On September 18, 2020, California Governor Gavin Newsom signed AB 2520 into law. Effective January 1, 2021, AB 2520 clarifies that health care providers may honor releases of information that patients sign electronically. Below, we highlight the implications of this important clarification to California law, particularly for digital health providers seeking to create streamlined user experiences.
Federal and California Law Regarding Electronic Signatures
The Federal Electronic Signatures in Global and National Commerce Act (“ESIGN Act”) generally provides that electronic records and signatures have the same validity and effect as wet signatures with regard to transactions in or affecting interstate commerce. The ESIGN Act is understood to permit electronic signatures on patient authorizations for purposes of the Health Information Portability and Accountability Act of 1996 (“HIPAA”).
Many states, including California, have adopted a parallel law, the model Uniform Electronic Transactions Act (“UETA”), which authorizes electronic records and signatures as a matter of state law. California’s version of UETA begins at Civil Code § 1633.1. Although California substantially adopted the UETA, it specifically excepted certain transactions, including patient authorizations to health providers, health plans and personal health record providers for the release patient information under California’s Confidentiality of Medical Information Act (“CMIA”).
Section 56.11 of the CMIA requires that a written authorization to release patient records must be “signed and dated …” Because the California UETA does not apply to Section 56.11, there has long been uncertainty surrounding whether California law required a “wet” or “physical” signature – and precluded use of an electronic signature.
AB 2520 and Implications for California Providers
AB 2520 introduces clarity on this issue by adding Section 123114 to the California Health and Safety Code, which states that “a health care provider may honor a request to disclose a patient record … that contains the written or electronic signature of the patient or the patient’s personal representative.” In effect, this statute supersedes the exception for authorizations in Cal. Civ. Code, Section 1633.3. Therefore, beginning January 1, 2021, entities treated as providers under CMIA may rely upon authorizations to release patients’ medical information that their patients signed electronically, and no longer need to be concerned whether California law requires a “wet” signature.
For further information regarding this development, please contact Andrea Frey, Steve Phillips or Paul Smith in San Francisco, or Amy Joseph or Jeremy Sherer in Boston, or your regular Hooper, Lundy & Bookman contact.
 15 U.S.C. § 7001 et seq.
 See California Civil Code § 56.06. The California Medical Information Act, Cal. Civ. Code §§ 56-56.16, is California’s primary patient privacy law and has many of the requirements and conditions HIPAA.
 California Civil Code § 56.11(c).
 Cal. Civ. Code § 1633.3(c) (providing that California’s Uniform Electronic Transactions Act “does not apply to any specific transaction described in … Section 56.11” of the California Civil Code concerning authorizations).
 Cal. Health & Safety Code § 123114(e)(effective date 1/1/2021).