Alaska Administrative Code (Last Updated: January 12, 2017) |
Title 3. Commerce, Community, and Economic Development. |
Part 3.1. Banking, Securities, Small Loans and Corporations. |
Chapter 3.26. Trade Practices. |
Article 3.26.1. Unfair Claims Settlement Acts or Practices. |
Section 3.26.680. Disclosure of nonpublic personal health information.
Latest version.
-
(a) Except as provided in (b) of this section or in 3 AAC 26.695(a), a licensee may not disclose nonpublic personal health information about a consumer unless authorization that complies with 3 AAC 26.685 is obtained from the consumer whose nonpublic personal health information the licensee seeks to disclose. (b) A licensee may disclose a consumer's nonpublic personal health information without obtaining authorization from the consumer if the disclosure is (1) required by federal or state law or regulation or is otherwise allowed by law; (2) in response to an order issued by a governmental regulatory authority with jurisdiction over a licensee for examination, investigation, compliance, or other purposes authorized by law; (3) compelled by a subpoena, search warrant, or other order issued by a court or administrative agency of competent jurisdiction; (4) for detection, investigation, or reporting of fraud, misrepresentation, or another violation of law; (5) for the performance of the following insurance functions by or on behalf of the licensee: (A) claims administration; (B) claims adjustment or management; (C) underwriting; (D) policy placement or issuance; (E) loss control; (F) rate development; (G) guaranty fund functions; (H) reinsurance, stop-loss insurance, or excess loss insurance; (I) risk management; (J) case management; (K) disease management; (L) quality assurance or improvement; (M) performance evaluation; (N) verification of provider credentials; (O) utilization review; (P) peer review activities; (Q) actuarial, scientific, medical, or public policy research; (R) grievance procedures; (S) internal administration of compliance, managerial, and information systems; (T) policyholder service functions; (U) auditing; (V) reporting; (W) database security; (X) administration of consumer disputes and inquiries; (Y) external accreditation standards; (Z) replacement of a group benefit plan or workers' compensation policy or program; (AA) activities in connection with the sale, merger, transfer, or exchange of all or part of a business or operating unit; (6) required to enforce the licensee's rights or the rights of other licensees engaged in carrying out an insurance transaction or providing an insurance product or service that a consumer or customer requests or authorizes; or (7) allowed without requiring authorization under 45 C.F.R. Parts 160 and 164.
Authorities
21.06.090;21.36.510;01.05.031;21.36.162;44.62.125
Notes
Authority
AS 21.06.090 AS 21.36.510 Editor's note: In 2010 the revisor of statutes, acting under AS 01.05.031, renumbered former AS 21.36.162 as AS 21.36.510. As of Register 196 (January 2011), the regulations attorney made a conforming technical revision under AS 44.62.125(b)(6), to the authority citation that follows 3 AAC 26.680, so that the citation to former AS 21.36.162 now refers to the renumbered statute, AS 21.36.510.History
Eff. 1/1/2005, Register 172
References
3.26.680