Home Table of Contents

§ 991.2131. Confidentiality

Purdon's Pennsylvania Statutes and Consolidated StatutesTitle 40 P.S. InsuranceEffective: January 1, 2024

Purdon's Pennsylvania Statutes and Consolidated Statutes
Title 40 P.S. Insurance (Refs & Annos)
Chapter 2. Insurance Companies (Refs & Annos)
Article XXI. Quality Health Care Accountability and Protection (Refs & Annos)
(e) Confidentiality
Effective: January 1, 2024
40 P.S. § 991.2131
§ 991.2131. Confidentiality
Currentness
(a) An insurer or MA or CHIP managed care plan shall adopt and maintain procedures to ensure that all protected health information regarding covered person or enrollee health, diagnosis and treatment is adequately protected and remains confidential in compliance with all applicable Federal and State laws and regulations and professional ethical standards.
(b) To the extent an insurer or MA or CHIP managed care plan receives medical records relating to a covered person or enrollee, the insurer or MA or CHIP managed care plan shall adopt and maintain procedures to ensure that covered persons and enrollees have timely access to their medical records upon request of the covered person or enrollee, including medical records provided by a health care provider in the context of utilization review or a complaint, grievance or adverse benefit determination, unless prohibited by Federal or State law or regulation.
(c)(1) Information regarding a covered person's or enrollee's health or treatment shall be available to the covered person or enrollee, the covered person's or enrollee's authorized representative or as necessary to prevent death or serious injury.
(2) Nothing in this section shall:
(i) Prevent disclosure necessary to determine coverage, review complaints, grievances or adverse benefit determinations, conduct utilization review or facilitate payment of a claim.
(ii) Deny the department or the Department of Human Services access to records for purposes of quality assurance, investigation of complaints, grievances or adverse benefit determinations, enforcement or other activities related to compliance with this article and other laws of this Commonwealth. Records shall be accessible only to department employes or agents with direct responsibilities under the provisions of this subparagraph.
(iii) Deny access to information necessary for a utilization review entity to conduct a review under this article.
(iv) Deny access to the insurer or MA or CHIP managed care plan for internal quality review, including reviews conducted as part of the insurer's or MA or CHIP managed care plan's quality oversight process. During such reviews, covered persons and enrollees shall remain anonymous to the greatest extent possible.
(v) Deny access to insurers or MA or CHIP managed care plans, health care providers and their respective designees for the purpose of providing patient care management, outcomes improvement and research. For this purpose, covered persons and enrollees shall provide consent and shall remain anonymous to the greatest extent possible.

Credits

1921, May 17, P.L. 682, No. 284, § 2131, added 1998, June 17, P.L. 464, No. 68, § 1, effective Jan. 1, 1999. Amended 2022, Nov. 3, P.L. 2068, No. 146, § 1, effective Jan. 1, 2024.
40 P.S. § 991.2131, PA ST 40 P.S. § 991.2131
Current through Act 10 of the 2024 Regular Session. Some statute sections may be more current, see credits for details.
End of Document