Florida Administrative Code
69 - DEPARTMENT OF FINANCIAL SERVICES
69J - Division of Consumer Services
Chapter 69J-128 - PRIVACY OF CONSUMER FINANCIAL AND HEALTH INFORMATION
Section 69J-128.017 - When Authorization Required for Disclosure of Nonpublic Personal Health Information

Universal Citation: FL Admin Code R 69J-128.017

Current through Reg. 50, No. 187; September 24, 2024

(1) Except as provided in subsections (2) and (3) of this rule, a licensee shall not disclose nonpublic personal health information about a consumer or customer unless an authorization is obtained from the consumer or customer whose nonpublic personal health information is sought to be disclosed.

(2) Nothing in this rule shall prohibit, restrict, or require an authorization for the disclosure of nonpublic personal health information by a licensee for the performance of the following insurance functions by or on behalf of the licensee:

(a) Claims administration;

(b) Claims adjustment and management;

(c) Detection, investigation or reporting of actual or potential fraud, misrepresentation or criminal activity;

(d) Underwriting;

(e) Policy placement or issuance;

(f) Loss control;

(g) Ratemaking and guaranty fund functions;

(h) Reinsurance and excess loss insurance;

(i) Risk management;

(j) Case management;

(k) Disease management;

(l) Quality assurance;

(m) Quality improvement;

(n) Performance evaluation;

(o) Provider credentialing verification;

(p) Utilization review;

(q) Peer review activities;

(r) Actuarial, scientific, medical or public policy research;

(s) Grievance procedures;

(t) Internal administration of compliance, managerial, and information systems;

(u) Policyholder service functions;

(v) Auditing;

(w) Reporting;

(x) Database security;

(y) Administration of consumer disputes and inquiries;

(z) External accreditation standards;

(aa) The replacement of a group benefit plan or workers' compensation policy or program;

(bb) Activities in connection with a sale, merger, transfer or exchange of all or part of a business or operating unit;

(cc) Any activity that permits disclosure without authorization pursuant to the Federal Health Insurance Portability And Accountability Act privacy rules promulgated by the U.S. Department of Health And Human Services;

(dd) Disclosure that is required, or is one of the lawful or appropriate methods, to enforce the licensee's rights or the rights of other persons engaged in carrying out a transaction or providing a product or service that a consumer requests or authorizes; and

(ee) Any activity otherwise permitted by law, required pursuant to governmental reporting authority, or to comply with legal process.

(ff) Disclosure of information obtained by a licensee to a hospital, physician, or other medical care provider in connection with the provision of health care services to a customer of the licensee.

(gg) Additional insurance functions that the Office of Insurance Regulation determines to be necessary for appropriate performance of insurance functions and that are fair and reasonable to the interest of consumers.

(3) Non-public health information may be disclosed for scientific, medical, or public policy research in accordance with federal law regardless of whether the research is conducted by or on behalf of the licensee.

Rulemaking Authority 624.308, 626.9651 FS. Law Implemented 624.307(1), 626.9651 FS.

New 12-16-01, Formerly 4-128.017, 69B-128.017.

Disclaimer: These regulations may not be the most recent version. Florida may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.