Sec. 602.053. EXCEPTIONS  


Latest version.
  • A covered entity may disclose nonpublic personal health information to the extent that the disclosure is necessary to perform the following insurance or health maintenance organization functions on behalf of the covered entity:

    (1) the investigation or reporting of actual or potential fraud, misrepresentation, or criminal activity;

    (2) underwriting;

    (3) the placement or issuance of an insurance policy or evidence of coverage;

    (4) loss control services;

    (5) ratemaking or guaranty fund functions;

    (6) reinsurance or excess loss insurance;

    (7) risk management;

    (8) case management;

    (9) disease management;

    (10) quality assurance;

    (11) quality improvement;

    (12) performance evaluation;

    (13) health care provider credentialing verification;

    (14) utilization review;

    (15) peer review activities;

    (16) actuarial, scientific, medical, or public policy research;

    (17) grievance procedures;

    (18) the internal administration of compliance, managerial, and information systems;

    (19) policyholder or enrollee services;

    (20) auditing;

    (21) reporting;

    (22) database security;

    (23) the administration of consumer disputes and inquiries;

    (24) external accreditation standards;

    (25) the replacement of a group benefit plan or workers' compensation policy or program;

    (26) activities in connection with a sale, merger, transfer, or exchange of all or part of a business or operating unit;

    (27) any activity that permits disclosure without authorization under the federal Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. Section 1320d et seq.), as amended;

    (28) disclosure that is required, or that is a lawful or appropriate method to enforce the covered entity's rights or the rights of other persons engaged, in carrying out a transaction or providing a product or service that the consumer requests or authorizes;

    (29) claims administration, adjustment, and management;

    (30) any activity that is:

    (A) otherwise permitted by law;

    (B) required by a governmental reporting authority; or

    (C) required to comply with legal process; and

    (31) any other insurance or health maintenance organization functions the commissioner approves that are:

    (A) necessary for appropriate performance of insurance or health maintenance organization functions; and

    (B) fair and reasonable to the interests of consumers.

Added by Acts 2003, 78th Leg., ch. 1274, Sec. 2, eff. April 1, 2005.