BILL ANALYSIS �Ó
SB 514
Page 1
Date of Hearing: June 14, 2016
ASSEMBLY COMMITTEE ON HEALTH
Jim Wood, Chair
SB
514 (Anderson) - As Amended January 26, 2016
SENATE VOTE: 39-0
SUBJECT: California Health Benefit Exchange.
SUMMARY: Prohibits the California Health Benefit Exchange (the
Exchange), now known as Covered California, from disclosing
personal information obtained from an application for health
care coverage to a certified insurance agent or Certified
Enrollment Counselor (CEC) without the consent of the applicant.
Defines personal information consistent with existing law.
Contains an urgency clause to ensure that the provisions of this
bill go into immediate effect upon enactment.
EXISTING LAW:
1)Establishes the federal Patient Protection and Affordable Care
Act (ACA), which enacts various health care coverage market
reforms. Requires each state by January 1, 2014, to establish
an Exchange that makes qualified health plans (QHPs) available
to qualified individuals and qualified employers. Requires,
if a state does not establish an Exchange, the federal
government to administer the Exchange. Establishes
�
SB 514
Page 2
requirements for the Exchange and for QHPs participating in
the Exchange, and defines who is eligible to purchase coverage
in the Exchange.
2)Establishes Covered California within state government, as an
independent public entity not affiliated with an agency or
department, and requires it to compare and make available
through selective contracting health insurance for individual
and small business purchasers as authorized under the ACA.
Specifies the powers and duties of the board governing the
Exchange, and requires the board to facilitate the purchase of
QHPs though the Exchange by qualified individuals and small
employers.
3)Authorizes under federal regulations an Exchange to only use
or disclose such personally identifiable information for the
purposes of determining eligibility in a QHP, for other
insurance affordability programs, or for exemptions from the
individual responsibility provisions, as specified, to the
extent such information is necessary to carry out the
functions of the exchange, as specified. For other uses which
the Secretary of Health and Human Services determines are in
compliance with the ACA, but are not to carry out the exchange
functions, requires individual consent. To carry out other
functions, requires consent and substantive and procedural
requirements, as specified.
4)Requires, under the ACA, an applicant for insurance coverage
or for an Advanced Premium Tax Credit (APTC) or cost-sharing
reduction to be required to provide only the information
strictly necessary to authenticate identity, determine
eligibility, and determine the amount of the APTC or
reduction. Requires, under the ACA, any person who receives
such information provided by an applicant to use the
information only for ensuring the efficient operation of the
Exchange.
�
SB 514
Page 3
5)Requires, under federal regulations, each Exchange to
establish and implement written privacy and security standards
including: allowing individuals to access and correct their
own personal information; maintaining openness and
transparency of policies; ensuring data quality and integrity,
and protection of personal information with reasonable
safeguards; and, appropriate monitoring to detect and mitigate
non-adherence and breaches.
6)Requires, under federal regulations, entities such as
navigators, agents, and brokers that have access to
applicants' or enrollees' personal information in the course
of performing their functions to be subject to the same
privacy or security provisions that govern the Exchange.
7)Creates, under the ACA, a civil penalty of not more than
$25,000 per person or entity, per use or disclosure, for use
or disclosure of personal information in violation of the ACA.
8)Requires the Exchange to perform fingerprint-based background
checks of all employees, prospective employees, contractors,
subcontractors, employees of contractors, volunteers, or
vendors whose duties include access to confidential, personal,
or financial information, or any other information as required
by federal law or guidance.
9)Under the federal Health Insurance Portability and
Accountability Act of 1996 (HIPAA), provides protections for
individually identifiable health information held by covered
entities and their business associates and gives patients an
array of rights with respect to that information. HIPAA also
�
SB 514
Page 4
permits the disclosure of certain health information as needed
for patient care and certain other purposes, including:
public health activities; research; prevention of a serious
threat to health or safety; law enforcement purposes; and,
judicial and administrative proceedings. Covered entities
under the HIPAA Privacy Rule are health care providers, health
plans, and health care clearinghouses.
10)Establishes the Information Practices Act of 1977 (IPA),
which prohibits state agencies from disclosing personal
information, unless the information is disclosed according to
one of a specified list of provisions, such as:
a) With prior voluntary written consent, not more than 30
days in advance of the disclosure, or in the time limit
agreed to by the individual; or,
b) To those officers, employees, attorneys, agents, or
volunteers of the agency who have custody of the
information, if the disclosure is relevant and necessary in
the ordinary course of the performance of their official
duties and is related to the purpose for which the
information was acquired.
11)Defines, under the IPA, "personal information" as any
information that is maintained by an agency that identifies or
describes an individual, including, but not limited to, his or
her name, social security number, physical description, home
address, home telephone number, education, financial matters,
and medical or employment history. Includes statements made
by, or attributed to, the individual.
FISCAL EFFECT: According to the Senate Appropriations
Committee:
�
SB 514
Page 5
1)Potential one-time costs of about $300,000 to modify
information technology systems by Covered California to allow
applicants to indicate whether they would like assistance
(special fund). This bill, as amended, does not require
Covered California to develop a process for allowing an
applicant to indicate whether personal information can be
shared. If Covered California does develop such a system, it
would incur the costs above.
2)Unknown potential costs to develop the systems and procedures
to pass along consumer information (upon consumer request) to
certified insurance agents or CECs (special fund). In
addition to the system changes needed to allow a consumer to
consent to having contact information shared with insurance
agents or CECs, Covered California will need to develop
systems and procedures for taking the appropriate information
and sharing it with the appropriate partners. Covered
California does not yet have a plan for how that process would
work, so no cost estimates are available at this time. It is
likely that the costs to create those "back end" systems would
be in the low hundreds of thousands. As noted above, those
costs would only occur if Covered California decided to
implement a system to allow the sharing of applicant
information, with consumer consent.
3)Potential minor costs to revise paper applications for health
care coverage by the Department of Health Care Services (DHCS)
(General Fund and federal funds). The state uses a single
paper application for the Medi-Cal program and coverage
through Covered California. In order to comply with the
requirements of this bill, DHCS would likely need to update
the paper application to opt out of future contacts. The
costs to do so are not expected to be significant since DHCS
regularly revises those forms.
COMMENTS:
�
SB 514
Page 6
1)PURPOSE OF THIS BILL. According to the author, the ACA has
directed states to provide marketplaces, or Exchanges, for
consumers seeking health insurance. Covered California has
provided this platform for individuals shopping for a health
plan. Unfortunately, due to a security loophole in the law,
shoppers on the Website have suffered a disclosure of their
data to outside companies without having given their
permission. The author states that this bill is an effort to
close that loophole, so that consumers may shop free from fear
of losing their privacy to unknown, outside entities.
2)BACKGROUND.
a) ACA. To expand health insurance coverage and make
health care more accessible and affordable, the U.S.
Congress enacted the ACA in March 2010. California enacted
legislation creating a state-operated Exchange, one of the
provisions of the ACA. The Exchange is a competitive
insurance marketplace in which eligible individuals and
small businesses have been able to purchase QHPs since
October 2013.
b) Covered California.
i) Enrollment. According to Covered California, an
estimated 5.3 million uninsured Californians are eligible
for coverage through the Covered California marketplace.
Of that total, 2.6 million qualify for federal subsidies
only available through the Covered California
marketplace, and 2.7 million who may or may not qualify
for subsidies but will benefit from guaranteed coverage
whether or not they enroll through the marketplace. The
Enrollment Assistance Program (EAP) is critical in
providing in-person help to consumers purchasing Covered
�
SB 514
Page 7
California health plans. The EAP is comprised of
enrollment counselors and enrollment entities. Certified
Enrollment Entities (CEEs) are entities and organizations
that are eligible to be trained and registered to provide
in-person assistance to consumers and help them apply for
Covered California health plans. The role of a CEE is to
conduct public education activities to raise awareness
about the availability of Covered California health
plans. CEEs will distribute fair and impartial
information concerning enrollment into QHPs as well as
facilitate enrollment into QHPs available through Covered
California. CEE must provide information that is
culturally and linguistically appropriate. In order to
be a CEE, organizations must demonstrate to Covered
California that they have existing relationships, or
could easily establish relationships, with consumers or
self-employed individuals likely to be eligible for
enrollment in a Covered California health plan.
Organizations must also meet any licensing,
certification, or other standards prescribed by the state
or Exchange. Certified Enrollment Counselors (CECs) are
trained individuals who are available to provide
in-person counseling and assistance to consumers in need
of help with applying for Covered California programs.
CEEs will provide assistance in culturally and linguistic
appropriate manners to consumers throughout California.
ii) CalHEERS. The California Health Eligibility
Enrollment and Retention System (CalHEERS) is the
computer system behind the Exchange and is sponsored by
Covered California and DHCS. It is a computer program
that allows prospective consumers to enter their personal
and income data and receive information about plans they
are eligible for and what they cost. It also determines
preliminary eligibility for APTCs, Modified Adjusted
Gross Income (MAGI) Medi-Cal, and Non-MAGI Medi-Cal.
According to the chief of the CalHEERS project management
office, consumers can either complete the application
process themselves or seek assistance from certified
�
SB 514
Page 8
enrollment representatives, such as insurance agents;
Covered California's service center representatives; or
county eligibility workers. Once eligibility is
determined, consumers can shop and enroll in QHPs or be
electronically transferred for assistance to their local
county office for confirmation of eligibility and
enrollment in Medi-Cal. CalHEERS consists of three major
system components that provide eligibility determination,
enrollment functionality, and financial accounting in
conjunction with other entities that interface, or
communicate, with CalHEERS. According to the CalHEERS
project management office, these entities include the
Centers for Medicare and Medicaid Services, the Internal
Revenue Service, and the California Employment
Development Department.
iii) Covered California's Privacy Policy. Covered
California's Privacy Policy (Policy) states that Covered
California strictly limits personal information it
collects to that which is both relevant and necessary to
fulfill the functions required of them under the ACA and
applicable California state law. Additionally, Covered
California may exchange personal information with other
government agencies to determine eligibility for premium
assistance or other insurance affordability programs.
For example, Covered California may share personal
information with the Internal Revenue Service to
determine eligibility for APTCs or with DHCS to determine
Medi-Cal eligibility. The Policy also states that
Covered California may share personal information for the
purpose of enrolling an individual into either a health
plan or Medi-Cal by sharing it with other government
agencies or CECs. Covered California enrollment
representatives are required to undergo a fingerprint and
background check and receive specialized training to
ensure personal information is kept confidential.
Furthermore, Covered California may share personal
information to the extent it is necessary to comply with
federal or state law or to fulfill an Exchange function
�
SB 514
Page 9
as required by the ACA. For example, Covered California
may share personal information with the U.S. Department
of Health and Human Services, which oversees state-based
exchanges, to ensure Covered California's compliance with
federal privacy laws.
3)PREVIOUS LEGISLATION.
a) SB 974 (Anderson) of 2014 would have required Covered
California to allow consumers to indicate whether they
would like assistance from an agent or enrollment
counselor, and prohibit Covered California from disclosing
personal information if applicants indicate they do not
want assistance. SB 974 was held in the Assembly
Appropriations Committee.
b) AB 1560 (Gorell) of 2014, would have prohibited Covered
California from disclosing an individual's personal
information to third parties. Would have required the
Exchange to immediately notify the public of any breach of
the security of personal information, regardless of
severity and regardless of whether the information was
actually accessed by an unauthorized person. AB 1560 was
referred to this Committee but was not heard, at the
request of the author.
c) AB 1428 (Conway), Chapter 561, Statutes of 2013,
clarifies criminal background check requirements for
employees, contractors, and vendors who facilitate
enrollment in the Exchange.
d) AB 1829 (Conway) of 2014 would have prohibited the
Exchange from hiring or contracting with individuals who
have been convicted of certain felonies or violations if
the person would be facilitating enrollment or have access
�
SB 514
Page 10
to financial or medical information. AB 1829 failed
passage in this Committee.
e) AB 1830 (Conway) of 2014 would have prohibited the
Exchange from using or disclosing personal information
except as necessary to carry out the Exchange's functions
under the ACA and creates a civil penalty of up to $25,000
per individual or entity, per use or disclosure. AB 1830
failed passage in this Committee.
f) AB 2147 (Melendez) of 2014 would have required agencies
to obtain an individual's prior written voluntary consent
before releasing the individual's personal information to
an independent contractor or other worker who is not an
agency employee. AB 2147 was held on the Suspense File in
the Assembly Appropriations Committee.
g) SB 509 (DeSaulnier and Emmerson), Chapter 10, Statutes
of 2013, requires fingerprint-based background checks for
all Exchange employees, contractors, volunteers, or vendors
with access to enrollees' personal information.
h) AB 1602 (John A. Pérez), Chapter 655, Statutes of 2010,
and SB 900 (Alquist), Chapter 659, Statutes of 2010,
establish the Exchange and its powers and duties.
i) AB 1296 (Bonilla), Chapter 641, Statutes of 2011, enacts
the Health Care Reform Eligibility, Enrollment, and
Retention Planning Act (Act), which would require the
California Health and Human Services Agency (CHHSA), in
consultation with specified entities, to establish
standardized single, accessible application forms and
related renewal procedures for state health subsidy
programs, as defined, in accordance with specified
�
SB 514
Page 11
requirements. AB 1296 specifies the duties of the CHHSA
and DHCS under the Act, and requires CHHSA to provide
specified information to the Legislature by July 1, 2012,
regarding policy changes needed to implement the Act.
4)DOUBLE REFERRAL. This bill is double referred; upon passage
in this Committee, this bill will be referred to the Assembly
Privacy and Consumer Protection Committee.
REGISTERED SUPPORT / OPPOSITION:
Support
None on file.
Opposition
None on file.
Analysis Prepared by:Kristene Mapile / HEALTH / (916)
319-2097
�
SB 514
Page 12