Alaska Administrative Code
Title 3 - Commerce, Community, and Economic Development
Part 2 - Division of Insurance
Chapter 26 - Trade Practices
Article 5 - Privacy of Consumer Financial and Health Information
3 AAC 26.680 - Disclosure of nonpublic personal health information

Universal Citation: 3 AK Admin Code 26.680

Current through February 24, 2025

(a) Except as provided in (b) of this section or in 3 AAC 26.695(a), a licensee may not disclose nonpublic personal health information about a consumer unless authorization that complies with 3 AAC 26.685 is obtained from the consumer whose nonpublic personal health information the licensee seeks to disclose.

(b) A licensee may disclose a consumer's nonpublic personal health information without obtaining authorization from the consumer if the disclosure is

(1) required by federal or state law or regulation or is otherwise allowed by law;

(2) in response to an order issued by a governmental regulatory authority with jurisdiction over a licensee for examination, investigation, compliance, or other purposes authorized by law;

(3) compelled by a subpoena, search warrant, or other order issued by a court or administrative agency of competent jurisdiction;

(4) for detection, investigation, or reporting of fraud, misrepresentation, or another violation of law;

(5) for the performance of the following insurance functions by or on behalf of the licensee:

(A) claims administration;

(B) claims adjustment or management;

(D) policy placement or issuance;

(E) loss control;

(F) rate development;

(G) guaranty fund functions;

(H) reinsurance, stop-loss insurance, or excess loss insurance;

(I) risk management;

(J) case management;

(K) disease management;

(L) quality assurance or improvement;

(M) performance evaluation;

(N) verification of provider credentials;

(O) utilization review;

(P) peer review activities;

(Q) actuarial, scientific, medical, or public policy research;

(R) grievance procedures;

(S) internal administration of compliance, managerial, and information systems;

(T) policyholder service functions;

(U) auditing;

(V) reporting;

(W) database security;

(X) administration of consumer disputes and inquiries;

(Y) external accreditation standards;

(Z) replacement of a group benefit plan or workers' compensation policy or program;

(AA) activities in connection with the sale, merger, transfer, or exchange of all or part of a business or operating unit;

(6) required to enforce the licensee's rights or the rights of other licensees engaged in carrying out an insurance transaction or providing an insurance product or service that a consumer or customer requests or authorizes; or

(7) allowed without requiring authorization under 45 C.F.R. Parts 160 and 164.

In 2010 the revisor of statutes, acting under AS 01.05.031, renumbered former AS 21.36.162 as AS 21.36.510. As of Register 196 (January 2011), the regulations attorney made a conforming technical revision under AS 44.62.125(b)(6), to the authority citation that follows 3 AAC 26.680, so that the citation to former AS 21.36.162 now refers to the renumbered statute, AS 21.36.510.

Authority:AS 21.06.090

AS 21.36.510

Disclaimer: These regulations may not be the most recent version. Alaska may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.