On September 28, California’s governor signed a number of bills into law, including to regulate health care facilities’ use of artificial intelligence (“AI”). This included AB 3030, which regulates certain California-licensed health care facilities’ use of AI and SB 1223, which amends the California Consumer Privacy Act (CCPA) to cover “neural data.” We discuss each bill in turn below.
AB 3030
AB 3030 requires a health facility, clinic, physician’s office, or office of a group practice that uses generative AI to generate written or verbal patient communications pertaining to patient clinical information to provide certain disclosures to patients.
In particular, AB 3030 requires the provision of “[a] disclaimer that indicates to the patient that the communication was generated by generative artificial intelligence.” This disclaimer must be provided in a specific format, depending on the method through which the AI is interacting with the patient:
- For written communications involving physical and digital media (e.g., letters, emails), the disclaimer must appear prominently at the beginning of each communication;
- For written communications involving continuous only interactions (e.g., chat-based telehealth), the disclaimer must be prominently displayed through the interaction;
- For audio communications, the disclaimer must be provided verbally at the start and the end of the interaction; and
- For video communications, the disclaimer must be prominently displayed throughout the interaction.
In addition, regardless of the method of communication, AB 3030 requires that the AI-generated patient communications pertaining to patient clinical information include clear instructions describing how a patient may contact a health care provider, employee of the health facility, clinic, physician’s office, or office of a group practice, or other appropriate person.
However, AB 3030 does not apply to all patient communications that are generated using AI. AI-generated communications that are read and reviewed by a human licensed or certified health care provider are not subject to these disclosure requirements in AB 3030. In addition, AB 3030 does not regulate the use of AI for administrative matters. AB 3030 applies only to communications pertaining to “patient clinical information,” which means “information relating to the health status of a patient . . . [and] does not include administrative matters, including, but not limited to, appointment scheduling, billing, or other clerical or business matters.”
SB 1223
SB 1223 amends the CCPA’s definition of “sensitive personal information” to include “a consumer’s neural data.” “Neural data” is defined as “information that is generated by measuring the activity of a consumer’s central or peripheral nervous system, and that is not inferred from nonneural information.” With the enactment of SB 1223, California becomes the second state, following Colorado, to amend its consumer privacy law to regulate neural data.