CCPA-1798.146-03
Requirement
1798.146
Apply data privacy laws to reidentified information
Description
Information that was previously deidentified but is subsequently reidentified must be subject to applicable federal and state data privacy and security laws, including HIPAA, CMIA, and CCPA
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
CCPA-1798.146-01
Conformity
Comply with deidentification requirements for patient information exemption
CCPA-1798.146-02
Conformity
Ensure deidentified information derives from regulated entity patient data
CCPA-1798.146-04
Conformity
Conduct research in accordance with applicable ethics and privacy rules
CCPA-1798.146-05
Data Governance
Maintain patient information consistent with medical/PHI standards for exemption
CCPA-1798.146-06
Data Governance
Business associates must handle patient information like medical/PHI for exemption
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started