California Privacy Laws
Medical Records Retention

The California Confidentiality of Medical Information Act

(CA Civil Code §56 et seq) 

CA confidentiality of Medical Information Act provides that Private Information about your health and healthcare is perhaps the most sensitive and personal kind of information collected.  California  State & Federal HIPAA  laws give us many rights to limit those who see our medical records.

Businesses are forbidden from trying to obtain medical information directly from an individual for direct marketing purposes without clearly and conspicuously disclosing how it will use and share that information, and without obtaining the consumer’s consent. (SB 1633 Civil Code    §1798.91)


Manifest MedEx manifest is tackling one of healthcare’s hardest and most fundamental problems. A problem that has to be fixed before hospitals, health plans, and physicians can do the hard work to reduce costs, provide a better patient experience, and improve outcomes. Manifest MedEx is on a mission to connect healthcare in California. We’ve built a nonprofit utility that gets health information out of silos. Our network facilitates the secure exchange of real-time information on millions of patients across California. Your job is to make healthcare better. Our job is to get you the information you need.


Online Privacy Act


The California Online Privacy Protection Act of 2003 (CalOPPA) amended in 2013, requires commercial websites on the World Wide Web and online services to include a privacy policy on their website.  Wikipedia *

Data Privacy Law


On Jan. 1, 2020, all Californians will be able to find out what personal information a business is collecting about them, their devices and their children.   Companies can still collect the data: what you buy; where you go, and when; all the photos you’ve ever taken; your emails, even the ones you deleted.  But what companies must now do is tell you what they’re collecting when you ask, and delete it all if you ask for that. However, some companies can deny your request to delete if the data is required in order to complete a financial transaction or protect against fraud.  What companies can’t do anymore, legally, is sell that data if you tell them not to NPR  *



Consumer Links

Technical & Research Links



California Consumer Privacy Act (CCPA) 

The intentions of the Act are to provide California residents with the right to:

  1. Know what personal data is being collected about them.
  2. Know whether their personal data is sold or disclosed and to whom.
  3. Say no to the sale of personal data.
  4. Access their personal data.
  5. Request a business to delete any personal information about a consumer collected from that consumer.[9]
  6. Not be discriminated against for exercising their privacy rights.  Wikipedia *


Word Press web sites – How to comply from

Insurance Agency – Records #Retention

The California Department of Insurance, pursuant to Title 10 California Code of Regulations section 2190.7, requires that an insurance producer maintain certain records that must be open and available for Department inspection at the agent’s place of business.   The principal rule, found under section 2190.3, requires an agent to keep his file for 18 months after an insurance transaction, which includes the following items:

  • 1) the identity of each person who transacted the insurance,
  • 2) all binders showing the names of the insured and insurer, the nature of the coverage, and the effective and termination dates as well as premium,
  • 3) a copy of the application or memorandum requesting the insurance, and
  • 4) correspondence, notes, memoranda and other records.

Under the broader rule of Title 10 California Code of Regulations section 2190.2, certain information must be kept for every insurance transaction for five years.   There are 18 items of information, which include the parties, particulars of the policy and information about what payment was made and how it was handled by the agent (including banking information).  Although whole files do not have to be maintained for the five years, this information must be traceable back to whatever source documents were used to assemble the information.

The main areas of concern when the Department wants to inspect a file are typically appropriate handling of premium monies and the presence of signatures on carrier forms.  CA License Blog

Records are to be maintained for a minimum of five years after the expiration or cancellation of the policy in question. Good sense dictates that you maintain your records for up to 10 years if economically and practically feasible.   Of course, the average agent or broker will not maintain his/her records in perpetuity. Nevertheless, retaining your files for 8 to 10 years is not only suggested but advised as a means to cut off potential E&O claims and to assist existing insureds.  Rough

  • 10 CCR  Article 7. Production Agency Records§ 2190.1. General.
    • § 2190.3. Records by File.
    • § 2190.2. Required Records.   5 years
    • § 2190.4. Direct Billing.   
    • § 2190.5. Bank Records  
    • § 2190.7. Place Where Records Kept.  

Also, if an insured is over age 65 and the policy is solicited or sold through a house call, the mandated advance notice of that visit should be kept in the file.CA License Blog   I don’t think he’s quite right

Our webpage on Scope of Appointment for Medicare Advantage which we are required to keep for 10 years

Testimonials & Accolades

Thank you so much for your assist in navigating this complicated insurance process.

I feel so lucky to find you!

I would like to contact you if I have any questions in the future because you are the only one who can give me a clear answer in this field.

I really, really appreciate you. 🙏

Julie L 


Read our other clients testimonials and/or write one 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.