BILL ANALYSIS �
AB 952
Page 1
Date of Hearing: May 12, 2009
ASSEMBLY COMMITTEE ON JUDICIARY
Mike Feuer, Chair
AB 952 (Krekorian) - As Introduced: February 26, 2009
PROPOSED CONSENT (As Proposed to be Amended)
SUBJECT : HEALTH INFORMATION: HEALTH PLANS
KEY ISSUE : Should health care plans and providers be permitted
to disclose a patient's or enrollee's medical information to AN
"erisa" employee benefit plan, so long as the information is
used for proper purposes and provided with proper authorization?
FISCAL EFFECT : As currently in print this bill is keyed
non-fiscal.
SYNOPSIS
This non-controversial bill passed out of the Assembly Health
Committee on 19-0 vote, with the understanding that certain
amendments would be taken in this Committee. This analysis
reflects those proposed amendments. Existing state and federal
law, as a general rule, prohibit a health care provider or
health care plan from disclosing a patient's medical information
without that patient's consent. The California Medical
Information Act (CMIA), however, creates several mandatory and
permissive exemptions to this general rule. For example, CMIA
provides that a provider or plan "shall" provide information
pursuant to a court order. CMIA's permissive exemptions, where
the provider or plan "may" disclose information to authorized
entities, generally require that the information be used for
some medical purpose, such as diagnosis or treatment
coordination; for some administrative purpose, such as billing;
or to certain government entities, such as county coroners or
other public agencies conducting investigations or research.
This bill would add to that list of permissive exemptions any
information provided to an "employee welfare benefit plan," as
defined by the federal Employee Retirement Income Security Act
(ERISA). According to the author, this bill is needed because
the CMIA does not clearly recognize ERISA benefit plans within
its definition of a covered "health care service plan," and
that, even if it did, none of the existing exemptions clearly
�
AB 952
Page 2
embrace the purposes for which an ERISA plan might seek the
information, including advocating on the enrollee's behalf with
a provider, health plan, or government agency. This bill
includes counterbalancing privacy protections, consistent with
other CMIA exemptions. With the amendments taken today and
reflected in the following analysis, the earlier opposition by
the Privacy Rights Clearinghouse and the World Privacy Forum has
been removed and there is no known opposition to the bill.
SUMMARY : Permits a health care provider or health care plan to
disclose medical information to an employee welfare benefit
plan, as defined, or an entity contracting with the plan for
administrative or plan management purposes, so long as the
request for, and disclosure of, medical information meets
specified requirements. Specifically, this bill :
1)Permits a provider of health care or a health care service
plan to disclose medical information to an employee welfare
benefit plan, as defined and formed pursuant to the federal
Employee Retirement Income Security Act (ERISA), and to an
entity contracting with the employee welfare benefit plan for
administrative and management services related to the
provision of medical care to plan members, so long as all of
the following conditions are met:
a) The disclosure is for the purpose of determining
eligibility, coordinating benefits, or allowing the
employee welfare benefit plan, or its contracting entity,
to advocate on the enrollee's behalf with a provider,
health plan, or state or federal regulatory agency.
b) The request for information is accompanied by a written
authorization from the patient or enrollee and submitted as
specified.
c) Any disclosure made is authorized by, and disclosed in a
manner consistent with, the federal Health Insurance
Portability and Accountability Act (HIPAA).
d) Any information so disclosed shall not be further used
or disclosed by the recipient in any way that would
directly or indirectly violate other provisions of state or
federal law, as specified.
2)Provides that a health care service plan or a health insurer
may comply with the provisions of this bill, notwithstanding
Section 1374.8 of the Health & Safety Code and Section 791.27
of the Insurance Code, which generally prohibit the release of
�
AB 952
Page 3
medical information to an employer.
EXISTING LAW :
1)Prohibits a provider of health care, health care service plan,
or contractor from disclosing medical information regarding a
patient or enrollee without first obtaining written
authorization from the patient or enrollee, as specified.
(Civil Code Sections 56.10(a) and 56.11.)
2)Requires a provider of health care, health care service plan,
or contractor to disclose medical information if the
disclosure is compelled pursuant to the order of a court, or
by order of a board, commission, or administrative agency
acting pursuant to its lawful adjudicative authority, or when
otherwise specifically required by law. (Civil Code Section
56.10 (b).)
3)Permits a provider of health care or a health care service
plan to disclose medical information, subject to certain
conditions, to any of the following:
a) Providers of health care, health care service plans,
contractors or other health care professionals or
facilities for purposes of diagnosis or treatment of the
patient.
b) An insurer, employer, health care service plan, hospital
service plan, employee benefit plan, governmental
authority, contractor, or any other person or entity
responsible for paying for heath care services rendered to
the patient, as specified.
c) Any person or entity that provides billing, claims,
management, medical data processing, or other
administrative services for providers or plans.
d) Various authorized bodies for purposes of peer,
utilization, and quality control review.
e) Public or private bodies responsible for licensing and
credentialing providers and plans.
f) County coroners and other public agencies for purposes
of investigation or bona fide research projects.
g) Other persons and entities for several narrowly
prescribed situations, including medical emergencies,
disease management, disaster relief, tissue donation,
public health reporting, or to prevent an imminent threat
to the health or safety of a reasonably foreseeable victim
or victims. (Civil Code Section 56.10 (c) (1)-(20).)
�
AB 952
Page 4
4)Prohibits a health insurer or a health care service plan from
releasing any information that would indicate to an employer
that an employee is receiving or has received services from a
health care provider covered by the plan, unless authorized to
do so by the employee. (Insurance Code Section 791.27 and
Health & Safety Code Section 1374.8.)
5)Prohibits - under the federal Health Insurance Portability and
Accountability Act (HIPAA) - "covered entities" from using or
disclosing personal health information, unless it is with the
written authorization of the patient OR for purposes of
treatment, payment, or heath care operations. Defines
"covered entities" to include health plans, health care
clearinghouses, and health care providers that transmit any
health information in electronic form. Defines "health plan"
to include an employee welfare benefit plan as defined by and
formed under ERISA. (42 USC 1230d et seq. and 45 CFR 164.500
et seq.)
COMMENTS : The privacy of patients' personal medical information
is regulated by both state and federal law, the former under the
Confidentiality of Medical Information Act (CMIA) and the latter
under the Health Insurance Portability and Accountability Act
(HIPAA). Both generally prohibit the disclosure of a patient's
personal health information without the prior written consent of
the patient, but both also carve out exemptions that permit the
sharing of personal health information between entities for
purposes of medical treatment and diagnosis, billing, and
general administration of health care plans. In order to better
implement and coordinate overlapping state and federal laws, in
2001 the California Legislature created the Office of HIPAA
Implementation. (Health & Safety Code Section 130300 et seq.)
Yet differences between state and federal law remain, and this
bill attempts to deal with one of them. According to the
author, the state CMIA is generally more protective than the
federal HIPAA and that ERISA employee benefit plans - which can
offer health coverage along with other benefits - are hampered
by state law. Specifically, the author and sponsor contend that
existing state law does not consider ERISA employee benefit
plans a "health care service plan" under the CMIA and, as such,
statutory exemptions that generally allow health plans and
health providers to share medical information with each other,
and with their respective third party administrators, do not
�
AB 952
Page 5
apply to ERISA employee benefit plans. Yet, according to the
author and sponsor, employee benefit plans often need to obtain
medical information for, among other things, determining if its
members are receiving appropriate benefits at appropriate levels
of compensation. ERISA plans may also need to obtain this
information in order to advocate for a member who has a conflict
with a contracted health plan.
This bill, by way of adding another "permissive" exemption to
existing law, would expressly state that medical information may
be provided to an ERISA employee benefit plan, or an entity with
which it contracts, for specified purposes, including advocating
on the enrollee's behalf with a provider, health plan, or state
or federal regulatory agency. This measure would require,
however, that the ERISA plan's request for information be
accompanied by a written authorization from the patient or
enrollee that is the subject of the information. This measure
would also require that any disclosure of information authorized
under this bill would need to be consistent with HIPAA privacy
rules, and that the recipient of the information could not
disclose the information to other parties, unless the disclosure
would also be authorized by this bill or other provisions of
state or federal law.
Finally, this bill specifies that a health care service plan or
health insurer may comply with the provisions of this bill
notwithstanding two potentially conflicting provisions in
existing law: specifically, Health & Safety Code Section 1374.8
and Insurance Code Section 791.27, which generally prohibit
health care service plans and health insurers from releasing
information to employers about an employee's medical history.
ARGUMENTS IN SUPPORT : Although supporters had not submitted
letters to this Committee at the time of this writing, the
Assembly Health Committee Analysis summarizes the arguments in
support as follows:
Pacific Federal (Pac-Fed), sponsor of this bill,
writes in support that this bill will benefit health
care coverage provided to the three million
Californians who are covered in DOL health plans.
According to Pac-Fed, federal HIPAA law permits the
sharing of information between state and federal
regulated plans. Pac-Fed identifies areas when this
exchange of information is necessary including:
�
AB 952
Page 6
verifying accuracy of claims; coordinating courses of
treatment; establishing and conducting wellness
programs; funding appropriate reserves for future
claims; advocating for claims payment; establishing
pricing for contracted health plan services;
monitoring large claims; and transferring risk and
reinsurance to a new contracted health plan. Valley
Industry and Commerce Association (VICA) writes that
California law places restrictions on the flow of SHI
and PHI between health plans, which makes it difficult
for Taft-Hartley Trusts to rapidly deliver services to
those who rely on them. According to VICA, this bill
will allow for the flow of information between health
plans that otherwise would not be able to occur.
Western Alliance Trust (WAT) Fund supports this bill
and argues that the exchange of PHI is a necessary
component of health plan treatment, risk-sharing or
reinsurance relationships. WAT complains that one
provider would not share medical information, claiming
that California law is applicable not federal law.
Neighborhood Legal Services (NLS) of California
supports this bill because NLS believes that it
strikes the right balance between protecting
individual rights and ensuring the health insurance
delivery system is able to meet the needs of working
Californians. According to NLS, the primary impact of
this bill is to conform California law to federal
HIPAA by permitting the sharing of administrative and
PHI between health plans and health plan business
associates.
RELATED LEGISLATION . AB 562 (Cook) would have required a health
insurer to, upon request, provide specified aggregate and
individual health care claims information, for employers with
more than 50 employees, to an employee welfare benefit plan
(maintained by an employer(s) or employee organization(s)),
joint employer-employee plan, a governmental entity, or plan
administrator, as specified. AB 562 failed passage in the
Assembly Health Committee on April 21, 2009.
PROPOSED AUTHOR AMENDMENTS : The author agreed to take
substantial amendments in the Assembly Health Committee on May
5, 2009. However, because of the short time frame between the
two Committee hearings, the Assembly Health Committee moved the
�
AB 952
Page 7
bill with an understanding that the amendments would be taken in
this Committee. Essentially, those amendments strike sections
2, 3, & 4 of the bill as introduced and make both conforming and
substantive changes to section 1. A mock-up of the bill as
proposed to be amended has been included with the analysis. The
specific proposed amendments are as follows:
- On page 2 line 7 delete "or in Section 56.19"
- On page 7 line 29 insert the following:
(21) The information may be disclosed to an employee
welfare benefit plan (as defined in federal law pursuant
to Section 3(1) of the Employee Retirement Income Security
Act of 1974 (ERISA), which is formed pursuant to federal
law under Section 302(c)(5) of the Taft Hartley Act, to
the extent that the employee welfare benefit plan provides
medical care, and may be disclosed to an entity
contracting with the employee welfare benefit plan for
administrative and management services related to the
provision of medical care to persons enrolled for health
care coverage in the employee welfare benefit plan, where
all of the following conditions are met:
(A) The disclosure is for the purpose of
eligibility, coordination of benefits or to allow the
employee welfare benefit plan, or its contracting entity,
to advocate on the enrollee's behalf with a provider,
health plan, or state or federal regulatory agency;
(B) The request for information is accompanied by a
written authorization from the patient or enrollee
submitted in a manner consistent with Section 56.11;
(C) Any disclosure made is authorized by, and
disclosed in a manner consistent with, the Health
Insurance Portability and Accountability Act of 1996
(Public Law (104-191); and
(D) Any information so disclosed shall not be
further used or disclosed by the recipient in any way that
would directly or indirectly violate this part or the
restrictions imposed by Part 164 of Title 45 of the Code
of Federal Regulations, including the manipulation of the
information in any way that might reveal individually
identifiable medical information.
(E) A health care service plan or a health insurer
may comply with this subdivision notwithstanding Section
1374.8 of the Health and Safety Code and Section 791.27 of
�
AB 952
Page 8
the Insurance Code.
- On page 7 line 31 delete "or in Section 56.19"
- On page 8 delete lines 6 through 40, and delete pages 9
through 11 in their entirety.
As the bill moves forward, the author may wish to consider the
following technical clarifications to the proposed amendment:
- Proposed subparagraph (A) of paragraph (21) should
probably read for "purpose of determining eligibility."
- Proposed subparagraph (E) of paragraph (21) is not
parallel to subparagraphs (A) - (D), in that it is not so
much a condition that must be met but merely a statement
that this provision applies notwithstanding the other cited
code sections. The numbering and lettering should be
restructured in a manner deemed appropriate by Legislative
Counsel.
REGISTERED SUPPORT / OPPOSITION :
Support
None on file
Opposition
None on file
Analysis Prepared by : Thomas Clark / JUD. / (916) 319-2334