In Tennessee, employers that have access to medical information that directly identifies employees may not market or sell that information with first obtaining the written consent of each employee.  This includes lists of employees and family members that receive health insurance as well as any medical services provided or paid for by the employer.1  Additionally, Tennessee prohibits the sale or marketing of information that relates to the health of an individual by any network that provides health benefits, unless authorized by the patient, or for certain specific uses such as researching and auditing.2

        With respect to the confidentiality of patient records, health maintenance organizations must keep confidential all treatment, diagnosis and health status of enrollees unless the enrollee otherwise consents to the release or if disclosed for other reasons required by law.3  This includes any genetic information that an insurance provider may have on an individual.4  Insurers may also not request or require individuals seeking insurance to disclose genetic information about himself or his family.5

        Finally, the State of Tennessee must maintain an all-payer claims database consisting of insurer data that enables the Commissioner of Commerce and Insurance to access information for research and analytical purposes.6  The database may not release any individually identifiable data and must use unique patient identifiers rather than patient names and social security numbers.