Massachusetts PATCH Act, Requires Additional Protection for Certain Confidential Health Care Information

William Daley
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

[co-author: Matthew Rizzini]*

Earlier this year, Governor Charlie Baker signed into law an Act to Protect Access to Confidential Healthcare (the PATCH Act), which prevents information regarding “sensitive health care services” from being shared with anyone other than the patient in the form of Explanation of Benefits (EOB) and Summary of Payment (SOP) forms. When more than one person is covered by the same medical insurance plan, sensitive health care information can be disclosed through the use of these common forms, sometimes including information on sexual assault, domestic violence, mental health disorders, or sexual and reproductive health. When the EOB or SOP is provided to the named policyholder—rather than the specific beneficiary that the services described therein relate to—the beneficiary’s confidentiality can be compromised. 

The PATCH Act seeks to protect privacy in a number of ways by: allowing insurers to send SOP forms directly to the patient rather than to the primary policyholder; allowing patients to choose their preferred address and method for receiving SOPs; providing only general information about certain sensitive services or visits; and providing patients the option to opt-out of receiving SOPs if no payment is due.

The PATCH Act requires an insurer to honor a beneficiary’s request with regard to information regarding sensitive health care services in a summary of payment. The PATCH Act further requires that, through regulations, the Division of Insurance define what constitutes “sensitive health care services.”  Moreover, those regulations will also include “requirements for reasonable reporting by carriers to the division regarding compliance and the number and type of complaints received regarding noncompliance” with the Act. Notably, the final version of the Act, S.2296, did not include reporting requirements for “breaches of confidentiality” as earlier versions had—like Bill S.557.

The Division of Insurance will also “develop and implement a plan to educate providers and consumers regarding the rights of insured members and the responsibilities of carriers to promote compliance with” the Act. Nonetheless, insurers may want to proactively analyze this legislation and how it may affect their standard policies and procedures.

*This post was co-authored by Matthew W. Rizzini, a paralegal in Robinson+Cole’s Insurance + Reinsurance Group. 

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide