|TO:||Commercial Health Insurers, Blue Cross and Blue Shield of Massachusetts, Inc., and Health Maintenance Organizations|
|FROM:||Julianne M. Bowler, Commissioner of Insurance|
|DATE:||March 7, 2003|
|RE:||HIPAA Privacy Notices and Preemption of State Law as it Pertains to Privacy Notices|
The purpose of this bulletin is to ensure that all carriers who issue privacy notices pursuant to the requirements of Title 45 of the Code of Federal Regulations ("CFR") Parts 160 and 164 are aware of and carefully take into consideration the preemption issue presented by the federal law and Chapter 175I of the Massachusetts General Laws ("M.G.L.").
On December 28, 2000, the federal government's Secretary of Health and Human Services ("HHS") released final privacy regulations relating to the protection of patients' individually identifiable health information as mandated by the Health Insurance Portability and Accountability Act of 1996 ("HIPPA"). On August 14, 2002, HHS issued the final set of modifications to the regulations. According to 45 CFR 164.534, most covered entities are to comply with the federal regulatory requirements by April 14, 2003, with the exception of small health plans (those with annual receipts of $5 million or less) who must comply by no later than April 14, 2004. Detailed information about the privacy rule is available at http://www.hhs.gov/ocr/hipaa.
M.G.L. c. 175I, "Insurance Information and Privacy Protection," governs the disclosure and use of personal information by an insurance institution, insurance representative or insurance-support organization which in the case of life, health and disability insurance collects, receives or maintains information in connection with an insurance transaction or engages in an insurance transaction with a natural person who is a resident of the Commonwealth. The particular sections of Massachusetts law that appear to be pertinent in the process for determining whether state law or federal law is applicable, are as follows:
Preemption of State Law
Under the federal law, if the federal law and state law are contrary to the extent that both cannot be applied, it must be determined which law applies. Generally, a state law is preempted if it conflicts with the federal law. Under certain specific exceptions, a state law can be saved from preemption. One of these exceptions is if the state law is "more stringent." As defined in 45 CFR 160.202, a state law is considered "more stringent" if it meets one or more of the following criteria:
Other specific exceptions to state law preemption under the federal law are:
The Division of Insurance ("Division") is currently reviewing the federal law to determine in which instances state law is preempted. In order that residents of the Commonwealth are aware that additional rights may be available under Massachusetts law, the Division requests that carriers make this clear within their privacy notices. Carriers are not required to file privacy notices with the Division. Privacy notices submitted to the Division will be placed on file and not reviewed.
If you should have any questions regarding this bulletin or in determining whether Massachusetts law is preempted, please contact the Office of the General Counsel at 617-521-7309