77(R) SB 712 Engrossed version

         By:  Sibley                                            S.B. No. 712
                                A BILL TO BE ENTITLED
 1-1                                   AN ACT
 1-2     relating to the privacy of certain information provided by
 1-3     consumers to insurers and other related entities; providing a civil
 1-4     penalty.
 1-5           BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
 1-6           SECTION 1.  Title 1, Insurance Code, is amended by adding
 1-7     Chapter 28A to read as follows:
 1-8                            CHAPTER 28A.  PRIVACY
 1-9                      SUBCHAPTER A.  GENERAL PROVISIONS
1-10           Art. 28A.01.  DEFINITIONS.  In this chapter:
1-11                 (1)  "Affiliate" means any company that controls, is
1-12     controlled by, or is under common control with another company.
1-13                 (2)  "Authorization" has the meaning assigned by
1-14     Section 82.001 of this code.
1-15                 (3)  "Covered entity" means an individual or entity who
1-16     receives an authorization from the department.  The term includes
1-17     any individual or entity described by Section 82.002 of this code.
1-18                 (4)  "Nonaffiliated third party" means an entity that
1-19     is not an affiliate of, or related to by common ownership or
1-20     affiliated by corporate control with, the covered entity.  The term
1-21     does not include a joint employee of the entity.
1-22           Art. 28A.02.  COMPLIANCE WITH FEDERAL LAW REQUIRED.  (a)  A
1-23     covered entity shall comply with 15 U.S.C. Sections 6802 and 6803,
1-24     as amended, in the same manner as a financial institution under
1-25     those sections.
 2-1           (b)  An entity that is a nonaffiliated third party in
 2-2     relation to a covered entity shall comply with 15 U.S.C. Section
 2-3     6802(c), as amended.
 2-4           Art. 28A.03.  EXCEPTION.  Article 28A.02(a) of this code does
 2-5     not apply to a covered entity to the extent that the entity is
 2-6     acting solely as an insurance agent for another covered entity.
 2-7           Art. 28A.04.  HEALTH INFORMATION.  This chapter does not
 2-8     affect the authority of the department or another state agency to
 2-9     adopt stricter rules governing the treatment of health information
2-10     by a covered entity, if another law gives the department or agency
2-11     that authority, including any laws or rules of this state related
2-12     to the privacy of individually identifiable health information
2-13     under the federal Health Insurance Portability and Accountability
2-14     Act of 1996 (42 U.S.C. Section 1320d et seq.), as amended.
2-15               (Articles 28A.05-28A.50 reserved for expansion
2-16                 SUBCHAPTER B.  DEPARTMENT POWERS AND DUTIES
2-17           Art. 28A.51.  RULEMAKING AUTHORITY.  (a)  The commissioner
2-18     shall adopt rules to implement this chapter.
2-19           (b)  The commissioner shall adopt any other rules necessary
2-20     to carry out 15 U.S.C. Subchapter I, Chapter 94 (15 U.S.C. Section
2-21     6801 et seq., as amended) to make this state eligible to override
2-22     federal regulations, as described by 15 U.S.C.  Section 6805(c), as
2-23     amended.
2-24           (c)  In adopting rules under this chapter, the commissioner
2-25     shall attempt to keep state privacy requirements consistent with
2-26     federal regulations adopted under 15 U.S.C. Subchapter I, Chapter
 3-1     94 (15 U.S.C. Section 6801 et seq., as amended).
 3-2           Art. 28A.52.  STANDARDS.  The department shall implement
 3-3     standards as required by 15 U.S.C.  Section 6805(b), as amended.
 3-4              (Articles 28A.53-28A.100 reserved for expansion
 3-5                         SUBCHAPTER C.  ENFORCEMENT
 3-6           Art. 28A.101.  ENFORCEMENT OF FEDERAL LAW.  The department
 3-7     shall enforce 15 U.S.C. Sections 6801-6805, as amended, to the
 3-8     extent required by 15 U.S.C. Section 6805.
 3-9           Art. 28A.102.  INJUNCTIVE RELIEF; CIVIL PENALTY.  (a)  The
3-10     attorney general may institute an action for injunctive or
3-11     declaratory relief to restrain a violation of this chapter.
3-12           (b)  In addition to the injunctive relief provided by
3-13     Subsection (a) of this article, the attorney general may institute
3-14     an action for civil penalties against a covered entity or a
3-15     nonaffiliated third party for a violation of this chapter.  A civil
3-16     penalty assessed under this article may not exceed $3,000 for each
3-17     violation.
3-18           (c)  If the court in which an action under Subsection (b) of
3-19     this article is pending finds that the violations have occurred
3-20     with a frequency as to constitute a pattern or practice, the court
3-21     may assess a civil penalty not to exceed $250,000.
3-22           (d)  If the attorney general substantially prevails in an
3-23     action for injunctive relief or a civil penalty under this article,
3-24     the attorney general may recover reasonable attorney's fees, costs,
3-25     and expenses incurred obtaining the relief or penalty, including
3-26     court costs and witness fees.
 4-1           SECTION 2.  Not later than 30 days after the effective date
 4-2     of this Act, the commissioner of insurance shall adopt the rules
 4-3     required by Article 28A.51, Insurance Code, as added by this Act.
 4-4     The commissioner may adopt these initial rules on an emergency
 4-5     basis.
 4-6           SECTION 3.  This Act takes effect immediately if it receives
 4-7     a vote of two-thirds of all the members elected to each house, as
 4-8     provided by Section 39, Article III, Texas Constitution.  If this
 4-9     Act does not receive the vote necessary for immediate effect, this
4-10     Act takes effect September 1, 2001.