77(R) SB 712 Introduced version

         By Sibley                                              S.B. No. 712
         77R6075 MXM-D                           
                                A BILL TO BE ENTITLED
 1-1                                   AN ACT
 1-2     relating to the privacy of certain information provided by
 1-3     consumers to insurers and other related entities; providing a civil
 1-4     penalty.
 1-5           BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
 1-6           SECTION 1. Title 1, Insurance Code, is amended by adding
 1-7     Chapter 28A to read as follows:
 1-8                            CHAPTER 28A.  PRIVACY
 1-9                      SUBCHAPTER A.  GENERAL PROVISIONS
1-10           Art. 28A.01.  DEFINITIONS. In this chapter:
1-11                 (1)  "Affiliate" means any company that controls, is
1-12     controlled by, or is under common control with another company.
1-13                 (2)  "Authorization" has the meaning assigned by
1-14     Section 82.001 of this code.
1-15                 (3)  "Covered entity" means an individual or entity who
1-16     receives an authorization from the department.  The term includes
1-17     any individual or entity described by Section 82.002 of this code.
1-18                 (4)  "Nonaffiliated third party" means an entity that
1-19     is not an affiliate of, or related to by common ownership or
1-20     affiliated by corporate control with, the covered entity.  The term
1-21     does not include a joint employee of the entity.
1-22           Art. 28A.02.  COMPLIANCE WITH FEDERAL LAW REQUIRED. (a)  A
1-23     covered entity shall comply with 15 U.S.C. Sections 6802 and 6803,
1-24     as amended, in the same manner as a financial institution under
 2-1     those sections.
 2-2           (b)  An entity that is a nonaffiliated third party in
 2-3     relation to a covered entity shall comply with 15 U.S.C. Section
 2-4     6802(c), as amended.
 2-5           Art. 28A.03.  EXCEPTION. Article 28A.02(a) of this code does
 2-6     not apply to a covered entity to the extent that the entity is
 2-7     acting solely as an insurance agent for another covered entity.
 2-8           Art. 28A.04.  HEALTH INFORMATION. This law does not affect
 2-9     the authority of the department or another state agency to adopt
2-10     stricter rules governing the treatment of health information by a
2-11     covered entity, if another law gives the department or agency that
2-12     authority, including any laws or rules of this state related to the
2-13     privacy of individually identifiable health information under the
2-14     federal Health Insurance Portability and Accountability Act of 1996
2-15     (42 U.S.C. Section 1320d et seq.), as amended.
2-16               (Articles 28A.05-28A.50 reserved for expansion
2-17                 SUBCHAPTER B.  DEPARTMENT POWERS AND DUTIES
2-18           Art. 28A.51.  RULE-MAKING AUTHORITY. (a)  The commissioner
2-19     shall adopt rules to implement this chapter.
2-20           (b)  The commissioner shall adopt any other rules necessary
2-21     to carry out 15 U.S.C. Subchapter I, Chapter 94 (15 U.S.C. Section
2-22     6801 et seq., as amended) to make this state eligible to override
2-23     federal regulations, as described by 15 U.S.C. Section 6805(c), as
2-24     amended.
2-25           (c)  In adopting rules under this chapter, the commissioner
2-26     shall attempt to keep state privacy requirements consistent with
2-27     federal regulations adopted under 15 U.S.C. Subchapter I, Chapter
 3-1     94 (15 U.S.C. Section 6801 et seq., as amended).
 3-2           Art. 28A.52.  STANDARDS. The department shall implement
 3-3     standards as required by 15 U.S.C. Section 6805(b), as amended.
 3-4              (Articles 28A.53-28A.100 reserved for expansion
 3-5                         SUBCHAPTER C.  ENFORCEMENT
 3-6           Art. 28A.101.  ENFORCEMENT OF FEDERAL LAW. The department
 3-7     shall enforce 15 U.S.C. Sections 6801-6805, as amended, to the
 3-8     extent required by 15 U.S.C. Section 6805.
 3-9           Art. 28A.102.  INJUNCTIVE RELIEF; CIVIL PENALTY. (a)  The
3-10     attorney general may institute an action for injunctive or
3-11     declaratory relief to restrain a violation of this chapter.
3-12           (b)  In addition to the injunctive relief provided by
3-13     Subsection (a) of this article, the attorney general may institute
3-14     an action for civil penalties against a covered entity or a
3-15     nonaffiliated third party for a violation of this chapter.  A civil
3-16     penalty assessed under this article may not exceed $3,000 for each
3-17     violation.
3-18           (c)  If the court in which an action under Subsection (b) of
3-19     this article is pending finds that the violations have occurred
3-20     with a frequency as to constitute a pattern or practice, the court
3-21     may assess a civil penalty not to exceed $250,000.
3-22           (d)  If the attorney general substantially prevails in an
3-23     action for injunctive relief or a civil penalty under this article,
3-24     the attorney general may recover reasonable attorney's fees, costs,
3-25     and expenses incurred obtaining the relief or penalty, including
3-26     court costs and witness fees.
3-27           SECTION 2.  Not later than 30 days after the effective date
 4-1     of this Act, the commissioner of insurance shall adopt the rules
 4-2     required by Article 28A.51, Insurance Code, as added by this Act.
 4-3     The commissioner may adopt these initial rules on an emergency
 4-4     basis.
 4-5           SECTION 3.  This Act takes effect immediately if it receives
 4-6     a vote of two-thirds of all the members elected to each house, as
 4-7     provided by Section 39, Article III, Texas Constitution.  If this
 4-8     Act does not receive the vote necessary for immediate effect, this
 4-9     Act takes effect September 1, 2001.