ARIZONA STATE SENATE
Phoenix, Arizona
insurance claim fraud
prevention act
(NOW: health insurers; HIPPA
preemption; privacy)
Exempts insurance
institutions that are in compliance with the federal Health Insurance
Portability and Accountability Act (HIPAA) privacy requirements from state
standards.
In 2001, the Arizona Legislature passed the Arizona Insurance Information and Privacy Protection Act (Laws 2001, Chapter 220), which contained provisions to conform to the standards of the federal Gramm-Leach-Bliley Act (GLBA). The GLBA authorized banks and insurance companies to transact the others’ business and addressed the level of personal consumer information shared among these financial institutions and their subsidiaries. Unlike many states, Arizona already had laws governing the privacy of consumers’ financial and medical information collected in the context of an insurance transaction. The Arizona Insurance Information and Privacy Protection Act strengthened Arizona’s laws to a stricter standard than federal measures and brought them into compliance with the new federal laws guarding personal information distribution.
Since enactment of the
Arizona Insurance Information and Privacy Protection Act, the U.S. Department
of Health and Human Services promulgated a rule for HIPAA privacy regulations
that applied to health plans, clearing houses and health care providers that
conduct business electronically. The federal regulations permit these groups to
use protected health information for treatment, payment and health care
operations, but require authorization from an enrolled member. The federal rule
requires compliance by April 14, 2003 and preempts state laws that are less protective
of patients’ privacy, but permits stricter laws offering more protection.
Health providers
implementing the federal guidelines have encountered some confusion regarding
which law constitutes stricter protection – the state law or the federal law. In some cases, knowing which law requires
compliance is difficult to ascertain.
This measure establishes that providers in compliance with the federal
HIPAA privacy requirements are considered to be in compliance with state law
and, in effect, is voluntarily preempting Arizona privacy protection laws to
the HIPAA regulations.
There is no anticipated
fiscal impact to the state general fund associated with this measure.
1. Establishes that insurance institutions in compliance with HIPAA privacy requirements are deemed in compliance with Arizona standards for insurance privacy protection.
2. Specifies that insurance institutions must still be subject to the provisions of state law that are not contained in the federal HIPAA privacy requirements.
3. Provides for a general effective date.
House Action
FII DPA/SE 3/20/02 9-0-1-0
3rd Read 4/4/02 54-0-6-0
Prepared by Senate Staff
April 16, 2002