HIV Laws: Surveillance, Data Sharing, and HIV Reporting

Disclaimer: The information provided on this website is for informational purposes only and does not constitute legal advice. Fact sheets and Letters were developed based on the current law at the time, so please be advised of changes to law and verify relevance of resources before relying on older materials.​

• ​Surveillance and Prevention Evaluation and Reporting Branch
• ADAP and Care Evaluation and Informatics (ACEI) Branch​​
  ​
  

• ​Statutory Authority:
  
• Mandated Blood Testing and Confidentiality​ to Protect Public Health (HSC Sections 120975–121023)
• AIDS Public Health Records Confidentiality Act (HSC Sections 121025–121035)
• ​​General Disease Reporting Requirements: 17 CCR Section 2500 and 17 CCR Section 2505​
• ​HIV-Specific Reporting Requirements​: 17 CCR Div 1, Ch 4, Subchapter 1, Article 3.5, Subarticle 4​
• SB 946 (2011)​ allows OA to make changes to the HIV/AIDS case report form through File and Print process of California Code of Regulations​.
  

Data Sharing ​Resources

• Public Health Records Relating to HIV (HSC Section 121025​)
• SB 1333 (2024) Communicable Diseases: HIV Reporting | Fact Sheet: SB 1333 Expands Disclosure to Include Additional Reportable Diseases (PDF) | Regarding authorized disclosure of confidential HIV-related public health records, between public health agencies and to providers.
• Provider Records (CA Confidentiality of Medical Information Act (CMIA), HIPAA​, and HSC Sections 120975–121023​)
  
• HIPAA: Federal law authorizes a HIPAA covered entity, such as healthcare providers, to "disclose protected health information without written authorization from the individual" to "A public health authority that is authorized by law to collect or receive such information for the purpose of preventing or controlling disease... including, but not limited to... public health interventions..." (HIPAA, 45 CFR Section 164.512(b)(1)(i)​)
• Letter: Healthcare Provider HIPAA Disclosure (2021) (PDF)
  
• CMIA: Authorizes a provider of health care to disclose medical information without first obtaining authorization to a local health department for the purpose of preventing or controlling disease, including for the purpose of public health interventions. (Civ Code 56.10(c)(18)​)
  
• CMIA​: Authorizes a provider of health care to disclose medical information regarding a patient without first obtaining an authorization when specifically required by law. (Civ Code 56.10(b)(8)​)
  
• ​Research Records: AIDS Research Confidentiality Act (HSC Sections 121075–121125)

Reporting Guidance for Healthcare Providers and Laboratories

• Letter: Reporting Requirements for Point of Care HIV Testing (2024) (PDF)
• Fact Sheet: Changes to HIV Reporting Revisions to 17 CCR Sections 2500 and 2505 (2019) (PDF)
• Letter: Persons in Research Studies HIV Case Reporting Requirements (2019) (PDF)
• Fact Sheet: Methods and Timeline for Reporting HIV Data: Overview of Legal Requirements for Providers, Labs, and Local Health Officers (2017) (PDF)
• AB 1045 (2009) HIV and AIDS Reporting | Fact Sheet: CD4+T-Cell Reporting Requirements (2009)(PDF)​​

Reporting Guidance for Healthcare Providers

• Letter: Telemedicine HIV Reporting Requirements (2023) (PDF)​
• SB 1419 (2022) Health Information​ | Removes the restrictions on sharing HIV test results with patients electronically.
  

Reporting Guidance for Laboratories

• Fact Sheet: Blood and Plasma Centers Reporting in CA (2017) (PDF)
• Letter: HIV Genotype Sequence Data Reporting (2017) (PDF)
• Letter: HIV Test Results Reporting Requirements for Laboratories (2017) (PDF)​

← Return to HIV Laws Main Webpage​