Sec. 2. Protecting the privacy of personally identifiable information in enrollment activities of health insurance exchanges
985 words·~4 min read·
/bill/113/hr/3299/ih/section-2A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 340A(c) of the Public Health Service Act ( 42 U.S.C. 256a(c) ) is amended by adding at the end the following new paragraph: The Secretary shall require each recipient of a grant under this section to implement procedures specified by the Secretary consistent with this paragraph in order protect the privacy of personally identifiable information. The procedures specified by the Secretary under subparagraph
(A)shall include at least the following: No certified application counselor, health insurance navigator, or non-navigator assistance personnel shall have access to personally identifiable information relating to an individual without the express, witnessed, written consent of that individual. No such individual shall have access to personally identifiable information unless the individual— has undergone, within 60 days before commencing enrollment assistance for any consumer seeking coverage through health insurance exchanges, both a criminal background and fingerprint check and has a clean record free of criminal infractions; and meets educational and licensure requirements that are identical or comparable to those currently applicable to health insurance agents and brokers within the State they seek to assist consumers with health insurance enrollment. The recipient of the grant may not collect personally identifiable information for any reason until the Comptroller General of the United States, in agreement with the Inspector General of the Department of Health and Human Services, certifies to Congress that such Department, along with any other relevant Federal agencies involved with health insurance assistance or enrollment, or collection or verification of personally identifiable information, have implemented all appropriate and necessary actions to safeguard both the such information and financial information of individuals seeking enrollment in a health plan through an Exchange and to protect such individuals from fraud and abuse. Not later than 90 days after the date of the enactment of this paragraph, the Secretary— shall issue guidance concerning how liability and penalties will be applied in instances of failure to comply with requirements of this paragraph, including where consumer outreach and enrollment assistance causes harm to an individual as a result of misuse or negligence in protection and privacy of personally identifiable information; shall determine whether such liability lies with the person (such as a navigator, certified application counselor, or non-navigator assistance personnel) having direct contact with the prospective enrollee in enrollment assistance-related actions or whether liability lies with the entity that received Federal or Exchange-generated funds to carry out consumer outreach activities; and shall determine whether the entities identified under clause
(ii)are required to obtain professional liability coverage. Any individual or entity who, under this section, has possession of, or access to, personally identifiable information the disclosure of which is prohibited by this section (or section 552a of title 5, United States Code) or by rules or regulations established thereunder, and who knowing that disclosure of the specific material is so prohibited, willfully discloses the material in any manner to any person or entity not entitled to receive it, shall be guilty of a misdemeanor and fined not more than $5,000. A person who commits the offense described under subclause
(I)with the intent to sell, transfer, or use personally identifiable information for commercial advantage, personal gain, or malicious harm shall be fined not more than $250,000, imprisoned for not more than 10 years, or both. Any person who knowingly and willfully requests or obtains any personally identifiable information protected under this section concerning an individual under false pretenses shall be guilty of a felony and fined not more than $100,000, imprisoned for not more than 5 years, or both. Any navigator, certified application counselor, or non-navigator assistance personnel who engages in health plan enrollment consumer assistance activities under this section and who is exposed to consumer tax return information is potentially subject to criminal liability under section 7213(a) of the Internal Revenue Code of 1986 for any instances of unauthorized disclosure of such information. If the Secretary determines that any individual, including any navigator, certified application counselor, or non-navigator assistance personnel, has a criminal background or is otherwise in violation of this paragraph with respect to the requirements relating to disclosure and use of personally identifiable information, the Secretary shall permanently disqualify the individual from any further involvement in consumer assistance activities required under this section or the Patient Protection and Affordable Care Act and may disqualify and rescind the Federal and Exchange-generated funds from the entity which employs or contracts with such an individual. Beginning on the date of health insurance exchange operations for both individuals and businesses, no individual consumer shall be made responsible for failure to meet a requirement under the Patient Protection and Affordable Care Act (including any amendments made by this Act) for obtaining qualified health insurance coverage through an Exchange unless the Secretary has demonstrated with reasonable certainty that effective and comprehensive protection of personally identifiable information, with respect to any health insurance enrollment activity electronic or otherwise, are in place prior to any consumer disclosure or transmission of personally identifiable information for health insurance enrollment purposes. In this paragraph, the term personally identifiable information includes Social Security numbers, bank account information, insurance records, health records, personal income data, and any other information deemed personally identifiable and sensitive in nature by the Federal Trade Commission, the Department of Justice, the Social Security Administration, the Consumer Financial Protection Bureau, the President’s Task Force on Identity Theft, and any other relevant Federal agency, which is disclosed or obtained in connection with any health insurance enrollment activity conducted under this section. . The amendment made by subsection
(a)shall take effect on the date of the enactment of this Act and shall apply to grants made before, on, or after the date of the enactment of this Act. The Secretary of Health and Human Services shall provide for the prompt modification of such grants made before the date of the enactment of this Act in order to comply with the requirement imposed by such amendment.
Connectionstraces to 1
Traces to 1 document
U.S. Code
Citation graph
cites case law
Sec. 2
Protecting the privacy of personally identifiable information in enrollment activities of health insurance exchanges
Cites 1Cited by 0 across 0 sources