Skip to main content

California Legislative Update: Reproductive and Gender Affirming Care Rights and Protections

Governor Gavin Newsom recently signed multiple bills into law as part of California’s ongoing efforts to safeguard access to reproductive and gender affirming health care. The new laws are intended to increase protections for health care providers and patients, increase health care provider availability, and improve patient privacy. In a recent press release, California Legislative Women’s Caucus Vice Chair Assemblymember Cecilia Aguiar-Curry noted: “Last year, we enacted 14 bills and budget funding to expand and protect reproductive rights and services in our state. This year, we build on that momentum with legislation that ensures California remains a national leader in the fight for reproductive justice.”

Provider and Patient Protections

SB 345: Shields Health Care Providers and Individuals from Other States’ Criminal Laws

According to the bill’s author, enacting SB 345 was necessary to ensure that California health care practitioners are able to provide reproductive and gender affirming health care services that are legal in California (RGA Services) to all of their patients, regardless of their patient’s location, with the knowledge that California is doing everything the state can to protect practitioners from the laws of other states. The new law will go into effect January 1, 2024.

Among other things, SB 345 states that the right to RGA Services is secured by the Constitution and laws of California and interference with those rights is against public policy. The legislation also specifies that California law governs in any action in the state involving any person who provides or receives RGA Services or aids, or abets in such conduct using any means (including telehealth). Accordingly, multiple changes were made to California law, including the Code of Civil Procedure and the Penal Code. 

Under the new law, government employees may not act on behalf of other states’ government employees in furtherance of investigating a health care activity that would be lawful if performed in California. Further, state courts, judicial officers, court employees, and authorized attorneys may not issue subpoenas pursuant to any other state’s law unless it includes an affidavit or declaration under penalty of perjury that such subpoena is not in connection with an out-of-state proceeding relating to the provision of RGA Services (Out of State Affidavit). Additionally, magistrates may not issue arrest warrants in connection with the performance of RGA Services, regardless of the recipient’s location. The new law also prohibits bounty hunters and bail agents from apprehending people located in California who face prosecution or imprisonment by another state that criminalizes RGA Services in connection with the provision of such services.

Changes in the law relevant to the use and disclosure of health information were also made in an effort to protect individuals providing and receiving RGA Services. Entities that are not directly involved in health care (e.g., entities other than health care providers, health care service plans, and their contractors) may collect, use, disclose, and retain personal geolocation information relating to family planning centers only if necessary to provide goods and services requested by the individual, and selling and sharing of such information is prohibited.

Generally, out of state subpoenas, warrants, requests from law enforcement, and other legal process must be accompanied by an Out of State Affidavit unless the proceeding:

  • is based in tort, contract, or on statute;
  • is actionable, in an equivalent or similar manner, under California laws; and
  • was brought by the patient who received a legally protected health care activity or the patient’s legal representative.

Further, California corporations providing electronic communication services or remote computing services to the general public may not comply with an out of state subpoena, warrant, request from law enforcement, or other legal process requesting information that would reveal the identity of customers using RGA Services, data stored by, or on behalf of, the customers, the customers’ usage of those services, the recipient or destination of communications sent to or from those customers, or the content of those communications, unless accompanied by an Out of State Affidavit. 

AB 1707: Shields Health Professionals against Disciplinary Action

Existing law in California allows healing arts licensing boards to take negative action against a licensee due to disciplinary action or criminal offenses that occurred in another state, which could include actions/convictions based solely on performing an abortion in that state.

Effective January 1, 2024, California healing arts boards (e.g., nursing, physician assistant, osteopathic, medical) and health care facility licensing agencies may not take negative action against an applicant or licensee on the basis of a judgment, conviction, or disciplinary action in another state if such action is based solely on the application of another state’s law which interferes with a person’s right to receive “sensitive services” permitted by California law  including mental or behavioral health, sexual and reproductive health, sexually transmitted infections, substance use disorder, gender affirming care, and intimate partner violence (Sensitive Service Discipline). 

Additionally, certain licensed health care facilities, including hospitals, may not take negative action against medical staff applicants and members based solely on Sensitive Service Discipline.

SB 487: Provides Additional Safeguards for Participating Health Care Providers

Effective January 1, 2024, health care service plans and health insurers are prohibited from contractually penalizing or otherwise discriminating against a licensed health care provider solely on the basis of a civil judgment, criminal conviction, or another professional disciplinary action in another state (Action) if the Action is solely based on the application of another state’s law that interferes with a person’s right to receive health care that would be lawful if provided in California.

Additionally, the new law authorizes the California Department of Health Care Services (subject to federal approvals and the availability of federal financial participation under Medi-Cal), to elect to not suspend an individual or entity as a provider in the Medi-Cal program if the revocation, suspension, or loss of the individual or entity’s license, certification, or approval authority in another state or the pending disciplinary hearing during which the individual or entity surrendered the license, certification, or approval authority in another state is based solely on conduct that is not deemed to be unprofessional conduct under California law.

Further, the Department of Health Care Services’ Director (subject to obtaining necessary federal approvals and the availability of federal financial participation under Medi-Cal) is authorized to request a waiver under federal law of a provider’s suspension Medicare or Medicaid program participation if it was based solely on conduct that is not deemed to be unprofessional conduct under California law

AB 571: Prohibits Insurers from Discriminating Against Reproductive and Gender Affirming Care Providers

Effective January 1, 2024, insurers are prohibited from taking negative action (e.g., refusing to issue or renew and terminating) professional liability insurance for health care providers and from imposing a surcharge or increasing the premium or deductible solely based on any prohibited bases for discrimination, including a health care provider offering or performing RGA Services.

“Prohibited bases for discrimination” include:

  • a health care provider offers or performs RGA Services;
  • another state’s laws create potential or actual liability for RGA Services; and
  • legal or administrative action taken in another state against a health care provider concerning RGA Services, results or resulted in a judgment, conviction, or disciplinary action against the provider, if those health care services, as provided, are or would be lawful and consistent with the applicable standard of care in California.

The new law also prohibits an insurer from denying coverage for liability for damages arising from offering or performing RGA Services, if those services are within the scope of the insured’s license, the services are lawful in the state where they are offered or performed, and the policy would otherwise cover liability for damages arising from performing or rendering other professional services within the insured’s scope of license.

Increasing Workforce

SB 385: Increases Physician Assistant Availability to Provide Reproductive Health Care

SB 385 is intended to increase the number of physician assistants available to provide abortion services. Effective January 1, 2024, the new law increases the available options for physician assistant training and validation of clinical competency of performing abortion by aspiration, including training and evaluation at clinics and hospitals by personnel who are experienced in performing the procedures. Also, the new law authorizes physician assistants to perform abortions by aspiration consistent with their education and training pursuant to their practice agreement without specific protocols and the personal presence of a supervising physician, unless otherwise specified by their practice agreement. 

Privacy Protections

AB 254: Protects Reproductive and Sexual Health Data in Personal Health Applications

Effective January 1, 2024, the definition of “medical information” under the Confidentiality of Medical Information Act (CMIA) is revised to include “reproductive or sexual health application information,” defined as information about a consumer’s reproductive health, menstrual cycle, fertility, pregnancy, pregnancy outcome, plans to conceive, or type of sexual activity collected by a reproductive or sexual health digital service, including, but not limited to, information from which one can infer someone’s pregnancy status, menstrual cycle, fertility, hormone levels, birth control use, sexual activity, or gender identity.

Additionally, businesses that offer a reproductive or sexual health digital service to a consumer for the purpose of allowing the individual to manage the individual’s information, or for the diagnosis, treatment, or management of a medical condition of the individual, will be considered a provider of health care subject to the CMIA and thus will be subject to the law’s limitations on the uses and disclosures of medical information.

AB 352: Enhances Privacy Protections for Certain Sensitive Services Information

AB 352 requires any business organized for the purpose of maintaining medical information on behalf other entities subject to the CMIA, that electronically maintains or stores medical information relating to Sensitive Service Discipline in an electronic health record system or electronic medical record system to develop capabilities, policies, and procedures, by no later than July 1, 2024, that:

  • limit user access privileges to information systems containing medical information related to gender affirming care, abortion and abortion-related services, and contraception (Specified Services) only to those persons who are authorized to access specified medical information;
  • prevent the disclosure, access, transfer, transmission, or processing of medical information related to Specified Services to persons and entities outside of California in accordance with the law;
  • segregate medical information related to Specified Services from the rest of the patient’s record; and
  • provide the ability to automatically disable access to segregated medical information related to Specified Services by individuals and entities in another state.

Effective January 1, 2024, health care providers, health plans, independent practice associations, pharmacy benefit managers, medical service organizations, and employers must obtain an individual’s specific prior authorization meeting CMIA requirements before cooperating with any inquiry or investigation by or providing medical information to any individual, agency, or department from another state, or to a federal law enforcement agency, that would identify an individual that is related to an individual obtaining and abortion or abortion related services that are lawful under the laws of California. 

Additionally, health care providers, health plans, independent practice associations, pharmacy benefit managers, medical service organizations, pharmaceutical companies, and employers must obtain a specific CMIA-compliant authorization from an individual before sharing or otherwise granting access to medical information in an electronic health records system or through a health information exchange that would identify an individual and that is related to an individual seeking, obtaining, providing, supporting, or aiding in the performance of an abortion that is lawful in California to any individual or entity from another state, unless the disclosure is necessary:

  • to determine responsibility for payment and not further disclosed in a manner not permitted by the CMIA;
  • for the purpose of accreditation, in reviewing the competence or qualifications of health care professionals, or in reviewing health care services with respect to medical necessity, level of care, quality of care, or justification of charges; or
  • for the purpose of bona fide research, as part of Institutional Review Boards considering the potential harm to the patient and the patient’s privacy when the research uses data that contains information related to abortion or abortion-related services and the research is performed out of state.

Specified entities, including general acute care hospitals and skilled nursing facilities, will be required to share certain data in real time using the California Health and Human Services Data Exchange Framework by no later than January 31, 2024. However, health information related to abortion and abortion-related services are excluded from the requirement to automatically share information through the exchange. 

Subscribe To Viewpoints


Lara Compton

Kathryn F. Edgerton is a Member at Mintz and a Certified Information Privacy Professional (CIPP-US) who advises hospitals and other health-related organizations on a broad range of transactional, regulatory, and strategic issues. Her clients include physician organizations, long-term and behavioral health providers, telemedicine providers, home health providers, and medical spas.
Daniel A. Cody is a Member at Mintz who represents clients across the health care and life sciences sectors, including the digital health industry, providing strategic counseling and leading civil fraud and abuse investigations. His practice encompasses a broad range of complex regulatory, compliance, privacy, and transactional matters.