HEALTH CARE CONFIDENTIALITY H.B. 5962: COMMITTEE SUMMARY
House Bill 5962 (as passed by the House)
Sponsor: Representative Joe Hune
House Committee: Health Policy
Senate Committee: Health Policy
Date Completed: 5-30-06
CONTENT
The bill would amend the Nonprofit Health Care Corporation Reform Act to allow Blue Cross and Blue Shield of Michigan (BCBSM) to collect personal data necessary for health care operations, treatment, and research; and specify that compliance with the Federal Health Insurance Portability and Accountability Act (HIPAA) would satisfy the BCBSM Act's confidentiality requirements.
Under the Act, in order to ensure the confidentiality of records containing personal data that might be associated with identifiable members, BCBSM must use reasonable care to secure the records from unauthorized access and to collect only personal data that are necessary for the proper review and payment of claims. Under the bill, BCBSM also could collect personal data necessary for health care operations, treatment, and research.
Currently, except as is necessary to comply with Section 603 (described below) or for the purpose of claims adjudication or verification, or when required by law, BCBSM may not disclose records containing personal data that might be associated with an identifiable member, or personal information concerning a member, to a person other than the member, without the prior and specific informed consent of the member to whom the data or information pertains. The bill also would allow disclosure for the purpose of health care operations, treatment, research, payment, and health oversight activities.
(Section 603 authorizes the Commissioner of the Office of Financial and Insurance Services to visit and examine the affairs of BCBSM, and requires BCBSM to facilitate an examination or visitation in every way. The power of examination includes free access to all of the books, papers, and documents related to BCBSM's business, except as otherwise provided.)
Under the bill, BCBSM's compliance with HIPAA and regulations promulgated under it would satisfy the provisions described above, as well as a requirement that the BCBSM board of directors establish and make public the corporation's policy regarding the protection of members' privacy and the confidentiality of personal data.
(The bill would define "health care operations" as that term is defined in 45 CFR 164.501, i.e., any of the following activities to the extent that they are related to functions covered under HIPAA:
-- Conducting quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, provided that the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such
activities; population-based activities relating to improving health or reducing health care costs, protocol development, case management and care coordination, contacting of health care providers and patients with information about treatment alternatives; and related functions that do not include treatment.
-- Reviewing the competence or qualifications of health care professionals; evaluating practitioner and provider performance; health plan performance; conducting training programs in which students, trainees, or practitioners in areas of health care learn under supervision to practice or improve their skills as health care providers; training of nonhealth care professionals; and accreditation, certification, licensing, or credentialing activities.
-- Underwriting, premium rating, and other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating to claims for health care.
-- Conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs.
-- Business planning and development, such as conducting cost-management and planning-related analyses related to managing and operating the entity, including formulary development and administration, and development or improvement of methods of payment or coverage policies.
-- Business management and general administrative activities of the entity, including management activities related to HIPAA compliance; customer service; resolution of internal grievances; the sale, transfer, merger, or consolidation of all or part of the entity with another entity; and the creation of deidentified health information or a limited data set, and fundraising for the entity's benefit.)
MCL 550.1406 Legislative Analyst: Julie Koval
FISCAL IMPACT
The bill would have no fiscal impact on State or local government.
Fiscal Analyst: Steve Angelotti
Analysis was prepared by nonpartisan Senate staff for use by the Senate in its deliberations and does not constitute an official statement of legislative intent. hb5962/0506