Connecticut Seal

General Assembly

Amendment

 

January Session, 2015

LCO No. 7743

   
 

*SB0091307743SRO*

Offered by:

 

SEN. KELLY, 21st Dist.

 

To: Subst. Senate Bill No. 913

File No. 338

Cal. No. 238

"AN ACT CONCERNING HEALTH CARE DATA REPORTING AND THE ENROLLMENT OF NONSTATE PUBLIC EMPLOYEES IN THE STATE EMPLOYEE HEALTH PLAN. "

After the last section, add the following and renumber sections and internal references accordingly:

"Sec. 501. (NEW) (Effective from passage) (a) As used in this section, (1) "encrypt" means the transformation of electronic data into a form in which meaning cannot be assigned without the use of a confidential process or key, and (2) "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data: (A) A Social Security number; (B) a driver's license number or a state identification number; (C) an address; or (D) identifiable health information. "Personal information" does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.

(b) Not later than two years after the effective date of this section, each municipality, labor organization, health insurer, health care center and other entity licensed to do health insurance business in this state, pharmacy benefits manager, as defined in section 38a-479aaa of the general statutes, third-party administrator, as defined in section 38a-720 of the general statutes, that administers health benefits, and utilization review company, as defined in section 38a-591a of the general statutes, shall implement security technology that encrypts the personal information of employees, members, insureds and enrollees that is compiled or maintained by such municipality, labor organization, insurer, health care center or other entity, pharmacy benefits manager, third-party administrator or utilization review company.

(c) Any such security technology shall be updated as is necessary and practicable. The Insurance Commissioner, in consultation with the Commissioner of Consumer Protection, shall adopt regulations, in accordance with the provisions of chapter 54 of the general statutes, to establish minimum standards for such security technology and to implement the provisions of this section. "

This act shall take effect as follows and shall amend the following sections:

Sec. 501

from passage

New section