LegalTips.ORG Directory Full Text About us
Alabama Code | California Code | Connecticut Code | Nebraska Code | Texas Code
 
Google
 
Web LegalTips.org

maritime & jones injury law attorney   Official Government Sites
   State of Alabama
   State of Alaska
   State of Arizona
   State of Arkansas
   State of California
   State of Colorado
   State of Connecticut
   State of Delaware
   District-of-Columbia
   State of Florida
   State of Georgia
   State of Hawaii
   State of Idaho
   State of Illinois
   State of Indiana
   State of Iowa
   State of Kansas
   State of Kentucky
   State of Louisiana
   State of Maine
   State of Maryland
   State of Massachusetts
   State of Michigan
   State of Minnesota
   State of Mississippi
   State of Missouri
   State of Montana
   State of Nebraska
   State of Nevada
   State of New-Hampshire
   State of New-Jersey
   State of New-Mexico
   State of New York
   State of North-Carolina
   State of North-Dakota
   State of Ohio
   State of Oklahoma
   State of Oregon
   State of Pennsylvania
   State of Rhode-Island
   State of South-Carolina
   State of South-Dakota
   State of Tennessee
   State of Texas
   State of Utah
   State of Vermont
   State of Virginia
   State of Washington
   State of West-Virginia
   State of Wisconsin
   State of Wyoming
 




INSURANCE CODE - NOT CODIFIED



CHAPTER 28B. PRIVACY OF HEALTH INFORMATION



SUBCHAPTER A. GENERAL PROVISIONS





Art. 28B.01. Definitions                                                      

In this chapter:                                                              

(1) "Health information" means any information or data regarding an 
individual, other than age or gender, whether oral or recorded in 
any form or medium, that is created by or derived from a health care 
provider or the individual and that relates to:

(A) the past, present, or future physical, mental, or behavioral 
health or condition of an individual;

(B) the provision of health care to an individual;  or                        

(C) payment for the provision of health care to an individual.                

(2) "Licensee" means a person who holds or is required to hold a 
license, registration, certificate of authority, or other 
authority under this code or another insurance law of this state.  
The term includes an insurance company, group hospital service 
corporation, mutual insurance company, local mutual aid 
association, statewide mutual assessment company, stipulated 
premium insurance company, health maintenance organization, 
reciprocal or interinsurance exchange, Lloyd's plan, fraternal 
benefit society, county mutual insurer, farm mutual insurer, or 
insurance agent.

(3) "Nonpublic personal health information" means health 
information:       

(A) that identifies an individual who is the subject of the 
information;  or

(B) with respect to which there is a reasonable basis to believe 
that the information could be used to identify an individual.

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           

Acts 2003, 78th Leg., ch. 1276, Sec. 26(b)(4) repeals this article 
effective April 1, 2005.




Art. 28B.02. Personally Identifiable Health Information:  Privacy 
Notice and Disclosure Authorization

(a) A licensee must obtain an authorization to disclose any 
nonpublic personal health information before making such a 
disclosure.

(b) The request for authorization required by this article may be in 
written or electronic form and must:

(1) state the identity of the consumer or customer who is the 
subject of the nonpublic personal health information;

(2) describe:                                                                 

(A) the types of nonpublic personal health information to be 
disclosed;     

(B) the parties to whom the licensee discloses nonpublic personal 
health information;

(C) the purpose of the disclosure;                                            

(D) how the information will be used;  and                                    

(E) the procedure for revoking the authorization;                             

(3) include the signature and date signed of:                                 

(A) the consumer or customer who is the subject of the nonpublic 
personal health information;  or

(B) the individual who is legally empowered to grant authority;               

(4) provide notice:                                                           

(A) of the length of time for which the authorization is valid;  and          

(B) that the consumer or customer may revoke the authorization at 
any time;  and

(5) specify the amount of time that the authorization remains 
valid, which may not exceed 24 months.

(c) The right of a consumer or customer to revoke an authorization 
at any time is subject to the rights of an individual who acted in 
reliance on the authorization before receiving notice of a 
revocation.

(d) The licensee shall retain the original or a copy of the 
authorization in the record of the individual who is the subject of 
the nonpublic personal health information.

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.03. Delivery of Authorization                                        

(a) A request for authorization and an authorization form may be 
delivered to a consumer or a customer if the request and the 
authorization form are clear and conspicuous. 

(b) A licensee must include delivery of the authorization in a 
notice to the consumer or customer only if the licensee intends to 
disclose protected health information under this chapter.

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.04. Exceptions                                                       

A licensee may disclose nonpublic personal health information to 
the extent that the disclosure is necessary to perform the 
following insurance functions on behalf of that licensee:

(1) the investigation or reporting of actual or potential fraud, 
misrepresentation, or criminal activity;

(2) underwriting;                                                             

(3) the placement or issuance of an insurance policy;                         

(4) loss control services;                                                    

(5) ratemaking and guaranty fund functions;                                   

(6) reinsurance and excess loss insurance;                                    

(7) risk management;                                                          

(8) case management;                                                          

(9) disease management;                                                       

(10) quality assurance;                                                       

(11) quality improvement;                                                     

(12) performance evaluation;                                                  

(13) health care provider credentialing verification;                         

(14) utilization review;                                                      

(15) peer review activities;                                                  

(16) actuarial, scientific, medical, or public policy research;               

(17) grievance procedures;                                                    

(18) the internal administration of compliance, managerial, and 
information systems;

(19) policyholder services;                                                   

(20) auditing;                                                                

(21) reporting;                                                               

(22) database security;                                                       

(23) the administration of consumer disputes and inquiries;                   

(24) external accreditation standards;                                        

(25) the replacement of a group benefit plan or workers' 
compensation policy or program;

(26) activities in connection with a sale, merger, transfer, or 
exchange of all or part of a business or operating unit;

(27) any activity that permits disclosure without authorization 
under the federal Health Insurance Portability and Accountability 
Act of 1996 (42 U.S.C. Section 1320d et seq.), as amended;

(28) disclosure that is required, or is a lawful or appropriate 
method to enforce the licensee's rights or the rights of other 
persons engaged, in carrying out a transaction or providing a 
product or service that the consumer requests or authorizes;

(29) claims administration, adjustment, and management;                       

(30) any activity otherwise permitted by law, required pursuant to 
a governmental reporting authority, or required to comply with 
legal process;  and

(31) any other insurance functions that the commissioner approves 
that are: 

(A) necessary for appropriate performance of insurance functions;  
and      

(B) fair and reasonable to the interests of consumers.                        

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.05. Exception for Compliance With Federal Rules                      

This subchapter does not apply to a licensee who is required to 
comply with the standards governing the privacy of individually 
identifiable health information adopted by the United States 
Secretary of Health and Human Services under Section 262(a), Health 
Insurance Portability and Accountability Act of 1996 (42 U.S.C. 
Sections 1320d-1320d-8).

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.06. Protection of Fair Credit Reporting Acts                         

(a) This chapter may not be construed to modify, limit, or supersede 
the operation of the Fair Credit Reporting Act (15 U.S.C. Section 
1681 et seq.) and an inference may not be drawn based on this 
chapter regarding whether information is transaction or experience 
information under Section 603 of that Act (15 U.S.C. Section 
1681a).

(b) This chapter does not preempt or supersede a state law related 
to medical record, health, or insurance information privacy that is 
in effect on July 1, 2002.

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.07. Violation;  Penalties                                            

A licensee may not knowingly or wilfully violate this chapter.                

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.08. Rules                                                            

The commissioner may adopt rules as necessary to implement this 
chapter.    

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.09. Injunctive Relief;  Civil Penalty                                

(a) The attorney general may institute an action for injunctive 
relief to restrain a violation of this chapter.

(b) In addition to the injunctive relief provided by Subsection 
(a), the attorney general may institute an action for civil 
penalties against a covered entity or health care entity for a 
violation of this chapter.  A civil penalty assessed under this 
section may not be less than $3,000 for each violation.

(c) If the court in which an action under Subsection (b) is pending 
finds that the violations have occurred with a frequency as to 
constitute a pattern or practice, the court may assess a civil 
penalty not to exceed $250,000.

(d) The civil penalty authorized by this article is in addition to 
any other civil, administrative, or criminal action provided by 
law.

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.10. Disciplinary Action                                              

In addition to the penalties prescribed by this chapter, a 
violation of this chapter by a licensee is subject to investigation 
and disciplinary proceedings, including probation or suspension.  
Evidence of a pattern or practice of violations under this chapter 
may subject the licensee to license revocation.

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.11. Exclusion From State Programs                                    

In addition to the penalties prescribed by this chapter, a licensee 
shall be excluded from participating in any state-funded health 
care program if there is evidence that the licensee engaged in a 
pattern or practice of violating this chapter. 

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.           




Art. 28B.12. Availability of Other Remedies                                   

This chapter does not affect any right of a person under other law 
to bring a cause of action or otherwise seek relief with respect to 
conduct that is a violation of this chapter.

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 2, eff. Jan. 1, 2002.



Alabama Code | California Code | Connecticut Code | Nebraska Code | Texas Code
 © 2007 All Rights Reserved. LegalTips.ORG.