BILL ANALYSIS �Ó
-----------------------------------------------------------------
|SENATE RULES COMMITTEE | SB 138|
|Office of Senate Floor Analyses | |
|1020 N Street, Suite 524 | |
|(916) 651-1520 Fax: (916) | |
|327-4478 | |
-----------------------------------------------------------------
THIRD READING
Bill No: SB 138
Author: Hernandez (D), et al.
Amended: 5/28/13
Vote: 21
SENATE HEALTH COMMITTEE : 7-2, 4/3/13
AYES: Hernandez, Beall, De León, DeSaulnier, Monning, Pavley,
Wolk
NOES: Anderson, Nielsen
SENATE APPROPRIATIONS COMMITTEE : 5-2, 5/23/13
AYES: De León, Hill, Lara, Padilla, Steinberg
NOES: Walters, Gaines
SUBJECT : Confidentiality of medical information
SOURCE : California Family Health Council
DIGEST : This bill prohibits a health plan or insurer
(carriers) from sending insurance communications relating to
sensitive services, as defined, unless the carrier has received
an authorization for insurance communications, as defined, from
an insured individual who is under 26 years of age and insured
as a dependent on another person's insurance policy. In
addition, this bill prohibits carriers from sending
communications related to sensitive services for insured
dependents over the age of 26 if he/she has submitted a
nondisclosure request, as defined.
ANALYSIS : Existing law:
CONTINUED
�
SB 138
Page
2
1.Establishes, under the federal Health Insurance Portability
and Accountability Act of 1996 (HIPAA), requirements relating
to the provision of health insurance, and the protection of
privacy of individually identifiable health information.
2.Prohibits, under the state Confidentiality of Medical
Information Act, providers of health care, health care service
plans, or contractors, as defined, from sharing medical
information without the patient's written authorization,
subject to certain exceptions, including disclosure to a
probate court investigator, as specified.
3.Provides for regulation of health insurers by the California
Department of Insurance (CDI) under the Insurance Code, and
provides for the regulation of health plans by the Department
of Managed Health Care (DMHC) pursuant to the Knox-Keene
Health Care Service Plan Act of 1975.
This bill:
1.Prohibits carriers from sending insurance communications
relating to sensitive services, as defined, unless the carrier
has received an authorization for insurance communications, as
defined, from an insured individual who is under 26 and
insured as a dependent on another person's insurance policy.
Prohibits carriers from sending communications related to
sensitive services for insured dependents over the age of 26
if he/she has submitted a nondisclosure request, as defined.
2.Requires carriers to comply with a confidential communications
request, as defined, regarding sensitive services from an
insured individual.
3.Requires carriers to comply with a nondisclosure request, as
defined, or a confidential communications request from an
insured individual who states that disclosure of health
information will endanger the individual. Prohibits carriers
from requiring an explanation as to the basis for the insured
individual's statement that disclosure will endanger the
individual.
4.Permits the provider of health care to make arrangements with
the insured individual for the payment of benefit cost-sharing
CONTINUED
�
SB 138
Page
3
and communicate that arrangement with the carrier.
5.Prohibits carriers from conditioning enrollment or coverage in
the health plan or insurance policy or eligibility for
benefits on the provision of an authorization for insurance
communications.
6.Requires a health plan to comply with specified provisions of
the Civil Code. To the extent there are conflicts with the
Health and Safety Code, requires specified provisions of the
Civil Code to control.
7.Requires DMHC and CDI to review products and privacy policies
for compliance only during the normal policy issuance process,
as defined.
8.Defines a number of terms, including:
A. "Authorization for insurance communications" means
permission from the individual, that meets specified
requirements of existing law which specifies the medical
information and insurance transactions that may be
disclosed and the identity of the people to whom
disclosures are permitted as part of an insurance
communication.
B. "Confidential communications request" means a request by
an insured individual that insurance communications be
communicated by a specific method, such as by telephone,
e-mail, or in a covered envelope rather than postcard, or
to a specific mail or e-mail address or specific telephone
number, as designated by the insured individual.
C. "Insurance communication" means any communication from
the carrier to policyholders or insured individuals that
discloses individually identifiable medical information.
Insurance communication includes, but is not limited to,
explanation of benefits forms, scheduling information,
notices of denial, and notices of contested claims.
D. "Sensitive services" means specified health care
services described in existing law (including services
related to HIV, family planning, drug and alcohol use, and
mental health) obtained by any patient who has reached the
CONTINUED
�
SB 138
Page
4
minimum age specified for consenting to the service
specified in the section, including patients 18 years of
age and older.
Background
Federal and state laws regarding confidentiality . Existing
state and federal law provides some protection of sensitive
health information for patients. For example:
Adult patients in California have a right to keep health
information confidential and decide whether and when to share
that information with their partners and parents.
Adolescent patients in California have a right to keep certain
health information confidential and decide whether and when to
share that information with parents, including information
about sexual and reproductive health services, drug treatment
and most mental health counseling.
HIPAA and California confidentiality laws make an exception to
the general confidentiality rules above, allowing providers
and insurers to use and disclose information for payment and
health care operations purposes. With such disclosures, HIPAA
requires "reasonable efforts" to limit them to the "minimum
necessary" to accomplish the intended purpose of the
disclosure.
HIPAA allows patients to ask their carriers and providers to
send communications of protected health information by
alternate means (e.g. by phone) or to alternate locations
(e.g. a friend's address). Carriers and providers are
required to accommodate "reasonable requests" if as part of
the request "the individual clearly states that the disclosure
of all or part of the information could endanger the
individual." California law does not further define this
right.
HIPAA allows patients to ask their carriers and providers to
restrict communications. HIPAA permits but does not require
that carriers and providers accept these requests. California
law does not further define this right.
Federal and state insurance laws and regulations permit many
CONTINUED
�
SB 138
Page
5
insurance communications, or may require certain
communications. For example, some types of insurance plans are
required to send explanation of benefits (EOBs) under
California law while others are not.
Confidentiality for individuals insured as dependents. A July
2012 Guttmacher Institute report reviewed state-level
requirements related to confidentiality in private insurance.
According to the report, the billing and insurance claims (most
notably the practice of sending EOBs to a policyholder whenever
care is provided under his or her policy) routinely violate
confidentiality of those, often a minor or a young adult,
insured as a dependent on someone else's policy. EOBs typically
identify the individual who received care, the health care
provider and the type of care obtained. They also include
information on the amount charged for the care, the amount
reimbursed by the insurer and any remaining financial obligation
on the part of the policyholder or patient. The report found
provisions in the laws in almost all states that lead to
disclosure to a policyholder or other third party of
confidential health information for dependents seeking sensitive
health care services.
FISCAL EFFECT : Appropriation: No Fiscal Com.: Yes
Local: Yes
According to the Senate Appropriations Committee:
One-time costs between $500,000 and $600,000 for review of
health plan contracts and other documents by DMHC to ensure
that health plan privacy policies comply with the bill's
requirements (Managed Care Fund).
Potential ongoing enforcement costs, likely in the tens of
thousands annually, based on complaints for violations of the
bill's requirements by health plans (Managed Care Fund).
One-time costs between $500,000 and $600,000 for review of
insurance plan contracts and other documents by CDI to ensure
that health plan privacy policies comply with the bill's
requirements (Insurance Fund). While the Department indicates
that costs under the bill are absorbable, the initial review
of insurance plan contracts and other documents to ensure
compliance with the bill will likely impose additional
CONTINUED
�
SB 138
Page
6
workload on CDI.
Potential ongoing enforcement costs, likely in the tens of
thousands annually, based on complaints for violations of the
bill's requirements by health insurers (Insurance Fund).
SUPPORT : (Verified 5/24/13)
California Family Health Council (source)
ACCESS Women's Health Justice
American Civil Liberties Union
American Congress of Obstetricians and Gynecologists, District
IX (California)
California Adolescent Health Collaborative
California Association of Marriage and Family Therapists
California National Organization for Women
California Partnership to End Domestic Violence
California Primary Care Association
California Women's Law Center
Center on Reproductive Rights and Justice at UC Berkeley School
of Law
Citizens for Choice
Los Angeles Trust for Children's Health
National Center for Youth Law
National Health Law Program
Physicians for Reproductive Health
Planned Parenthood Affiliates of California
Privacy Rights Clearinghouse
The Women's Community Clinic
OPPOSITION : (Verified 5/24/13)
Association of California Life & Health Insurance Companies
California Association of Health Plans
ARGUMENTS IN SUPPORT : The author claims this bill will bring
clarity to the existing patchwork of state and federal statutes
and regulations related to the sharing of patient information,
and will protect patient confidentiality for insured dependents
accessing services related to sexual and reproductive health,
HIV/AIDS, substance use, mental health care, or any other health
care service where disclosure could cause harm.
ARGUMENTS IN OPPOSITION : According to Association of
CONTINUED
�
SB 138
Page
7
California Life & Health Insurance Companies, the bill gives no
indication how the opt-in process would work nor does it suggest
how insurers would comply when they have little initial contact
with anyone other than the primary policy holder. Additionally,
this new opt-in process, in and of itself, would require
insurers to invest a considerable amount of time and resources
toward upgrading all their IT systems so that they may fully
comply with the provisions of this bill.
JA:JL:nl 5/28/13 Senate Floor Analyses
SUPPORT/OPPOSITION: SEE ABOVE
**** END ****
CONTINUED