BILL ANALYSIS �
SENATE JUDICIARY COMMITTEE
Senator Ellen M. Corbett, Chair
2009-2010 Regular Session
AB 952
Assemblymember Krekorian
As Amended May 19, 2009
Hearing Date: July 14, 2009
Civil Code
SK:jd
SUBJECT
Confidentiality of Medical Information Act: Taft-Hartley Plans
DESCRIPTION
This bill would permit a health care provider, health care
service plan, or contractor to disclose medical information to
an employee welfare benefit plan formed under the federal
Taft-Hartley Act if the disclosure meets specified conditions,
including that it is for the purpose of determining eligibility,
coordination of benefits, or to allow the employee welfare
benefit plan to advocate on behalf of the patient or enrollee,
as specified. The request for information must be accompanied
by a written authorization for release of the information from
the patient or other authorized person, and the disclosure must
be permitted by and made in a manner consistent with the Health
Insurance Portability and Accountability Act of 1996 (HIPAA).
The bill would also permit the disclosure of medical information
to an entity contracting with the employee welfare benefit plan
for administrative and management services, as specified.
BACKGROUND
Both state and federal law protect the privacy of medical
information. California's Confidentiality of Medical
Information Act (CMIA) generally prohibits a health care
provider or plan from disclosing a patient's medical information
without the patient's consent. CMIA provides for a number of
mandatory and permissive exemptions to this general rule. For
example, a health care provider must disclose medical
information if the disclosure is compelled by court order or
pursuant to a subpoena. On the other hand, medical information
(more)
�
AB 952 (Krekorian)
Page 2 of ?
may be disclosed by a health care provider for purposes of
diagnosis or treatment of the patient or to an insurer or
employer for the purpose of determining responsibility for
payment.
This bill would add an additional exclusion to CMIA's permissive
exemptions for employee welfare benefit plans, provided that
certain requirements are met.
This bill was heard and approved by the Senate Health Committee
on July 8, 2009.
CHANGES TO EXISTING LAW
Existing law , CMIA, prohibits a health care provider, health
care service plan, or contractor from disclosing medical
information regarding a patient, enrollee, or subscriber without
first obtaining an authorization, except as specified. (Civ.
Code Sec. 56.10(a).)
Existing law requires a provider of health care, health care
service plan, or contractor to disclose medical information if
the disclosure is compelled as specified (Civ. Code Sec.
56.10(b)) and permits a provider of health care or service plan
to disclose medical information in specified circumstances.
(Civ. Code Sec. 56.10(c).)
Existing law prohibits a health insurer or health care service
plan from releasing any information that would indicate to an
employer that an employee is receiving or has received services
from a health care provider covered by the plan, unless the
employee authorizes the disclosure. (Ins. Code Sec. 791.27,
Health & Saf. Code Sec. 1374.8.)
Existing federal law prohibits, under HIPAA, covered entities
from using or disclosing protected health information, except as
specified. Existing federal law defines "covered entities" to
include health plans, health care clearinghouses, and health
care providers that transmit any health information in
electronic form. Federal law also defines "health plan" to
include a group health plan, an employee welfare benefit plan,
or any other arrangement that is established or maintained for
the purpose of offering or providing health benefits, as
specified. (42 U.S.C. 1320d et seq., 45 C.F.R. 164.500 et seq.)
This bill would amend CMIA to permit a health care provider or a
�
AB 952 (Krekorian)
Page 3 of ?
health plan to disclose medical information to: (1) an employee
welfare benefit plan, as defined under the federal Employee
Retirement Income Security Act of 1974 (ERISA), which is formed
under the federal Taft-Hartley Act, to the extent the benefit
plan provides medical care; and (2) an entity contracting with
the plan for administrative and management services related to
the provision of medical care to persons enrolled in the plan
for health care coverage. In both cases, all of the following
conditions must be met:
1.The disclosure is for the purpose of determining eligibility,
coordination of benefits, or to allow the employee welfare
benefit plan, or the contracting entity, to advocate on behalf
of a patient or enrollee with a health care provider, a health
care service plan, or a state or federal regulatory agency;
2.The request for the information is accompanied by a written
authorization for the release of the information as provided
under CMIA which requires that the authorization be submitted
by the patient, the legal representative of the patient (if
the patient is a minor or an incompetent), the spouse of the
patient or the person financially responsible for the patient
under specified circumstances, or the beneficiary or personal
representative of a deceased patient;
3.The disclosure is authorized by and made in a manner
consistent with HIPAA; and
4.Any information disclosed is not further used or disclosed by
the recipient in any way that would directly or indirectly
violate CMIA or the restrictions imposed by federal HIPAA
regulations, including the manipulation of the information in
any way that might reveal individually identifiable medical
information.
This bill would specify that Health and Safety Code Section
1374.8 would not apply to the bill's provisions. That section
prohibits a health care service plan from releasing any
information to an employer that would indicate to the employer
that an employee is receiving or has received services from a
health care provider covered by the plan unless the employee
authorizes the disclosure.
COMMENT
1. Stated need for the bill
�
AB 952 (Krekorian)
Page 4 of ?
The author writes:
In recently adopted federal regulations around HIPAA, a
problem has emerged with provisions that give deference in the
implementation of HIPAA to more strict state law. As a
result, a uniquely structured class of health plans present in
California (ERISA Taft-Hartley Trusts regulated by the federal
Department of Labor), is unduly burdened by a quirk in state
law.
Both HIPAA and CMIA allow appropriate Protected Information to
be shared with appropriate health plan administrators in order
to facilitate efficient and proper administration of health
benefits for patients/consumers. If Protected Information is
not allowed to be shared with the Taft-Hartley Plan,
consistent with HIPAA and CMIA, the plan will not know whether
it is paying health care providers for the appropriate
benefits, for the right patients/consumers and at the
appropriate level of compensation.
The unfortunate quirk in California Law is that CMIA does not
recognize an ERISA DOL Taft-Hartley Health Plan as a "Health"
plan, and therefore health care providers, in the absence of
state law regarding Taft-Hartley Plans, are imposing
requirements for sharing Protected Information that are even
more stringent than state law.
�
AB 952 (Krekorian)
Page 5 of ?
2. Bill would amend CMIA to permit disclosure to employee welfare
benefit plans in specified circumstances
Under this bill, health care providers and plans would be
permitted to disclose medical information to an employee welfare
benefit plan formed under the federal Taft-Hartley Act.
HIPAA provides for minimum privacy protections for individually
identifiable health information. Pursuant to HIPAA, the U.S.
Department of Health and Human Services issued the "Standards
for Privacy of Individually Identifiable Health Information"
("Privacy Rule") which created national privacy standards for
patients' protected health information. The Privacy Rule
applies to health plans, health care clearinghouses, and health
care providers that transmit any health information in
electronic form, as specified. In general, the Privacy Rule
specifies that a covered entity may not use or disclose
protected health information except as permitted or required by
the rule or as authorized by the patient in writing. Certain
uses or disclosures are specifically permitted, such as for
treatment, payment, or health care operations.
Employee welfare benefit plans are specifically included in
HIPAA's definition of "health plan." As a result, those plans
are considered "covered entities" subject to HIPAA. Group
health plans and employee welfare benefit plans are permitted to
disclose protected health information to another covered entity
for specified purposes, including the payment activities of the
entity that receives the information, for health care operations
under certain circumstances, or for the purpose of health care
fraud and abuse detection or compliance.
CMIA does not include a similar authorization permitting a
state-licensed health plan to disclose medical information to an
employee welfare benefit plan except to allow responsibility for
payment to be determined and payment to be made. Information
may also be disclosed to a person or entity that provides
billing, claims management, medical data processing, or other
administrative services for an employee benefit plan.
This bill would amend CMIA to provide for an exemption
permitting medical information to be disclosed from a health
care provider or a health plan to an employee welfare benefit
plan, or an entity with which it contracts. Under the bill, the
disclosure of medical information must be for the purpose of
determining eligibility, or coordination of benefits, or to
�
AB 952 (Krekorian)
Page 6 of ?
allow the employee welfare benefit plan to advocate on behalf of
a patient or enrollee with a health care provider, a health care
service plan, or a state or federal regulatory agency.
Also, the request for medical information must be authorized by
HIPAA and made in a manner consistent with that Act. As
described in more detail below, the request must also be
accompanied by a written authorization for the release of the
information submitted in a manner consistent with CMIA, as
specified.
3. Bill would require written authorization from patient, others
as specified
This bill would require that the request for information be
accompanied by a written authorization for the release of the
information as provided under CMIA. The CMIA requires that the
authorization be submitted by the patient, the legal
representative of the patient (if the patient is a minor or an
incompetent), the spouse of the patient or the person
financially responsible for the patient under specified
circumstances, or the beneficiary or personal representative of
a deceased patient.
The authorization also must be handwritten by the person who
signs it or in typeface no smaller than 14-point type and must
be clearly separate from any other language present on the same
page. The authorization must state: (1) the specific uses and
limitations on the types of medical information to be disclosed;
(2) the name and function of the entities authorized to disclose
and receive the information; (3) the specific uses and
limitations on the use of the information; and (4) a specific
date after which the health care provider or plan is no longer
authorized to disclose the medical information. The person
signing the authorization has the right to receive a copy.
4. Clarifying amendment needed
This bill would permit a health care provider or a health plan
to disclose medical information to both a Taft-Hartley plan and
to an entity contracting with the plan for "administrative and
management services" related to the provision of medical care to
persons enrolled in the plan for health care coverage. In
response to committee staff concerns that the phrase
"administrative and management services" may not be clear, the
author has agreed to amend the bill to strike this language on
�
AB 952 (Krekorian)
Page 7 of ?
page 8, line 18 and instead insert "billing, claims management,
medical data processing, or other administrative services."
This language is both more specific and also consistent with
Civil Code Section 56.10(c)(3).
5. Support arguments
Sponsor Pacific Federal argues that this bill is necessary to
conform CMIA with federal HIPAA regulations to permit the
sharing of medical information by state-licensed health plans
and federal Taft-Hartley health plans and their third party
administrators, to the extent authorized and consistent with
CMIA.
Support : California Association of Joint Powers Authorities;
Valley Industry and Commerce Association (VICA); Liberty Dental
Plan; International Alliance of Theatrical Stage Employees
(IATSE) Local 80; Teamsters Local 572; Teamsters Local 36;
California Conference of Machinists; UNITE-HERE!; International
Longshore and Warehouse Union; United Food & Commercial Workers
Western States Council; California Teamsters Public Affairs
Council; Legal Aid Foundation of Los Angeles County's;
Neighborhood Legal Services; Professional Musicians Local 47
Employers' Health
and Welfare Fund (AFM Local 47 Fund); International Union of
Security, Police and Fire Professionals of America and
Participating Employers Health & Welfare Fund (SPFPA Fund);
Building Material, Construction, Industrial, Professional and
Technical; Trustees of the Public Employees Benefit Trust
(PEBT); Trustees of the South Bay Teamsters and Employers Health
and Welfare and Related Benefits Trust (SBT); Trustees to the
Union Heritage Trust (UHT); Western Alliance Trust Fund; several
individuals
Opposition : None Known
HISTORY
Source : Pacific Federal Benefit Administrators
Related Pending Legislation : AB 562 (Cook) would require a
health insurance issuer to provide, upon request, specified
aggregate and individual health care claims information for
employers with more than 50 employees to an employee welfare
benefit plan. This bill failed passage in the Assembly Health
�
AB 952 (Krekorian)
Page 8 of ?
Committee.
Prior Legislation : None Known
Prior Vote :
Assembly Health Committee (Ayes 19, Noes 0) (Consent)
Assembly Judiciary Committee (Ayes 10, Noes 0) (Consent)
Assembly Appropriations Committee (Ayes 17, Noes 0) (Consent)
Assembly Floor (Ayes 76, Noes 0) (Consent)
**************