77(R) HB 3328 Introduced version

HBA-CBW H.B. 3328 77(R)    BILL ANALYSIS


Office of House Bill AnalysisH.B. 3328
By: Averitt
Insurance
4/22/2001
Introduced



BACKGROUND AND PURPOSE 

In November 1999,  the United States Congress signed into law the
Gramm-Leach-Bliley Act (GLBA), which updated federal financial services
laws and broke down the barriers between commercial banks, securities
firms, and insurance companies.  Title III of GLBA declared that insurance
activities would be functionally regulated by the states, which restated
the applicability of the McCurran-Ferguson Act.  Title V of GLBA provides
that Congress' policy that financial institutions, including insurance
companies, have an obligation to protect the privacy of customers'
nonpublic personal health information.  GLBA requires relevant federal
regulatory authorities and  state insurance authorities to adopt rules and
regulations to protect the privacy of  nonpublic personal health
information.  House Bill 3328 authorizes the commissioner of insurance to
adopt rules and set forth regulations for compliance with GLBA. 

RULEMAKING AUTHORITY

It is the opinion of the Office of House Bill Analysis that rulemaking
authority is expressly delegated to the commissioner of insurance in
SECTION 1 (Section 11, Article 21.74, Insurance Code) of this  
bill.

ANALYSIS

House Bill 3328 amends the Insurance Code to prohibit a licensee from
disclosing  nonpublic personal health information about a consumer or
customer unless an authorization is obtained from the consumer or customer
whose nonpublic personal health information is sought to be disclosed.  The
bill sets forth provisions regarding the disclosure of nonpublic personal
health information by a licensee for the performance of certain insurance
functions. 

The bill requires that a valid authorization to disclose nonpublic personal
health information be in written or electronic form.  The bill sets forth
the required information that is to be included in the form.  The bill
requires that the authorization specify a length of time for which the
authorization is required to remain valid, which is prohibited in any event
from being for more than 24 months. 

The bill authorizes a consumer or customer who is the subject of nonpublic
personal health information to revoke an authorization.  The bill requires
a licensee to retain the authorization or a copy thereof in the record of
the individual who is the subject of nonpublic personal health information.
The bill sets forth provisions regarding the delivery of an authorization
request  to a consumer or customer. 

The bill sets forth provisions regarding the applicability of these
provisions with respect to federal rules, state law, and the Fair Credit
Reporting Act.  The bill prohibits a licensee from unfairly discriminating
against a consumer or customer because that consumer or customer has not
granted authorization for the disclosure of his or her nonpublic personal
health information.  The bill sets forth provisions regarding a violation
and the severability of these provisions.  The bill provides that these
provisions take effect January 1, 2002, and authorizes the commissioner of
insurance (commissioner) to extend the time for compliance by rule or
regulation.  The bill authorizes the commissioner to adopt rules to
implement these provisions provided that such rules are prohibited from
imposing requirements that are more stringent than privacy  requirements in
federal law. 

EFFECTIVE DATE

On passage, or if the Act does not receive the necessary vote, the Act
takes effect August 27, 2001.