48.43.500  <<  48.43.505 >>   48.43.5051

Requirement to protect enrollee's right to privacy or confidential servicesRules. (Effective until January 1, 2020.)

(1) Health carriers and insurers shall adopt policies and procedures that conform administrative, business, and operational practices to protect an enrollee's right to privacy or right to confidential health care services granted under state or federal laws.
(2) The commissioner may adopt rules to implement this section after considering relevant standards adopted by national managed care accreditation organizations and the national association of insurance commissioners, and after considering the effect of those standards on the ability of carriers to undertake enrollee care management and disease management programs.

NOTES:

ApplicationShort titleCaptions not lawConstructionSeverabilityApplication to contractsEffective dates2000 c 5: See notes following RCW 48.43.500.

Enrollee's and protected individual's right to privacy and confidential servicesHealth carrier or insurer dutiesRequests for confidential communicationsRules. (Effective January 1, 2020.)

(1) Health carriers and insurers shall adopt policies and procedures that conform administrative, business, and operational practices to protect an enrollee's and protected individual's right to privacy or right to confidential health care services granted under state or federal laws.
(2) A health carrier may not require protected individuals to obtain the policyholder, primary subscriber, or other covered person's authorization to receive health care services or to submit a claim if the protected individual has the right to consent to care.
(3) A health carrier must recognize the right of a protected individual or enrollee to exclusively exercise rights granted under this section regarding health information related to care that the enrollee or protected individual has received.
(4) A health carrier or insurer must direct all communication regarding a protected individual's receipt of sensitive health care services directly to the protected individual receiving care, or to a physical or email address or telephone number specified by the protected individual. A carrier or insurer may not disclose nonpublic personal health information concerning sensitive health care services provided to a protected individual to any person, including the policyholder, the primary subscriber, or any plan enrollees other than the protected individual receiving care, without the express written consent or verbal authorization on a recorded telephone line of the protected individual receiving care. Communications subject to this limitation include the following written, verbal, or electronic communications:
(a) Bills and attempts to collect payment;
(b) A notice of adverse benefits determinations;
(c) An explanations of benefits notice;
(d) A carrier's request for additional information regarding a claim;
(e) A notice of a contested claim;
(f) The name and address of a provider, a description of services provided, and other visit information; and
(g) Any written, oral, or electronic communication from a carrier that contains protected health information.
(5) Protected individuals may request that health carrier communications regarding the receipt of sensitive health care services be sent to another individual, including the policyholder, primary subscriber, or a health care provider, for the purposes of appealing adverse benefits determinations.
(6) Health carriers shall:
(a) Limit disclosure of any information, including personal health information, about a protected individual who is the subject of the information and shall direct communications containing such information directly to the protected individual, or to a physical or email address or telephone number specified by the protected individual, if he or she requests such a limitation, regardless of whether the information pertains to sensitive services;
(b) Permit protected individuals to use the form described in RCW 48.43.5051(2) and must also allow enrollees and protected individuals to make the request by telephone, email, or the internet;
(c) Ensure that requests for nondisclosure remain in effect until the protected individual revokes or modifies the request in writing;
(d) Limit disclosure of information under this subsection consistent with the protected individual's request; and
(e) Ensure that requests for nondisclosure are implemented no later than three business days after receipt of a request.
(7) Health carriers may not require a protected individual to waive any right to limit disclosure under this section as a condition of eligibility for or coverage under a health benefit plan.
(8) For the protection of patient confidentiality, any communication from a health carrier relating to the provision of health care services, if the communications disclose protected health information, including medical information or provider name and address, relating to receipt of sensitive services, must be provided in the form and format requested by the individual patient receiving care.
(9) The commissioner may adopt rules to implement this section after considering relevant standards adopted by national managed care accreditation organizations and the national association of insurance commissioners, and after considering the effect of those standards on the ability of carriers to undertake enrollee care management and disease management programs.

NOTES:

FindingsDeclarationsEffective date2019 c 56: See notes following RCW 48.43.5051.
ApplicationShort titleCaptions not lawConstructionSeverabilityApplication to contractsEffective dates2000 c 5: See notes following RCW 48.43.500.
Site Contents
Selected content listed in alphabetical order under each group