77R13601 MXM-D
By Sibley S.B. No. 712
Substitute the following for S.B. No. 712:
By Averitt C.S.S.B. No. 712
A BILL TO BE ENTITLED
1-1 AN ACT
1-2 relating to the privacy of certain information provided by
1-3 consumers to insurers and other related entities; providing a civil
1-4 penalty.
1-5 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
1-6 SECTION 1. Title 1, Insurance Code, is amended by adding
1-7 Chapter 28A to read as follows:
1-8 CHAPTER 28A. PRIVACY
1-9 SUBCHAPTER A. GENERAL PROVISIONS
1-10 Art. 28A.01. DEFINITIONS. In this chapter:
1-11 (1) "Affiliate" means any company that controls, is
1-12 controlled by, or is under common control with another company.
1-13 (2) "Authorization" has the meaning assigned by
1-14 Section 82.001 of this code.
1-15 (3) "Covered entity" means an individual or entity who
1-16 receives an authorization from the department. The term includes
1-17 any individual or entity described by Section 82.002 of this code.
1-18 (4) "Nonaffiliated third party" means an entity that
1-19 is not an affiliate of, or related to by common ownership or
1-20 affiliated by corporate control with, the covered entity. The term
1-21 does not include a joint employee of the entity.
1-22 Art. 28A.02. COMPLIANCE WITH FEDERAL LAW REQUIRED. (a) A
1-23 covered entity shall comply with 15 U.S.C. Sections 6802 and 6803,
1-24 as amended, in the same manner as a financial institution under
2-1 those sections.
2-2 (b) An entity that is a nonaffiliated third party in
2-3 relation to a covered entity shall comply with 15 U.S.C. Section
2-4 6802(c), as amended.
2-5 Art. 28A.03. EXCEPTION. Article 28A.02(a) of this code does
2-6 not apply to a covered entity to the extent that the entity is
2-7 acting solely as the insurance agent or other authorized
2-8 representative for another covered entity.
2-9 Art. 28A.04. HEALTH INFORMATION. This chapter does not
2-10 affect the authority of the department or another state agency to
2-11 adopt stricter rules governing the treatment of health information
2-12 by a covered entity, if another law gives the department or agency
2-13 that authority, including any laws or rules of this state related
2-14 to the privacy of individually identifiable health information
2-15 under the federal Health Insurance Portability and Accountability
2-16 Act of 1996 (42 U.S.C. Section 1320d et seq.), as amended.
2-17 (Articles 28A.05-28A.50 reserved for expansion
2-18 SUBCHAPTER B. DEPARTMENT POWERS AND DUTIES
2-19 Art. 28A.51. RULEMAKING AUTHORITY. (a) The commissioner
2-20 shall adopt rules to implement this chapter.
2-21 (b) The commissioner shall adopt any other rules necessary
2-22 to carry out 15 U.S.C. Subchapter I, Chapter 94 (15 U.S.C. Section
2-23 6801 et seq.), as amended, to make this state eligible to override
2-24 federal regulations, as described by 15 U.S.C. Section 6805(c), as
2-25 amended.
2-26 (c) In adopting rules under this chapter, the commissioner
2-27 shall ensure that state privacy requirements are consistent with
3-1 and not more strict than federal regulations adopted under 15
3-2 U.S.C. Subchapter I, Chapter 94 (15 U.S.C. Section 6801 et seq.),
3-3 as amended.
3-4 Art. 28A.52. STANDARDS. The department shall implement
3-5 standards as required by 15 U.S.C. Section 6805(b), as amended.
3-6 (Articles 28A.53-28A.100 reserved for expansion
3-7 SUBCHAPTER C. ENFORCEMENT
3-8 Art. 28A.101. DUTY TO ENFORCE. The department shall enforce
3-9 15 U.S.C. Sections 6801-6805, as amended, to the extent required by
3-10 15 U.S.C. Section 6805, as amended, and this chapter.
3-11 Art. 28A.102. INJUNCTIVE RELIEF; CIVIL PENALTY. (a) The
3-12 attorney general may institute an action for injunctive or
3-13 declaratory relief to restrain a violation of this chapter.
3-14 (b) In addition to the injunctive relief provided by
3-15 Subsection (a) of this article, the attorney general may institute
3-16 an action for civil penalties against a covered entity or a
3-17 nonaffiliated third party for a violation of this chapter. A civil
3-18 penalty assessed under this article may not exceed $3,000 for each
3-19 violation.
3-20 (c) If the court in which an action under Subsection (b) of
3-21 this article is pending finds that the violations have occurred
3-22 with a frequency as to constitute a pattern or practice, the court
3-23 may assess a civil penalty not to exceed $250,000.
3-24 (d) If the attorney general substantially prevails in an
3-25 action for injunctive relief or a civil penalty under this article,
3-26 the attorney general may recover reasonable attorney's fees, costs,
3-27 and expenses incurred obtaining the relief or penalty, including
4-1 court costs and witness fees.
4-2 SECTION 2. Not later than 30 days after the effective date
4-3 of this Act, the commissioner of insurance shall adopt the rules
4-4 required by Article 28A.51, Insurance Code, as added by this Act.
4-5 The commissioner may adopt these initial rules on an emergency
4-6 basis.
4-7 SECTION 3. This Act takes effect immediately if it receives
4-8 a vote of two-thirds of all the members elected to each house, as
4-9 provided by Section 39, Article III, Texas Constitution. If this
4-10 Act does not receive the vote necessary for immediate effect, this
4-11 Act takes effect September 1, 2001.