Confidentiality of Medical InformationUse and Disclosure of Medical and Other Information by Third Party Administrators and Others

Section § 56.26

Explanation

This law is about protecting medical information when companies provide administrative services for health care payment programs. They can't use or share the medical info, except when essential for managing the program, legally required, or when they have permission. An authorization must follow specific rules, adapting the form to replace 'employer' with 'third party administrator.' This rule doesn't cover entities already under the Insurance Information Privacy Act or certain other specified sections.

(a)CA Civil Law Code § 56.26(a) No person or entity engaged in the business of furnishing administrative services to programs that provide payment for health care services shall knowingly use, disclose, or permit its employees or agents to use or disclose medical information possessed in connection with performing administrative functions for a program, except as reasonably necessary in connection with the administration or maintenance of the program, or as required by law, or with an authorization.
(b)CA Civil Law Code § 56.26(b) An authorization required by this section shall be in the same form as described in Section 56.21, except that “third party administrator” shall be substituted for “employer” wherever it appears in Section 56.21.
(c)CA Civil Law Code § 56.26(c) This section shall not apply to any person or entity that is subject to the Insurance Information Privacy Act or to Chapter 2 (commencing with Section 56.10) or Chapter 3 (commencing with Section 56.20).
medical information administrative services health care programs ...

Section § 56.265

Explanation

This law prohibits insurance companies and their related businesses from sharing a customer's personal health information or medical history with banks, credit institutions, or any other third party, for the purpose of credit decisions.

A person or entity that underwrites or sells annuity contracts or contracts insuring, guaranteeing, or indemnifying against loss, harm, damage, illness, disability, or death, and any affiliate of that person or entity, shall not disclose individually identifiable information concerning the health of, or the medical or genetic history of, a customer, to any affiliated or nonaffiliated depository institution, or to any other affiliated or nonaffiliated third party for use with regard to the granting of credit.
annuity contracts health information medical history ...