California Attorney General Rob Bonta joined a multistate coalition in filing an amicus brief opposing the U.S. Department of Justice's subpoena for patient records from University of Pittsburgh Medical Center related to gender-affirming care. The brief argues that the subpoena violates patient privacy, infringes on states' rights to regulate medicine, and exceeds DOJ's statutory authority.
In-house legal teams should review all agreements involving the handling of sensitive health data, particularly vendor and data processing agreements with healthcare providers, hospitals, and medical service organizations. Specific clauses to scrutinize include those governing data disclosure and sharing, responses to government subpoenas or legal requests, patient consent requirements (especially for minors), confidentiality obligations, and compliance with both federal (e.g., HIPAA) and state-specific privacy laws. Given the focus on gender-affirming care for adolescents, contracts should be assessed for provisions that may allow broad disclosure without explicit, informed consent or adequate safeguards for sensitive health information. Teams may need to negotiate stricter consent mechanisms, require prior notice before complying with subpoenas, implement data minimization and anonymization protocols, and ensure alignment with state laws that may offer greater privacy protections than federal baseline requirements.
Entity
U.S. Department of Justice
Industry
OtherOfficial Press Release
https://oag.ca.gov/news/press-releases/attorney-general-bonta-opposes-further-attempts-us-doj-subpoena-hospital-records
55 1 Shapiro et al Amicus Brief (WDPA 25 1069)
https://oag.ca.gov/system/files/attachments/press-docs/55-1%20-%20Shapiro%20et%20al%20Amicus%20Brief%20%28WDPA%2025-1069%29.pdf
California Attorney General Enforcement Page
https://oag.ca.gov/privacy/privacy-enforcement-actions
"U.S. Department of Justice (U.S. DOJ)"
"federal Food, Drug, and Cosmetic Act (FDCA)"
"Tenth Amendment of the Constitution"
"the subpoena violates patients’ privacy"
California Attorney General Rob Bonta joined 20 attorneys general in filing an amicus brief to quash a U.S. DOJ administrative subpoena seeking sensitive medical records and personally identifying information of adolescent patients receiving gender-affirming care at Children's Hospital Colorado. The brief argues the subpoena violates states' rights to regulate medicine under the Tenth Amendment and misinterprets the Food, Drug, and Cosmetic Act, which would harm off-label drug use across all medical fields.
California Attorney General Rob Bonta joined 15 attorneys general in filing an amicus brief to limit a U.S. DOJ subpoena seeking medical records of transgender youth from Children's Hospital of Philadelphia, arguing it violates patient privacy and could intimidate providers of gender-affirming care.
California Attorney General Rob Bonta, joined by attorneys general from seven other states, filed a lawsuit to block the $6.2 billion merger between Nexstar Media Group and Tegna Inc. The lawsuit alleges the merger violates Section 7 of the Clayton Act by reducing competition in local TV markets, leading to higher prices, less local news, and job losses.
California Attorney General Rob Bonta filed a lawsuit against the U.S. Department of Education to block the expansion of IPEDS data collection requiring colleges to submit race-linked student data. The lawsuit argues the demand is arbitrary, capricious, and burdensome, and could enable costly partisan investigations. A multistate coalition co-led the challenge.
California Attorney General Rob Bonta and a coalition of state attorneys general announced they will continue their antitrust lawsuit against Live Nation/Ticketmaster after the U.S. Department of Justice settled the case. The states aim to hold Live Nation accountable for anticompetitive conduct that harms consumers, artists, and venues in the live music industry.
$376K
The California Privacy Protection Agency (CalPrivacy) settled with Ford Motor Company requiring the company to pay a $375,703 fine and change its practices. Ford violated the CCPA by requiring consumers to complete an email verification step before they could opt-out of the sale and sharing of their personal information collected through digital properties and connected vehicle services. In addition to the fine, Ford must provide easy methods to submit opt-out requests with minimal steps, audit its tracking technologies, and ensure compliance with opt-out preference signals including Global Privacy Control.