Ins 25.73(1)(a)(a) The identity of the consumer or customer who is the subject of the nonpublic personal health information. Ins 25.73(1)(b)(b) A general description of the types of nonpublic personal health information to be disclosed. Ins 25.73(1)(c)(c) General descriptions of the parties to whom the licensee discloses nonpublic personal health information, the purpose of the disclosure and how the information will be used. Ins 25.73(1)(d)(d) The signature of the consumer or customer who is the subject of the nonpublic personal health information or the individual who is legally empowered to grant authority and the date signed. Ins 25.73(1)(e)(e) Notice of the length of time for which the authorization is valid and that the consumer or customer may revoke the authorization at any time and the procedure for making a revocation. Ins 25.73(2)(2) An authorization for the purposes of this subchapter shall specify a length of time for which the authorization shall remain valid, which in no event shall be for more than the period permitted if the authorization were subject to s. 610.70 (2) (b), Stats., or twenty-four months, whichever is longer. Ins 25.73(3)(3) A consumer or customer who is the subject of nonpublic personal health information may revoke an authorization provided pursuant to this subchapter at any time, subject to the rights of an individual who acted in reliance on the authorization prior to notice of the revocation. Ins 25.73(4)(4) A licensee shall retain the authorization or a copy thereof in the record of the individual who is the subject of nonpublic personal health information. Ins 25.73 HistoryHistory: Cr. Register, June, 2001, No. 546, eff. 7-1-01. Ins 25.75Ins 25.75 Authorization request delivery. A request for authorization and an authorization form may be delivered to a consumer or a customer as part of an opt-out notice pursuant to s. Ins 25.25, provided that the request and the authorization form are clear and conspicuous. An authorization form is not required to be delivered to the consumer or customer or included in any other notices unless the licensee intends to disclose protected health information pursuant to s. Ins 25.70 (1). Ins 25.75 HistoryHistory: Cr. Register, June, 2001, No. 546, eff. 7-1-01. Ins 25.77Ins 25.77 Relationship to federal rules. Irrespective of whether a licensee is subject to the federal Health Insurance Portability and Accountability Act privacy rule as promulgated by the U.S. Department of Health and Human Services, if a licensee complies with all requirements of that rule, regardless of whether it currently applies to the licensee, the licensee shall not be subject to the provisions of this subchapter. Ins 25.77 HistoryHistory: Cr. Register, June, 2001, No. 546, eff. 7-1-01. Ins 25.80Ins 25.80 Insurers and agents compliance with s. 610.70, Stats. Ins 25.80(1)(1) An insurer that is subject to s. 610.70, Stats., or an intermediary acting solely as an agent of an insurer subject to s. 610.70, Stats., with respect to health information is not required to comply with this subchapter. An insurer is responsible for the acts or omissions of its agents that constitute violations of s. 610.70, Stats. Ins 25.80(2)(2) For the purposes of s. 610.70 (1) (d), Stats., “insurance that is primarily for personal, family or household purposes” includes group or individual health insurance policies and personal automobile, homeowners, disability and life policies. It does not include workers’ compensation or commercial property and casualty policies. Ins 25.80(3)(3) Nothing in this chapter or s. 610.70, Stats., restricts disclosure of nonpublic personal health information permitted under s. 102.13, Stats. Ins 25.80 HistoryHistory: Cr. Register, June, 2001, No. 546, eff. 7-1-01. Ins 25.90(1)(1) A licensee shall not unfairly discriminate against any consumer or customer because that consumer or customer has opted out from the disclosure of his or her nonpublic personal financial information pursuant to the provisions of this chapter. Ins 25.90(2)(2) A licensee shall not unfairly discriminate against a consumer or customer because that consumer or customer has not granted authorization for the disclosure of his or her nonpublic personal health information pursuant to the provisions of this chapter. Ins 25.90(3)(3) Failure to provide an insurance product or service based on usual and customary insurance underwriting practices and standards is not unfair discrimination under this section, even if such failure is the result of a consumer or customer’s refusal to authorize the disclosure of his or her nonpublic personal information. Ins 25.90 HistoryHistory: Cr. Register, June, 2001, No. 546, eff. 7-1-01. Ins 25.95(1)(1) Applicability. Enforcement under section 505 of the Gramm-Leach-Bliley Act (PL 102-106) is effective only on and after the effective date of this rule. Ins 25.95(2)(a)(a) Phased in notice requirement for consumers who are the licensee’s customers on the compliance date. Beginning on the first day of the fourth month commencing after the after publication of this rule and by not later than June 30, 2002 a licensee shall provide an initial notice, as required by s. Ins 25.10, to consumers who are the licensee’s customers on the first day of the fourth month commencing after the after publication of this rule. Ins 25.95(2)(b)(b) Example. A licensee provides an initial notice to consumers who are its customers on the first day of the fourth month commencing after the after publication of this rule, if, by that date, the licensee has established a system for providing an initial notice to all new customers and if by June 30, 2002 the licensee has mailed the initial notice to all the licensee’s existing customers. Ins 25.95 HistoryHistory: Cr. Register, June, 2001, No. 546, eff. 7-1-01; CR 03-083: r. (3) Register March 2004 No. 579, eff. 4-1-04.
/exec_review/admin_code/ins/25
true
administrativecode
/exec_review/admin_code/ins/25/vi/95/2/b/_1
Office of the Commissioner of Insurance (Ins)
section
true