Amended
IN
Senate
July 15, 2021 |
Amended
IN
Senate
June 29, 2021 |
Amended
IN
Assembly
March 25, 2021 |
Introduced by Assembly Member Chiu (Coauthor: Assembly Member Burke) (Coauthor: Senator Eggman) |
February 18, 2021 |
Notwithstanding any other law, and to the extent permitted by federal law, a health care service plan shall take the following steps to protect the confidentiality of a subscriber’s or enrollee’s medical information on and after July 1, 2022:
(a)(1)A health care service plan shall not require a protected individual to obtain the policyholder, primary subscriber, or other enrollee’s authorization to receive
sensitive services or to submit a claim for sensitive services if the protected individual has the right to consent to care.
(2)A health care service plan shall recognize the right of a protected individual to exclusively exercise rights granted under this section regarding medical information related to sensitive services that the protected individual has received.
(3)A health care
service plan shall direct all communications regarding a protected individual’s receipt of sensitive services directly to the protected individual receiving care as follows:
(A)If the protected individual has designated an alternative mailing address, email address, or telephone number pursuant to subdivision (b), the health care service plan shall send or make all communications related to the protected
individual’s receipt of sensitive services to the alternative mailing address, email address, or telephone number designated.
(B)If the protected individual has not designated an alternative mailing address, email address, or telephone number pursuant to subdivision (b), the health care service plan shall send or make all communications related to the protected individual’s receipt of sensitive services in the name of the protected individual at the address or telephone number on file.
(C)Communications subject to this paragraph shall include the following written, verbal, or electronic communications related to the receipt of sensitive services:
(i)Bills and attempts to collect payment.
(ii)A notice of adverse benefits determinations.
(iii)An explanation of benefits notice.
(iv)A health care service plan’s request for additional information regarding a claim.
(v)A notice of a contested claim.
(vi)The name and address of a provider, description of services provided, and other information related to a visit.
(vii)Any written, oral, or electronic communication from a health care service plan that contains protected health information.
(4)A health care service plan shall not disclose medical information related to sensitive health care services provided to a protected individual to the policyholder, primary
subscriber, or any plan enrollees other than the protected individual receiving care, absent an express written authorization of the protected individual receiving care.
(b)(1)A health care service plan shall permit subscribers and enrollees to request, and shall accommodate requests for, confidential communication in the
form and format requested by the individual, if it is readily producible in the requested form and format, or at alternative locations.
(2)A health care service plan may require the subscriber or enrollee to make a request for a confidential communication described in paragraph (1), in writing or by electronic transmission.
(3)The confidential communication request shall be valid until the subscriber or enrollee submits a revocation of the request or a new confidential communication request is submitted.
(4)
For the purposes of this section, a confidential communications request shall be implemented by the health care service plan within 7 calendar days of receipt of an electronic transmission or telephonic
request or within 14 calendar days of receipt by first-class mail. The health care service plan shall acknowledge receipt of the confidential communications request and advise the subscriber or enrollee of the status of implementation of the request if a subscriber or enrollee contacts the health care service plan.
(c)(1)A health care service plan shall notify subscribers and enrollees that they may request a confidential communication pursuant to subdivision (b) and how to make the request.
(2)The information required to be provided pursuant to this subdivision shall be provided to subscribers and enrollees with individual coverage upon initial enrollment and annually thereafter upon renewal, and to subscribers and enrollees with
group coverage upon initial enrollment and annually thereafter upon renewal. The information shall also be provided in the following manner:
(A)In a conspicuously visible location in the evidence of coverage.
(B)In a conspicuously visible location in an adverse benefits determination, an explanation of benefits notice, a health care service plan’s request for additional information regarding a claim, a notice of a contested claim, and in any written or electronic communication from a health care service plan that contains the name and address of a provider, description of services provided, and other information related to a visit.
(C)On the health care service plan’s internet website, accessible through a hyperlink on the internet website’s home page and in a manner that allows subscribers, enrollees, prospective
subscribers, prospective enrollees, and members of the public to easily locate the information.
(d)Notwithstanding subdivision (b), the provider of health care may make arrangements with the subscriber or enrollee for the payment of benefit cost sharing and communicate that arrangement with the health care service plan.
(e)A health care service plan shall not condition enrollment or coverage on the waiver of rights provided in this section.
Notwithstanding any other law, and to the extent permitted by federal law, a health insurer shall take the following steps to protect the confidentiality of an insured’s medical information on and after July 1, 2022:
(a)(1)A health insurer shall not require a protected individual to obtain the policyholder’s authorization to receive sensitive services
or to submit a claim for sensitive services if the protected individual has the right to consent to care.
(2)A health insurer shall recognize the right of a protected individual to exclusively exercise rights granted under this section regarding medical information related to sensitive services that the protected individual has received.
(3)A health insurer shall direct all communications regarding a protected
individual’s receipt of sensitive services directly to the protected individual receiving care as follows:
(A)If the protected individual has designated an alternative mailing address, email address, or telephone number pursuant to subdivision (b), the health insurer shall send or make all communications related to the protected individual’s receipt of sensitive services to the alternative mailing address, email address, or
telephone number designated.
(B)If the protected individual has not designated an alternative mailing address, email address, or telephone number pursuant to subdivision (b), the health insurer shall send or make all communications related to the protected individual’s receipt of sensitive services in the name of the protected individual at the address or telephone number on file.
(C)Communications subject to this paragraph shall include the following written, verbal, or electronic communications:
(i)Bills and attempts to collect payment.
(ii)A notice of adverse benefits determinations.
(iii)An explanation of benefits notice.
(iv)A health insurer’s request for additional information regarding a claim.
(v)A notice of a contested claim.
(vi)The name and address of a provider, description of services provided, and other information related to a visit.
(vii)Any written, oral, or electronic communication from a health insurer that contains protected health information.
(4)A health insurer shall not disclose medical information related to sensitive health care services provided to a protected individual to the policyholder or any insureds other than the protected individual receiving care, absent an express written authorization of the protected individual receiving care.
(b)(1)A health insurer shall permit an insured to request, and shall accommodate requests for, confidential communication in the form and format requested by the insured, if it is readily producible in the requested form and format, or at alternative locations.
(2)A health insurer may require the insured to make a request for a confidential communication described in paragraph (1) in writing or by electronic transmission.
(3)
The confidential communication request shall be valid until the insured submits a revocation of the request, or a new confidential communication request is submitted.
(4)
For the purposes of this
section, a confidential communications request shall be implemented by the health insurer within 7 calendar days of the receipt of an electronic transmission, telephonic request, or request submitted through the health insurer’s internet website, or within 14 calendar days of receipt by first-class mail. The health insurer shall acknowledge receipt of the confidential communications request and advise the insured of the status of implementation of the request if an insured contacts the insurer.
(c)(1)A health insurer shall notify insureds that they may
request a confidential communication pursuant to subdivision (b) and how to make the request.
(2)The information required to be provided pursuant to this subdivision shall be provided to insureds with individual coverage upon initial enrollment and annually thereafter upon renewal, and to insureds with group coverage upon initial enrollment and annually thereafter upon renewal. The information shall also be provided in the following manner:
(A)In a conspicuously visible location in the evidence of coverage.
(B)In a conspicuously visible location in an adverse benefits determination, an explanation of benefits notice, a health insurer’s request for additional information regarding a claim, a notice of a contested claim, and in any written or electronic communication from a health insurer that contains the name and
address of a provider, description of services provided, and other information related to a visit.
(C)On the health insurer’s internet website, accessible through a hyperlink on the internet website’s home page and in a manner that allows insureds, prospective insureds, and members of the public to easily locate the information.
(d)Notwithstanding subdivision (b), a provider of health care may make arrangements with the insured for the payment of benefit cost sharing and communicate that arrangement with the insurer.
(e)A health insurer shall not condition coverage on the waiver of rights provided in this section.