1-1 By: Sibley S.B. No. 712 1-2 (In the Senate - Filed February 14, 2001; February 15, 2001, 1-3 read first time and referred to Committee on Business and Commerce; 1-4 March 8, 2001, reported favorably by the following vote: Yeas 6, 1-5 Nays 0; March 8, 2001, sent to printer.) 1-6 A BILL TO BE ENTITLED 1-7 AN ACT 1-8 relating to the privacy of certain information provided by 1-9 consumers to insurers and other related entities; providing a civil 1-10 penalty. 1-11 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: 1-12 SECTION 1. Title 1, Insurance Code, is amended by adding 1-13 Chapter 28A to read as follows: 1-14 CHAPTER 28A. PRIVACY 1-15 SUBCHAPTER A. GENERAL PROVISIONS 1-16 Art. 28A.01. DEFINITIONS. In this chapter: 1-17 (1) "Affiliate" means any company that controls, is 1-18 controlled by, or is under common control with another company. 1-19 (2) "Authorization" has the meaning assigned by 1-20 Section 82.001 of this code. 1-21 (3) "Covered entity" means an individual or entity who 1-22 receives an authorization from the department. The term includes 1-23 any individual or entity described by Section 82.002 of this code. 1-24 (4) "Nonaffiliated third party" means an entity that 1-25 is not an affiliate of, or related to by common ownership or 1-26 affiliated by corporate control with, the covered entity. The term 1-27 does not include a joint employee of the entity. 1-28 Art. 28A.02. COMPLIANCE WITH FEDERAL LAW REQUIRED. (a) A 1-29 covered entity shall comply with 15 U.S.C. Sections 6802 and 6803, 1-30 as amended, in the same manner as a financial institution under 1-31 those sections. 1-32 (b) An entity that is a nonaffiliated third party in 1-33 relation to a covered entity shall comply with 15 U.S.C. Section 1-34 6802(c), as amended. 1-35 Art. 28A.03. EXCEPTION. Article 28A.02(a) of this code does 1-36 not apply to a covered entity to the extent that the entity is 1-37 acting solely as an insurance agent for another covered entity. 1-38 Art. 28A.04. HEALTH INFORMATION. This chapter does not 1-39 affect the authority of the department or another state agency to 1-40 adopt stricter rules governing the treatment of health information 1-41 by a covered entity, if another law gives the department or agency 1-42 that authority, including any laws or rules of this state related 1-43 to the privacy of individually identifiable health information 1-44 under the federal Health Insurance Portability and Accountability 1-45 Act of 1996 (42 U.S.C. Section 1320d et seq.), as amended. 1-46 (Articles 28A.05-28A.50 reserved for expansion 1-47 SUBCHAPTER B. DEPARTMENT POWERS AND DUTIES 1-48 Art. 28A.51. RULEMAKING AUTHORITY. (a) The commissioner 1-49 shall adopt rules to implement this chapter. 1-50 (b) The commissioner shall adopt any other rules necessary 1-51 to carry out 15 U.S.C. Subchapter I, Chapter 94 (15 U.S.C. Section 1-52 6801 et seq., as amended) to make this state eligible to override 1-53 federal regulations, as described by 15 U.S.C. Section 6805(c), as 1-54 amended. 1-55 (c) In adopting rules under this chapter, the commissioner 1-56 shall attempt to keep state privacy requirements consistent with 1-57 federal regulations adopted under 15 U.S.C. Subchapter I, Chapter 1-58 94 (15 U.S.C. Section 6801 et seq., as amended). 1-59 Art. 28A.52. STANDARDS. The department shall implement 1-60 standards as required by 15 U.S.C. Section 6805(b), as amended. 1-61 (Articles 28A.53-28A.100 reserved for expansion 1-62 SUBCHAPTER C. ENFORCEMENT 1-63 Art. 28A.101. ENFORCEMENT OF FEDERAL LAW. The department 1-64 shall enforce 15 U.S.C. Sections 6801-6805, as amended, to the 2-1 extent required by 15 U.S.C. Section 6805. 2-2 Art. 28A.102. INJUNCTIVE RELIEF; CIVIL PENALTY. (a) The 2-3 attorney general may institute an action for injunctive or 2-4 declaratory relief to restrain a violation of this chapter. 2-5 (b) In addition to the injunctive relief provided by 2-6 Subsection (a) of this article, the attorney general may institute 2-7 an action for civil penalties against a covered entity or a 2-8 nonaffiliated third party for a violation of this chapter. A civil 2-9 penalty assessed under this article may not exceed $3,000 for each 2-10 violation. 2-11 (c) If the court in which an action under Subsection (b) of 2-12 this article is pending finds that the violations have occurred 2-13 with a frequency as to constitute a pattern or practice, the court 2-14 may assess a civil penalty not to exceed $250,000. 2-15 (d) If the attorney general substantially prevails in an 2-16 action for injunctive relief or a civil penalty under this article, 2-17 the attorney general may recover reasonable attorney's fees, costs, 2-18 and expenses incurred obtaining the relief or penalty, including 2-19 court costs and witness fees. 2-20 SECTION 2. Not later than 30 days after the effective date 2-21 of this Act, the commissioner of insurance shall adopt the rules 2-22 required by Article 28A.51, Insurance Code, as added by this Act. 2-23 The commissioner may adopt these initial rules on an emergency 2-24 basis. 2-25 SECTION 3. This Act takes effect immediately if it receives 2-26 a vote of two-thirds of all the members elected to each house, as 2-27 provided by Section 39, Article III, Texas Constitution. If this 2-28 Act does not receive the vote necessary for immediate effect, this 2-29 Act takes effect September 1, 2001. 2-30 * * * * *