California enacts new patient privacy legislation applicable to health insurers

California Senate Bill 138, the Confidential Health Information Act, proclaims that it is “the intent of the Legislature in enacting this act to incorporate HIPAA standards into state law and to clarify the standards for protecting the confidentiality of medical information in insurance transactions.”

One of the provisions of the new law allows individuals covered by another person’s health plan (such as a spouse) to submit requests to the insurer to keep certain sensitive medical information private, such as:

  • Birth control prescriptions;
  • Family planning;
  • Mental health care; and
  • Sexually transmitted infection tests.

The requests can be made by the insured individual over the phone or in writing.

This new requirement is significant for spouses who may be the subject of harassment or abuse in domestic disputes, and whose Explanation of Benefits (EOB) from the medical insurance company may be forwarded to the home and subject to unauthorized disclosure by spouses who open the mail. Sen. Ed Hernandez stated that the disclosure of certain health information “could lead to harm or harassment” and therefore, individuals subject to such harm or harassment can submit confidential communication requests for “sensitive services” to insurers so the member of the insurance plan cannot have access to the sensitive health information.

Although the intent of the Act is laudable, implementing the requirements of the Act will be difficult for the insurers to put into practice. For instance, how will the insurer authenticate the individual who is the covered member under the insurance plan who is requesting the confidential communication? How will they document an oral request? Does the insurer have to agree to the confidential request if it is unreasonable and/or costly? Insurers in California will need to quickly adopt new procedures and figure out the answers to these questions in order to respond to the new law.