Health Insurance Portability and Accountability Act of 1996

Text of the law

‘‘SEC. 2713. DISCLOSURE OF INFORMATION. ^{Decisional Interference, Breach of Confidentiality, Insecurity, Interrogation}

‘‘(a) DISCLOSURE OF INFORMATION BY HEALTH PLAN ISSUERS.— In connection with the offering of any health insurance coverage to a small employer, a health insurance issuer— ‘‘(1) shall make a reasonable disclosure to such employer, as part of its solicitation and sales materials, of the availability of information described in subsection (b), and ‘‘(2) upon request of such a small employer, provide such information. ‘‘(b) INFORMATION DESCRIBED.— ‘‘(1) IN GENERAL.—Subject to paragraph (3), with respect to a health insurance issuer offering health insurance coverage to a small employer, information described in this subsection is information concerning— ‘‘(A) the provisions of such coverage concerning issuer’s right to change premium rates and the factors that may affect changes in premium rates; ‘‘(B) the provisions of such coverage relating to renewability of coverage; ‘‘(C) the provisions of such coverage relating to any preexisting condition exclusion; and ‘‘(D) the benefits and premiums available under all health insurance coverage for which the employer is qualified. ‘‘(2) FORM OF INFORMATION.—Information under this subsection shall be provided to small employers in a manner determined to be understandable by the average small employer, and shall be sufficient to reasonably inform small employers of their rights and obligations under the health insurance coverage.

‘‘(3) EXCEPTION.—An issuer is not required under this section to disclose any information that is proprietary and trade secret information under applicable law.

SEC. 221. ESTABLISHMENT OF THE HEALTH CARE FRAUD AND ABUSE DATA COLLECTION PROGRAM. (a) IN GENERAL.—Title XI (42 U.S.C. 1301 et seq.), as amended by sections 201 and 205, is amended by inserting after section 1128D the following new section: ‘‘HEALTH CARE FRAUD AND ABUSE DATA COLLECTION PROGRAM ‘‘SEC. 1128E. (a) GENERAL PURPOSE.—Not later than January 1, 1997, the Secretary shall establish a national health care fraud and abuse data collection program for the reporting of final adverse actions (not including settlements in which no findings of liability have been made) against health care providers, suppliers, or practitioners as required by subsection (b), with access as set forth in subsection (c), and shall maintain a database of the information collected under this section. ‘‘(b) REPORTING OF INFORMATION.— ‘‘(1) IN GENERAL.—Each Government agency and health plan shall report any final adverse action (not including settlements in which no findings of liability have been made) taken against a health care provider, supplier, or practitioner. ‘‘(2) INFORMATION TO BE REPORTED.—The information to be reported under paragraph (1) includes: ‘‘(A) The name and TIN (as defined in section 7701(a)(41) of the Internal Revenue Code of 1986) of any health care provider, supplier, or practitioner who is the subject of a final adverse action. ‘‘(B) The name (if known) of any health care entity with which a health care provider, supplier, or practitioner, who is the subject of a final adverse action, is affiliated or associated. ‘‘(C) The nature of the final adverse action and whether such action is on appeal. ‘‘(D) A description of the acts or omissions and injuries upon which the final adverse action was based, and such other information as the Secretary determines by regulation is required for appropriate interpretation of information reported under this section. ‘‘(3) CONFIDENTIALITY.—In determining what information is required, the Secretary shall include procedures to assure that the privacy of individuals receiving health care services is appropriately protected.

‘‘(4) TIMING AND FORM OF REPORTING.—The information required to be reported under this subsection shall be reported regularly (but not less often than monthly) and in such form and manner as the Secretary prescribes. Such information shall first be required to be reported on a date specified by the Secretary. ‘‘(5) TO WHOM REPORTED.—The information required to be reported under this subsection shall be reported to the Secretary. ‘‘(c) DISCLOSURE AND CORRECTION OF INFORMATION.— ‘‘(1) DISCLOSURE.—With respect to the information about final adverse actions (not including settlements in which no findings of liability have been made) reported to the Secretary under this section with respect to a health care provider, supplier, or practitioner, the Secretary shall, by regulation, provide for— ‘‘(A) disclosure of the information, upon request, to the health care provider, supplier, or licensed practitioner, and ‘‘(B) procedures in the case of disputed accuracy of the information. ‘‘(2) CORRECTIONS.—Each Government agency and health plan shall report corrections of information already reported about any final adverse action taken against a health care provider, supplier, or practitioner, in such form and manner that the Secretary prescribes by regulation. ‘‘(d) ACCESS TO REPORTED INFORMATION.— ‘‘(1) AVAILABILITY.—The information in the database maintained under this section shall be available to Federal and State government agencies and health plans pursuant to procedures that the Secretary shall provide by regulation. ures that the Secretary shall provide by regulation. ‘‘(2) FEES FOR DISCLOSURE.—The Secretary may establish or approve reasonable fees for the disclosure of information in such database (other than with respect to requests by Federal agencies). The amount of such a fee shall be sufficient to recover the full costs of operating the database. Such fees shall be available to the Secretary or, in the Secretary’s discretion to the agency designated under this section to cover such costs. ‘‘(e) PROTECTION FROM LIABILITY FOR REPORTING.—No person or entity, including the agency designated by the Secretary in subsection (b)(5) shall be held liable in any civil action with respect to any report made as required by this section, without knowledge of the falsity of the information contained in the report. ‘‘(f) COORDINATION WITH NATIONAL PRACTITIONER DATA BANK.—The Secretary shall implement this section in such a manner as to avoid duplication with the reporting requirements established for the National Practitioner Data Bank under the Health Care Quality Improvement Act of 1986 (42 U.S.C. 11101 et seq.). ‘‘(g) DEFINITIONS AND SPECIAL RULES.—For purposes of this section: ‘‘(1) FINAL ADVERSE ACTION.— ‘‘(A) IN GENERAL.—The term ‘final adverse action’ includes: ‘‘(i) Civil judgments against a health care provider, supplier, or practitioner in Federal or State court related to the delivery of a health care item or service. ‘‘(ii) Federal or State criminal convictions related to the delivery of a health care item or service. ‘‘(iii) Actions by Federal or State agencies responsible for the licensing and certification of health care providers, suppliers, and licensed health care practitioners, including— ‘‘(I) formal or official actions, such as revocation or suspension of a license (and the length of any such suspension), reprimand, censure or probation, ‘‘(II) any other loss of license or the right to apply for, or renew, a license of the provider, supplier, or practitioner, whether by operation of law, voluntary surrender, non-renewability, or otherwise, or ‘‘(III) any other negative action or finding by such Federal or State agency that is publicly available information. ‘‘(iv) Exclusion from participation in Federal or State health care programs (as defined in sections 1128B(f) and 1128(h), respectively). ‘‘(v) Any other adjudicated actions or decisions that the Secretary shall establish by regulation. ‘‘§ 1518. Obstruction of criminal investigations of health care offenses ‘‘(a) Whoever willfully prevents, obstructs, misleads, delays or attempts to prevent, obstruct, mislead, or delay the communication of information or records relating to a violation of a Federal health care offense to a criminal investigator shall be fined under this title or imprisoned not more than 5 years, or both. ‘‘(b) As used in this section the term ‘criminal investigator’ means any individual duly authorized by a department, agency, or armed force of the United States to conduct or engage in investigations for prosecutions for violations of health care offenses.’’. (b) CLERICAL AMENDMENT.—The table of sections at the beginning of chapter 73 of title 18, United States Code, is amended by adding at the end the following new item: ‘‘1518. Obstruction of criminal investigations of health care offenses.’’.

‘‘§ 3486. Authorized investigative demand procedures ‘‘(a) AUTHORIZATION.—(1) In any investigation relating to any act or activity involving a Federal health care offense, the Attorney General or the Attorney General’s designee may issue in writing and cause to be served a subpoena— ‘‘(A) requiring the production of any records (including any books, papers, documents, electronic media, or other objects or tangible things), which may be relevant to an authorized law enforcement inquiry, that a person or legal entity may possess or have care, custody, or control; or ‘‘(B) requiring a custodian of records to give testimony concerning the production and authentication of such records. for nondisclosure of that production to the customer. ‘‘(e) LIMITATION ON USE.—(1) Health information about an individual that is disclosed under this section may not be used in, or disclosed to any person for use in, any administrative, civil, or criminal action or investigation directed against the individual who is the subject of the information unless the action or investigation arises out of and is directly related to receipt of health care or payment for health care or action involving a fraudulent claim related to health; or if authorized by an appropriate order of a court of competent jurisdiction, granted after application showing good cause therefor. ‘‘(2) In assessing good cause, the court shall weigh the public interest and the need for disclosure against the injury to the patient, to the physician-patient relationship, and to the treatment services. ‘‘(3) Upon the granting of such order, the court, in determining the extent to which any disclosure of all or any part of any record is necessary, shall impose appropriate safeguards against unauthorized disclosure.’’. ‘‘STANDARDS FOR INFORMATION TRANSACTIONS AND DATA ELEMENTS ‘‘SEC. 1173. ‘‘(2) SAFEGUARDS.—Each person described in section 1172(a) who maintains or transmits health information shall maintain reasonable and appropriate administrative, technical, and physical safeguards— ‘‘(A) to ensure the integrity and confidentiality of the information; ‘‘(B) to protect against any reasonably anticipated— ‘‘(i) threats or hazards to the security or integrity of the information; and ‘‘(ii) unauthorized uses or disclosures of the information; and ‘‘(C) otherwise to ensure compliance with this part by the officers and employees of such person. ‘‘(e) ELECTRONIC SIGNATURE.— ‘‘(1) STANDARDS.—The Secretary, in coordination with the Secretary of Commerce, shall adopt standards specifying procedures for the electronic transmission and authentication of signatures with respect to the transactions referred to in subsection (a)(1). ‘‘(2) EFFECT OF COMPLIANCE.—Compliance with the standards adopted under paragraph (1) shall be deemed to satisfy Federal and State statutory requirements for written signatures with respect to the transactions referred to in subsection (a)(1). ‘‘(f) TRANSFER OF INFORMATION AMONG HEALTH PLANS.—The Secretary shall adopt standards for transferring among health plans appropriate standard data elements needed for the coordination of benefits, the sequential processing of claims, and other data elements for individuals who have more than one health plan. SEC. 264. RECOMMENDATIONS WITH RESPECT TO PRIVACY OF CERTAIN HEALTH INFORMATION. (a) IN GENERAL.—Not later than the date that is 12 months after the date of the enactment of this Act, the Secretary of Health and Human Services shall submit to the Committee on Labor and Human Resources and the Committee on Finance of the Senate and the Committee on Commerce and the Committee on Ways and Means of the House of Representatives detailed recommendations on standards with respect to the privacy of individually identifiable health information. (b) SUBJECTS FOR RECOMMENDATIONS.—The recommendations under subsection (a) shall address at least the following: (1) The rights that an individual who is a subject of individually identifiable health information should have. (2) The procedures that should be established for the exercise of such rights. (3) The uses and disclosures of such information that should be authorized or required. (c) REGULATIONS.— (1) IN GENERAL.—If legislation governing standards with respect to the privacy of individually identifiable health information transmitted in connection with the transactions described in section 1173(a) of the Social Security Act (as added by section 262) is not enacted by the date that is 36 months after the date of the enactment of this Act, the Secretary of Health and Human Services shall promulgate final regulations containing such standards not later than the date that is 42 months after the date of the enactment of this Act. Such regulations shall address at least the subjects described in subsection (b). (2) PREEMPTION.—A regulation promulgated under paragraph (1) shall not supercede a contrary provision of State SEC. 264. RECOMMENDATIONS WITH RESPECT TO PRIVACY OF CERTAIN HEALTH INFORMATION. (a) IN GENERAL.—Not later than the date that is 12 months after the date of the enactment of this Act, the Secretary of Health and Human Services shall submit to the Committee on Labor and Human Resources and the Committee on Finance of the Senate and the Committee on Commerce and the Committee on Ways and Means of the House of Representatives detailed recommendations on standards with respect to the privacy of individually identifiable health information. (b) SUBJECTS FOR RECOMMENDATIONS.—The recommendations under subsection (a) shall address at least the following: (1) The rights that an individual who is a subject of individually identifiable health information should have. (2) The procedures that should be established for the exercise of such rights. (3) The uses and disclosures of such information that should be authorized or required. (c) REGULATIONS.— (1) IN GENERAL.—If legislation governing standards with respect to the privacy of individually identifiable health information transmitted in connection with the transactions described in section 1173(a) of the Social Security Act (as added by section 262) is not enacted by the date that is 36 months after the date of the enactment of this Act, the Secretary of Health and Human Services shall promulgate final regulations containing such standards not later than the date that is 42 months after the date of the enactment of this Act. Such regulations shall address at least the subjects described in subsection (b). (2) PREEMPTION.—A regulation promulgated under paragraph (1) shall not supercede a contrary provision of State law, if the provision of State law imposes requirements, standards, or implementation specifications that are more stringent than the requirements, standards, or implementation specifications imposed under the regulation. (d) CONSULTATION.—In carrying out this section, the Secretary of Health and Human Services shall consult with— (1) the National Committee on Vital and Health Statistics established under section 306(k) of the Public Health Service Act (42 U.S.C. 242k(k)); and (2) the Attorney General.

‘‘SEC. 9801. INCREASED PORTABILITY THROUGH LIMITATION ON PREEXISTING CONDITION EXCLUSIONS. ‘‘(3) METHOD OF CREDITING COVERAGE.— ‘‘(A) STANDARD METHOD.—Except as otherwise provided under subparagraph (B), for purposes of applying subsection (a)(3), a group health plan shall count a period of creditable coverage without regard to the specific benefits for which coverage is offered during the period. ‘‘(B) ELECTION OF ALTERNATIVE METHOD.—A group health plan may elect to apply subsection (a)(3) based on coverage of any benefits within each of several classes or categories of benefits specified in regulations rather than as provided under subparagraph (A). Such election shall be made on a uniform basis for all participants and beneficiaries. Under such election a group health plan shall count a period of creditable coverage with respect to any class or category of benefits if any level of benefits is covered within such class or category. ‘‘(d) EXCEPTIONS.— ‘‘(1) EXCLUSION NOT APPLICABLE TO CERTAIN NEWBORNS.— Subject to paragraph (4), a group health plan may not impose any preexisting condition exclusion in the case of an individual who, as of the last day of the 30-day period beginning with the date of birth, is covered under creditable coverage. ‘‘(2) EXCLUSION NOT APPLICABLE TO CERTAIN ADOPTED CHILDREN.—Subject to paragraph (4), a group health plan may not impose any preexisting condition exclusion in the case of a child who is adopted or placed for adoption before attaining 18 years of age and who, as of the last day of the 30-day period beginning on the date of the adoption or placement for adoption, is covered under creditable coverage. The previous sentence shall not apply to coverage before the date of such adoption or placement for adoption. ‘‘(3) EXCLUSION NOT APPLICABLE TO PREGNANCY.—For purposes of this section, a group health plan may not impose any preexisting condition exclusion relating to pregnancy as a preexisting condition. ‘‘(f) SPECIAL ENROLLMENT PERIODS.— ‘‘(1) INDIVIDUALS LOSING OTHER COVERAGE.—A group health plan shall permit an employee who is eligible, but not enrolled, for coverage under the terms of the plan (or a dependent of such an employee if the dependent is eligible, but not enrolled, for coverage under such terms) to enroll for coverage under the terms of the plan if each of the following conditions is met: ‘‘(A) The employee or dependent was covered under a group health plan or had health insurance coverage at the time coverage was previously offered to the employee or individual. ‘‘(B) The employee stated in writing at such time that coverage under a group health plan or health insurance coverage was the reason for declining enrollment, but only if the plan sponsor (or the health insurance issuer offering health insurance coverage in connection with the plan) required such a statement at such time and provided the employee with notice of such requirement (and the consequences of such requirement) at such time. ‘‘(C) The employee’s or dependent’s coverage described in subparagraph (A)— ‘‘(i) was under a COBRA continuation provision and the coverage under such provision was exhausted; or ‘‘(ii) was not under such a provision and either the coverage was terminated as a result of loss of eligibility for the coverage (including as a result of legal separation, divorce, death, termination of employment, or reduction in the number of hours of employment) or employer contributions toward such coverage were terminated. ‘‘(D) Under the terms of the plan, the employee requests such enrollment not later than 30 days after the date of exhaustion of coverage described in subparagraph (C)(i) or termination of coverage or employer contribution described in subparagraph (C)(ii).

Disclaimer: The text of this law may not be the most recent version. We make no warranties or representations about the accuracy, completeness, or adequacy of the information contained on this site. Please check official sources.