health and Human Services Agency Research Data Hub or future iterations and names of that product.
(h) “State entities” means all state departments, agencies, boards, commissions, programs, and other organizational units of the executive branch of state government.
(i) “Qualified researcher” means state entities, clinical investigators, including investigators conducting epidemiologic studies, health care research organizations, and accredited public or private nonprofit educational or health care institutions for bona fide research purposes.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
(a) The center shall assume statewide leadership, coordination, policy formulation, direction, and oversight responsibilities for compliance with state and federal health information privacy laws, including, but not limited to, the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code), the Information Practices Act of 1977 (Chapter 1 (commencing with Section 1798) of Title 1.8 of Part 4 of Division 3 of the Civil Code), the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), and the federal Health Information Technology for Economic and Clinical Health Act (Title XIII of the federal American Recovery and Reinvestment Act of 2009 (Public Law 111-5)), and implementing regulations. The center shall exercise full
authority relative to state entities to establish policy, provide direction to state entities, provide guidance on data sharing, monitor progress, and report on compliance activities.
(b) Beginning January 1, 2022, the center shall complete an independent security assessment as described in Section 11549.3 of the Government Code at least once every three years and, consistent with subdivision (d) of that section, submit any resulting report and recommendations to the Office of Emergency Services.
(c) All state entities subject to HIPAA shall complete an assessment, in a form specified by the center, to determine the impact of HIPAA on their operations. All state entities shall cooperate with the center to determine whether the state entity is subject to HIPAA, including, but not limited to, providing a completed assessment, as prescribed by the center.
(d) All state entities shall cooperate with the efforts of the center to monitor HIPAA and health information privacy compliance activities and to obtain information on these activities. Information obtained about these activities shall not include personal information, as defined in subdivision (a) of Section 1798.3 of the Civil Code.
(e) All state entities affected by HIPAA shall comply with the decisions of the director in achieving compliance with HIPAA and other health information privacy laws, including whether a state entity is subject to HIPAA and other state and federal health information privacy requirements.
(f) (1) The center shall assume statewide leadership, coordination, direction, and oversight responsibilities for determining which provisions of state law concerning health
information are preempted by HIPAA, or are more protective of individually identifiable health information, pursuant to Section 160.203 of Title 45 of the Code of Federal Regulations. State entities impacted by HIPAA shall, at the direction of the center, do both of the following:
(i) Assist in determining which state laws concerning personal medical information are preempted by HIPAA.
(ii) Conform to all determinations made by the center concerning HIPAA preemption issues.
(2) If the center determines that a state law is preempted by HIPAA, the center shall provide the determination and a recommendation for a solution to the Secretary of California Health and Human Services.
(g) State entities are responsible for ensuring compliance with state and
federal health information privacy laws, including, but not limited to, HIPAA. To the extent that funds are appropriated in the annual Budget Act, the center shall do all of the following to assist state entities in complying with health information requirements:
(1) Develop uniform policies on privacy, patient rights, and other matters related to health information requirements that shall be adopted and implemented by all state entities. In developing these policies, the center shall consult with representatives from the private sector, state government, and other public entities, including at least two consumer representatives, at least one of whom shall have expertise in privacy and security of health information.
(2) Specify training and tools, such as protocols for assessment and reporting and any other tools determined by the director, for compliance with health information
requirements.
(3) Develop statewide guidance on health information sharing to support integrated health care and social services, including guidance on state and federal health information privacy laws, regulations, and policies. In developing this guidance, the center shall consult with representatives from the private sector, state government, and other public entities relevant to the provision of health care and social services, including privacy advocates, patient rights representatives, and county administrators of health and human services programs and their association representatives.
(4) Represent the State of California in discussions on health data sharing, data interoperability, HIPAA, and substance use disorder information requirements contained in Part 2 of Title 42 of the Code of Federal Regulations with the federal Department of Health and Human Services. The
center may review and approve all comments related to data sharing, data interoperability, HIPAA, and substance use disorder information requirements contained in Part 2 of Title 42 of the Code of Federal Regulations that state entities propose for submission to the federal Department of Health and Human Services or any other body or organization.
(5) Coordinate and communicate with other affected entities, including, but not limited to, the Department of Technology and State Chief Data Officer.
(6) Monitor the compliance activities of state entities with state and federal health information requirements and require these entities to report on their activities at times specified by the director, using a format prescribed by the director.
(7) Develop standards for the center’s use in determining the extent of
compliance with health information requirements.
(8) Provide technical assistance to state entities on information sharing and compliance with state and federal health information privacy requirements.
(h) (1) (A) Beginning March 1, 2022, and annually thereafter, the center shall provide to the Legislature, and post on its internet website, a written update that outlines its major endeavors, including the challenges encountered, the milestones achieved toward meeting set objectives to achieve a person-centered approach in health and human services, and the data collection and sharing practices employed by the center during the preceding year.
(B) An update to be submitted to the Legislature pursuant to subparagraph (A) shall be submitted in compliance with Section 9795 of
the Government Code.
(2) Upon the issuance of the update pursuant to subparagraph (A), the center shall meet with legislative staff representing the health and human services fiscal and policy areas to report on efforts for health and human services to become more person-centered in service delivery. The center shall provide updates on specific major programs serving or attempting to serve populations that are by definition considered underserved and vulnerable, including populations living in poverty and deep poverty, and who may lack access or face limitations due to age, disability, functional impairment, educational level, adverse childhood experiences, and cultural and linguistic challenges. This meeting shall occur through virtual or in-person meetings.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
(a) (1) The center shall compile annual publications, to be made publicly available on the center’s internet website, including, but not limited to, a quality of care report card that reflects health care service plans, preferred provider organizations, and medical groups.
(2) The Department of Managed Health Care, the State Department of Health Care Services, the Department of Insurance, the Exchange, the State Department of Social Services, the Office of Statewide Health Planning and Development, and any other public health coverage program or state entity shall provide to the center data concerning the quality of care report card in the time, manner, and format requested by the center. The center may also request data
related to the cost of care, quality of care, patient experience, socioeconomic status impact on health, access to care, and access to social services programs.
(3) The center may request data from and contract with academic or nonprofit organizations related to quality of health care and patient experience to develop the quality of care report card.
(b) The center shall produce an annual report to be made publicly available on the center’s internet website by December 31, 2022, and annually thereafter, of health care consumer or patient assistance help centers, call centers, ombudsperson, or other assistance centers operated by the Department of Managed Health Care, the State Department of Health Care Services, the Department of Insurance, and the Exchange, that includes, at a minimum, all of the following:
(1) The types of calls received and the number of calls.
(2) The call center’s role with regard to each type of call, question, complaint, or grievance.
(3) The call center’s protocol for responding to requests for assistance from health care consumers, including any performance standards.
(4) The protocol for referring or transferring calls outside the jurisdiction of the call center.
(5) The call center’s methodology of
tracking calls, complaints, grievances, or inquiries.
(c) (1) The center may collect and analyze data on problems and complaints by, and questions from, consumers about health care coverage for the purpose of providing public information about problems faced and information needed by consumers in obtaining coverage and care. The data collected shall include demographic data, insurer or plan data, appeals, source of coverage, regulator, type of problem or issue or comparable types of problems or issues, and resolution of complaints, including timeliness of resolution. Notwithstanding Section 10231.5 of the Government Code, the center shall submit a report by December 31, 2022, and annually thereafter to the Legislature. The report shall be submitted in compliance with Section 9795 of the Government Code. The format may be modified annually as needed based
upon comments from the Legislature and stakeholders.
(2) The Department of Managed Health Care, the State Department of Health Care Services, the Department of Insurance, the Exchange, and any other public health coverage programs shall provide to the center data concerning call centers to meet the reporting requirements in this section in the time, data elements, manner, and format requested by the center.
(3) For the purpose of publicly reporting information as required in paragraph (1) and this paragraph about the problems faced by consumers in obtaining care and coverage, the center shall analyze data on consumer complaints, appeals, and grievances resolved by the agencies listed in subdivision (b), including demographic data, source of coverage, insurer or plan, resolution of complaints, and other information
intended to improve health care and coverage for consumers.
(d) To the extent that funds are appropriated in the annual Budget Act for this purpose, the center shall do all of the following to assist state entities that provide public health coverage programs or oversight of health insurance or health care service plans:
(1) After evaluation of data from the Department of Insurance and the Department of Managed Health Care, coordinate with public health coverage programs and state oversight departments of public and commercial health coverage programs to provide assistance related to addressing the quality of care and patient experience of public and commercial health coverage programs that have been determined to be deficient in the annual quality of care report card.
(2) Create and provide tools and education to consumers of health insurance and public health coverage programs to better enable them to access and utilize the quality of care report card and the health care services to which they are eligible.
(3) Develop tools and education related to improvement of consumer access to care, quality of care, and addressing the disparities in quality of care related to socioeconomic status.
(4) Develop and implement consumer surveys of the patient experience, quality of care, and any other topic consistent with this section.
(5) Develop standards for departments within the California Health and Human Services Agency related to public reports published by the departments to ensure consumer readability and understanding across
programs.
(e) If the departmental letters or other similar instruction are only issued to other state entities, the center may implement, interpret, or make specific this section by means of a departmental letter or other similar instruction, as necessary, notwithstanding Chapter 3.5 (commencing with Section 11340) of Part 1 of Division 3 of Title 2 of the Government Code.
(f) For purposes of this section, the following definitions apply:
(1) “Data” means information that is not individually identifiable health information, as defined in Section 160.103 of Title 45 of the Code of Federal Regulations.
(2) “Exchange” means the California Health Benefit Exchange established pursuant to Title 22 (commencing with Section 100500) of the Government Code.
(3) “Health care” includes services provided by any health care coverage program.
(4) “Health care service plan” has the same meaning as that set forth in subdivision (f) of Section 1345. Health care service plan includes “specialized health care service plans,” including behavioral health plans.
(5) “Health coverage program” includes the Medi-Cal program, tax subsidies and premium credits under the Exchange, the Basic Health Program, if enacted, and county health care programs.
(6) “Health insurance” has the same meaning as set forth in Section 106 of the Insurance Code.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
(a) The center shall administer the State Committee for the Protection of Human Subjects, which is California’s institutional review board. Before state information assets subject to the Information Practices Act (Chapter 1 (commencing with Section 1798) of Title 1.8 of Part 4 of Division 3 of the Civil Code) are disclosed for research, the request for data shall be approved by the State Committee for the Protection of Human Subjects in compliance with the process in Section 1798.24 of the Civil Code. In its duties, the State Committee for the Protection of Human Subjects board shall be fully independent in its review of requests for state data, institutional review board activities, and its activities under Section 1798.24 of the Civil Code.
(b) Upon appropriation by the Legislature, the center shall administer the CHHS Open Data Portal, develop and administer the Research Data Hub, and may develop and administer other significant data initiatives for California Health and Human Services Agency and its departments.
(c) The center shall use data to improve processes and provide strategic planning and services to the departments within the California Health and Human Services Agency, consistent with intent identified in subdivision (h) Section 130201.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
(a) The Legislature finds and declares that the center performs public health activities described in Section 164.512(b) of Title 45 of the Code of Federal Regulations when carrying out activities pursuant to this division. Personal information collected in accordance with this division is necessary to carry out projects with public health purposes.
(b) All personal information obtained or maintained by the center shall be confidential and shall be subject to the following requirements:
(1) Only deidentified and aggregated information shall be included in a publicly available analysis, data product, or research.
(2) All policies and procedures developed in implementing this division shall ensure that the privacy, security, and confidentiality of consumers’ personal information is protected, as required by the Information Practices Act of 1977, and consistent with state and federal health privacy laws, including the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Public Law 104-191) and the Confidentiality of Medical Information Act (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code), and data shall not be disclosed until the center has developed a policy regarding the release of data.
(c) Unless otherwise specified in this division, personal information collected by the center from other states entities shall be exempt from the disclosure
requirements of the California Public Records Act (Division 10 (commencing with Section 7920.000) of Title 1 of the Government Code), and shall not be made available except pursuant to this division.
(d) Any information collected or obtained shall not be used for determinations regarding individual patient care or treatment and shall not be used for any individual eligibility or coverage decisions or similar purposes.
(Amended by Stats. 2022, Ch. 28, Sec. 114. (SB 1380) Effective January 1, 2023.)
(a) The center shall meet the following requirements with regard to the disclosure of information to qualified researchers:
(1) The center shall develop a comprehensive program for the use, access, and disclosure of personal information that includes data use agreements that require data users to comply with this division. The purpose of the program is to ensure that only aggregated, deidentified information is publicly accessible. The program shall be designed to recognize a consumer’s right of privacy and shall include at least the privacy protection standards specified in Section 103206.2.
(2) Access to personal information shall be governed by the use, access, and
disclosure program to be developed by the center pursuant to paragraph (1).
(3) The center shall establish a secure research environment for access to personal information. The environment shall include access controls sufficient to ensure that users access only the personal information specified in an approved request and that personal information is protected from unapproved use.
(4) The center shall maintain information about requests and the disposition of requests, and shall develop processes for the timely consideration and release of personal information.
(b) To meet the research and policy goals of the center, it is necessary that access to personal information by qualified researchers is controlled.
(c) Unless otherwise expressly permitted by
federal or state law, the center shall not disclose personal information to anyone other than a qualified researcher, or a public health authority as defined in Section 164.501 of Title 45 of the Code of Federal Regulations.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
(a) (1) In granting access to qualified researchers or a public health authority pursuant to subdivision (c) of Section 103206.1, the center shall only grant access to the minimum amount of personal information necessary for an approved project or access to a dataset designed for an approved purpose.
(2) Each person who accesses or obtains personal information on behalf of a qualified researcher or public health authority shall sign a data use agreement.
(3) The data use agreement shall prohibit the recipient from further disclosure of the personal information received that is not otherwise expressly permitted by federal or state law.
(4) Violation of a data use agreement entered into pursuant to paragraph (2) shall be considered a violation of Section 1798.56 of the Civil Code and, if applicable, Section 1798.57 of the Civil Code.
(b) Access to personal information by qualified researchers shall be permissible only if the following requirements are met:
(1) If the personal information does not include any of the direct personal identifiers listed in Section 164.514(e) of Title 45 of the Code of Federal Regulations, access may be provided to qualified researchers for research and analysis purposes consistent with intent identified in subdivision (h) of Section 130201.
(2) If the personal information includes any of the direct personal identifiers listed in Section 164.514(e) of Title 45
of the Code of Federal Regulations, access may be provided only to qualified researchers for research projects that offer significant opportunities to achieve the center’s intent identified in subdivision (h) of Section 130201 and shall meet all of the following criteria:
(A) The project has been approved by the Committee for the Protection of Human Subjects pursuant to subdivision (t) of Section 1798.24 of the Civil Code.
(B) The requester has documented expertise with privacy protection and with the analysis of large sets of confidential information.
(C) The research shall be made available to the center.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
(a) Effective July 1, 2021, the Center for Data Insights and Innovation Fund is hereby created in the State Treasury, and, upon appropriation by the Legislature, moneys in the fund shall be made available for the purpose of this division. Any moneys in the fund that are unexpended or unencumbered at the end of the fiscal year may be carried forward to the next succeeding fiscal year.
(b) The Center for Data Insights and Innovation Fund is the successor fund to the Office of Health Information Integrity Trust Fund. All the assets and liabilities of the Office of Health Information Integrity Trust Fund shall become assets and liabilities of the Center for Data Insights and Innovation Fund upon establishment of the Center for Data Insights and
Innovation Fund.
(c) Notwithstanding Section 16305.7 of the Government Code, all interest earned on moneys that have been deposited in the fund shall be retained in the fund and used for purposes consistent with this division.
(d) The fund shall be administered by the director and moneys in the fund shall be used to pay all costs arising from the implementation of this division and rendering services to state entities as required by this division, including, but not limited to, employment and compensation of necessary personnel and expenses, such as operating and other expenses of the center and costs associated with technical assistance, and to establish reserves. At the discretion of the director, segregated, dedicated accounts within the fund may be established.
(e) The fund shall consist of all of the
following:
(1) Moneys appropriated and made available by the Legislature for the purposes of this division.
(2) All revenues received from the services provided for in this division.
(3) Any other moneys that may be made available to the center from any other source, including, but not limited to, the return from investments of moneys by the Treasurer and funds received pursuant to subdivision (g).
(f) The center may collect fee-for-service payments from a nonstate entity for services provided to the nonstate entity by the State Committee for the Protection of Human Subjects.
(g) The center may also solicit funding in any of the following ways:
(1) The center may apply to the United States Secretary of Health and Human Services for federal grants.
(2) To the extent permitted by federal law, the center may seek federal financial participation for assisting beneficiaries of the Medi-Cal program.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
(a) The Office of Patient Advocate Trust Fund shall be renamed to the Health Plan Improvement Trust Fund.
(b) The moneys in the Health Plan Improvement Trust Fund shall, upon appropriation by the Legislature, be made available for the purposes in Section 130204.
(c) All moneys in the Health Plan Improvement Trust Fund created pursuant to former Section 130208, as added by Section 11 of Chapter 696 of the Statutes of 2021, shall be transferred to the renamed Health Plan Improvement Trust Fund, identified as Fund 3209 in the Department of Finance’s Uniform Codes Manual.
(d) Notwithstanding Section 16305.7 of the
Government Code, all interest earned on moneys that have been deposited in the Health Plan Improvement Trust Fund shall be retained in the fund and used for purposes consistent with Section 130204.
(Repealed and added by Stats. 2022, Ch. 50, Sec. 9. (SB 187) Effective June 30, 2022.)
(a) Moneys transferred from the Managed Care Fund and the Insurance Fund for use by the center shall be deposited into the Health Plan Improvement Trust Fund.
(b) The share of funding from the Managed Care Fund shall be based on the number of covered lives in the state that are covered under plans regulated by the Department of Managed Health Care, including covered lives under Medi-Cal managed care, as determined by the Department of Managed Health Care, in proportion to the total number of all covered lives in the state.
(c) The share of funding to be provided from the Insurance Fund shall be based on the number of covered lives in the state that are covered under health
insurance policies and benefit plans regulated by the Department of Insurance, including covered lives under Medicare supplement plans, as determined by the Department of Insurance, in proportion to the total number of all covered lives in the state.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
The director may adopt regulations to implement this division and the changes made to subdivision (t) of Section 1798.24 of the Civil Code by the act that added this section. Before adopting regulations, the center shall adopt the following standards:
(a) At least 45 days prior to adoption, the center shall post a proposed regulation on its internet website. Public comment shall be accepted by the center for at least 30 days after the proposed regulation is posted. If a member of the public requests a public hearing during the 30-day review period, the hearing shall be held prior to adoption of the regulation. The process described in this subdivision shall apply to the adoption of new regulations and to changes to existing regulations until June 30, 2024.
(b) Adoption of, and changes to, regulations adopted pursuant to this division shall not be subject to the rulemaking requirements of Section 11343.4 of, and Article 5 (commencing with Section 11346) and Article 6 (commencing with Section 11349) of Chapter 3.5, of Part 1 of Division 3 of Title 2 of the Government Code until June 30, 2024.
(c) The director shall file any regulation adopted pursuant to this division with the Office of Administrative Law for filing with the Secretary of State and publication in the California Code of Regulations. Any regulation filed with the Office of Administrative Law pursuant to this subdivision shall include a citation to this section and any other applicable state or federal laws as providing authority for the adoption of the regulation.
(1) Any regulation adopted pursuant to this
division shall become effective on the date it is filed with the Secretary of State unless the director prescribes a later date in the regulation or in a written instrument filed with the regulation.
(2) Any regulation adopted pursuant to this division shall expire the date that this division is repealed.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)
The center may contract for the provision of services required to implement this division. The center shall adopt standards for the organizations with which it contracts pursuant to this section to ensure compliance with the privacy and confidentiality laws of this state, conduct privacy trainings as necessary, and regularly verify that the organizations have measures in place to ensure compliance with the adopted standards. The Legislature finds that these contracts are for a new state function and authorizes the performance of this work by independent contractors, pursuant to paragraph (2) of subdivision (b) of Section 19130 of the Government Code.
(Added by Stats. 2021, Ch. 696, Sec. 11. (AB 172) Effective October 8, 2021.)