| insurance
(Florida)
Under the regulations
associated with the Privacy of Consumer Financial and Health
Information, all licensed insurers and their representatives
are subject to restrictions on use and disclosure of "nonpublic
personal health information." (FL Admin Code 4-128)
The latter is defined
as "any information [except age or gender] recorded in
any form, that was created by or derived from a health care
provider or the consumer that relates to the past, present
or future physical, mental or behavioral health or condition
of an individual; the provision of health care to an individual;
or payment of health care" where the individual is identified,
or there is a reasonable basis to believe the individual could
be identified.
(This sweeping
definition is very similar in spirit and in score to HIPAA's
definition of protected
health information (PHI).)
The regulations
generally prohibit the disclosure of information meeting the
definition without the individual's written (or equivalent
electronic) authorization. Valid authorizations must include
specification of:
- the identity
of the individual;
- the type of
information to be disclosed (generally described);
- the purpose
of the disclosure (including how it will be used);
- to whom the
information is to be disclosed;
- the length of
time the authorization is valid (no more than two years);
and
- notice that
(and information on how) the authorization may be revoked
by the individual.
Such disclosures
may be for a broad range of insurance functions, related to
underwriting, claims administration, etc.
Employers
are also responsible for the confidentiality of records they
hold related to health benefits they provide or administer
(e.g., self-funded plans).
See also:
|
