Please consider making a donation to keep this project's resources available at no cost to the public. Your donation will support new research, updates to current resources, and website maintenance for HealthInfoLaw.org.
Authorization required for disclosure of nonpublic personal health information - 31 Pa. Code § 146b.11
Link to the law
This will open in a new window
Current as of June 2015
This will open in a new window
A licensed insurer may disclose nonpublic personal health information about a consumer in the following circumstances:
- Upon authorization from the consumer;
-
For the performance of the following insurance functions performed by or on behalf of the insurer, when disclosure is required, or when disclosure is usual, appropriate or acceptable:
- Claims administration, including coordination of benefits and subrogation;
- Claims adjustment, investigation, negotiation, settlement and management;
- Detection, prevention, investigation or reporting of actual or potential fraud, misrepresentation or criminal activity;
- Underwriting;
- Policy placement or issuance;
- Loss control;
- Ratemaking and guaranty fund functions;
- Reinsurance and excess loss insurance;
- Risk management;
- Case management:
- Disease management and wellness programs;
- Quality assurance;
- Performance evaluation;
- Provider training, accreditation or certification by a recognized accrediting or certifying body, license and credential verification;
- Utilization review;
- Peer review activities;
- Actuarial, scientific, medical or public policy research;
- Grievance and complaint procedures;
- Internal administration of compliance, managerial and information systems;
- Policyholder service functions;
- Auditing;
- Required reporting;
- Database security;
- Administration of consumer disputes and inquiries;
- External accreditation standards;
- Replacement of a group benefit plan or workers compensation policy or program;
- Activities in connection with a sale, merger, transfer or exchange of all or part of a business or operating unit;
- An activity that permits disclosure without authorization under the federal regulation;
- Disclosure that is required to enforce the insurer’s rights or the rights of another person engaged in carrying out a transaction or providing a product or service that a consumer requests or authorizes;
- An activity otherwise permitted by law, required under governmental regulatory or reporting authority, or to comply with legal process;
- Compliance with qualified medical child support orders;
- Preventative service reminders that do not require disclosure of nonpublic personal health information that a consumer has not previously disclosed directly to the recipient of the information; and
To a third party for the purposes of carrying out one or more of the above insurance functions.
Current as of June 2015
.png)