Health; code; disclosure of nonpublic financial information by
health care providers; provide for.
HEALTH: Code; CONSUMER PROTECTION: Other; CIVIL RIGHTS:
Privacy; HEALTH FACILITIES: Other; HEALTH FACILITIES: Patients;
HEALTH: Occupations
A bill to amend 1978 PA 368, entitled
"Public health code,"
(MCL 333.1101 to 333.25211) by adding part 25.
THE PEOPLE OF THE STATE OF MICHIGAN ENACT:
1 PART 25
2 PRIVACY OF FINANCIAL INFORMATION
3 SEC. 2501. (1) THIS PART APPLIES TO THE TREATMENT OF NON-
4 PUBLIC PERSONAL FINANCIAL INFORMATION ABOUT INDIVIDUALS WHO
5 OBTAIN HEALTH OR MEDICAL CARE FROM HEALTH CARE PROVIDERS. THIS
6 PART DOES NOT APPLY TO INFORMATION ABOUT PERSONS WHO ARE NOT
7 INDIVIDUALS.
8 (2) THIS PART DOES NOT MODIFY, LIMIT, OR SUPERSEDE ANY STAT-
9 UTE OR RULE APPLICABLE TO THE CONFIDENTIALITY OR PRIVACY OF
10 INDIVIDUALLY IDENTIFIABLE HEALTH AND MEDICAL INFORMATION,
06450'02 DAM
2
1 INCLUDING, BUT NOT LIMITED TO, APPLICABLE PROVISIONS IN THIS ACT
2 OR ANY OF THE FOLLOWING:
3 (A) SECTION 2157 OF THE REVISED JUDICATURE ACT OF 1961, 1961
4 PA 236, MCL 600.2157.
5 (B) SECTION 1750 OF THE MENTAL HEALTH CODE, 1974 PA 258,
6 MCL 330.1750.
7 (C) SECTION 406 OF THE NONPROFIT HEALTH CARE CORPORATION
8 REFORM ACT, 1980 PA 350, MCL 550.1406.
9 (D) SECTIONS 410 AND 492A OF THE MICHIGAN PENAL CODE, 1931
10 PA 328, MCL 750.410 AND 750.492A.
11 (E) SECTION 13 OF THE FREEDOM OF INFORMATION ACT, 1976
12 PA 442, MCL 15.243.
13 (F) SECTION 34 OF THE THIRD PARTY ADMINISTRATOR ACT, 1984
14 PA 218, MCL 550.934.
15 SEC. 2503. AS USED IN THIS PART:
16 (A) "HEALTH CARE PROVIDER" MEANS A PERSON LICENSED, CERTI-
17 FIED, OR REGISTERED UNDER ARTICLE 6 OR 15 OR A FACILITY OR AGENCY
18 LICENSED OR AUTHORIZED UNDER ARTICLE 17.
19 (B) "NONPUBLIC PERSONAL FINANCIAL INFORMATION" MEANS PERSON-
20 ALLY IDENTIFIABLE FINANCIAL INFORMATION ABOUT AN INDIVIDUAL AND
21 ANY LIST, DESCRIPTION, OR OTHER GROUPING OF INDIVIDUALS AND PUB-
22 LICLY AVAILABLE INFORMATION PERTAINING TO THEM THAT IS DERIVED
23 USING ANY PERSONALLY IDENTIFIABLE FINANCIAL INFORMATION THAT IS
24 NOT PUBLICLY AVAILABLE. NONPUBLIC PERSONAL FINANCIAL INFORMATION
25 DOES NOT INCLUDE ANY OF THE FOLLOWING:
26 (i) HEALTH AND MEDICAL INFORMATION OTHERWISE PROTECTED BY
27 STATE OR FEDERAL LAW.
06450'02
3
1 (ii) PUBLICLY AVAILABLE INFORMATION.
2 (iii) ANY LIST, DESCRIPTION, OR OTHER GROUPING OF INDIVIDU-
3 ALS, AND PUBLICLY AVAILABLE INFORMATION PERTAINING TO THEM, THAT
4 IS DERIVED WITHOUT USING ANY PERSONALLY IDENTIFIABLE FINANCIAL
5 INFORMATION THAT IS NOT PUBLICLY AVAILABLE.
6 (C) "PERSONALLY IDENTIFIABLE FINANCIAL INFORMATION" MEANS
7 ANY OF THE FOLLOWING:
8 (i) INFORMATION AN INDIVIDUAL PROVIDES TO A HEALTH CARE PRO-
9 VIDER TO OBTAIN HEALTH OR MEDICAL CARE FROM THE HEALTH CARE
10 PROVIDER.
11 (ii) INFORMATION ABOUT AN INDIVIDUAL RESULTING FROM ANY
12 TRANSACTION INVOLVING HEALTH OR MEDICAL CARE BETWEEN A HEALTH
13 CARE PROVIDER AND AN INDIVIDUAL.
14 (iii) INFORMATION THE HEALTH CARE PROVIDER OTHERWISE OBTAINS
15 ABOUT AN INDIVIDUAL IN CONNECTION WITH PROVIDING HEALTH OR MEDI-
16 CAL CARE TO THAT INDIVIDUAL.
17 (D) "PUBLICLY AVAILABLE INFORMATION" MEANS ANY INFORMATION
18 THAT A HEALTH CARE PROVIDER HAS A REASONABLE BASIS TO BELIEVE IS
19 LAWFULLY MADE AVAILABLE TO THE GENERAL PUBLIC FROM FEDERAL,
20 STATE, OR LOCAL GOVERNMENT RECORDS, BY WIDE DISTRIBUTION BY THE
21 MEDIA, OR BY DISCLOSURES TO THE GENERAL PUBLIC THAT ARE REQUIRED
22 TO BE MADE BY FEDERAL, STATE, OR LOCAL LAW. A HEALTH CARE PRO-
23 VIDER HAS A REASONABLE BASIS TO BELIEVE THAT INFORMATION IS LAW-
24 FULLY MADE AVAILABLE TO THE GENERAL PUBLIC IF BOTH OF THE FOLLOW-
25 ING APPLY:
06450'02
4
1 (i) THE HEALTH CARE PROVIDER HAS TAKEN STEPS TO DETERMINE
2 THAT THE INFORMATION IS OF THE TYPE THAT IS AVAILABLE TO THE
3 GENERAL PUBLIC.
4 (ii) IF AN INDIVIDUAL CAN DIRECT THAT THE INFORMATION BE
5 WITHHELD FROM THE GENERAL PUBLIC, THAT THE INDIVIDUAL HAS NOT
6 DIRECTED THAT THE INFORMATION BE WITHHELD FROM THE GENERAL
7 PUBLIC.
8 SEC. 2505. (1) A HEALTH CARE PROVIDER SHALL USE REASONABLE
9 CARE TO SECURE NONPUBLIC PERSONAL FINANCIAL INFORMATION FROM
10 UNAUTHORIZED ACCESS. EXCEPT AS IS NECESSARY OR WHEN REQUIRED BY
11 LAW, A HEALTH CARE PROVIDER SHALL NOT DISCLOSE NONPUBLIC PERSONAL
12 FINANCIAL INFORMATION TO A PERSON WITHOUT THE PRIOR AND SPECIFIC
13 INFORMED CONSENT OF THE INDIVIDUAL TO WHOM THE NONPUBLIC PERSONAL
14 FINANCIAL INFORMATION PERTAINS. THE INDIVIDUAL'S CONSENT SHALL
15 BE IN WRITING. EXCEPT WHEN A DISCLOSURE IS MADE TO THE COMMIS-
16 SIONER OR ANOTHER GOVERNMENTAL AGENCY, A COURT, OR ANY OTHER GOV-
17 ERNMENTAL ENTITY, A HEALTH CARE PROVIDER SHALL MAKE A DISCLOSURE
18 FOR WHICH PRIOR AND SPECIFIC INFORMED CONSENT IS NOT REQUIRED
19 UPON THE CONDITION THAT THE PERSON TO WHOM THE DISCLOSURE IS MADE
20 PROTECT AND USE THE DISCLOSED INFORMATION ONLY IN THE MANNER
21 AUTHORIZED BY THE HEALTH CARE PROVIDER, PURSUANT TO SECTION
22 2507. IF AN INDIVIDUAL HAS AUTHORIZED THE RELEASE OF NONPUBLIC
23 PERSONAL FINANCIAL INFORMATION TO A SPECIFIC PERSON, A HEALTH
24 CARE PROVIDER SHALL MAKE A DISCLOSURE TO THAT PERSON UPON THE
25 CONDITION THAT THE PERSON SHALL NOT RELEASE THE DATA TO A THIRD
26 PERSON UNLESS THE INDIVIDUAL EXECUTES IN WRITING ANOTHER PRIOR
06450'02
5
1 AND SPECIFIC INFORMED CONSENT AUTHORIZING THE ADDITIONAL
2 RELEASE.
3 (2) THIS SECTION DOES NOT PRECLUDE THE RELEASE OF INFORMA-
4 TION BY TELEPHONE PERTAINING TO AN INDIVIDUAL TO THAT INDIVIDUAL
5 IF THE IDENTITY OF THE INDIVIDUAL IS VERIFIED.
6 SEC. 2507. A HEALTH CARE PROVIDER SHALL ESTABLISH AND MAKE
7 PUBLIC THE POLICY OF THE HEALTH CARE PROVIDER REGARDING THE PRO-
8 TECTION OF PRIVACY AND THE CONFIDENTIALITY OF NONPUBLIC PERSONAL
9 FINANCIAL INFORMATION. THE POLICY, AT A MINIMUM, SHALL DO ALL OF
10 THE FOLLOWING:
11 (A) PROVIDE FOR THE HEALTH CARE PROVIDER'S IMPLEMENTATION OF
12 PROVISIONS IN THIS PART AND OTHER APPLICABLE LAWS AND GUIDELINES
13 RESPECTING COLLECTION, SECURITY, USE, RELEASE OF, AND ACCESS TO
14 NONPUBLIC PERSONAL FINANCIAL INFORMATION.
15 (B) IDENTIFY THE ROUTINE USES OF NONPUBLIC PERSONAL FINAN-
16 CIAL INFORMATION BY THE HEALTH CARE PROVIDER; PRESCRIBE THE MEANS
17 BY WHICH INDIVIDUALS WILL BE NOTIFIED REGARDING THOSE USES; AND
18 PROVIDE FOR NOTIFICATION REGARDING THE ACTUAL RELEASE OF NONPUB-
19 LIC PERSONAL FINANCIAL INFORMATION THAT MAY BE IDENTIFIED WITH,
20 OR THAT MAY CONCERN, AN INDIVIDUAL, UPON SPECIFIC REQUEST BY THAT
21 INDIVIDUAL. AS USED IN THIS SUBDIVISION, "ROUTINE USE" MEANS THE
22 ORDINARY USE OR RELEASE OF NONPUBLIC PERSONAL FINANCIAL INFORMA-
23 TION COMPATIBLE WITH THE PURPOSE FOR WHICH THE INFORMATION WAS
24 COLLECTED.
25 (C) ASSURE THAT NO PERSON SHALL HAVE ACCESS TO NONPUBLIC
26 PERSONAL FINANCIAL INFORMATION EXCEPT ON THE BASIS OF A NEED TO
27 KNOW.
06450'02
6
1 (D) ESTABLISH THE CONTRACTUAL OR OTHER CONDITIONS UNDER
2 WHICH NONPUBLIC PERSONAL FINANCIAL INFORMATION MAY BE RELEASED.
3 (E) PROVIDE THAT ANY PAYMENT APPLICATIONS AND FORMS DEVEL-
4 OPED BY THE HEALTH CARE PROVIDER SHALL CONTAIN AN INDIVIDUAL'S
5 CONSENT TO THE RELEASE OF DATA AND INFORMATION THAT IS LIMITED TO
6 THE DATA AND INFORMATION NECESSARY FOR THE PAYMENT FOR HEALTH OR
7 MEDICAL SERVICES, AND SHALL REASONABLY NOTIFY INDIVIDUALS OF
8 THEIR RIGHTS PURSUANT TO THE HEALTH CARE PROVIDER'S POLICY AND
9 APPLICABLE LAW.
10 SEC. 2509. THIS PART DOES NOT LIMIT ACCESS TO RECORDS OR
11 ENLARGE OR DIMINISH THE INVESTIGATIVE AND EXAMINATION POWERS OF
12 GOVERNMENTAL AGENCIES PROVIDED FOR BY LAW.
13 SEC. 2511. NOTHING IN THIS PART SHALL BE CONSTRUED TO
14 MODIFY, LIMIT, OR SUPERSEDE THE OPERATION OF THE FAIR CREDIT
15 REPORTING ACT, TITLE VI OF THE CONSUMER CREDIT PROTECTION ACT,
16 PUBLIC LAW 90-321, 15 U.S.C. 1681 TO 1681v, AND NO INFERENCE
17 SHALL BE DRAWN ON THE BASIS OF THE PROVISIONS OF THIS PART
18 REGARDING WHETHER INFORMATION IS TRANSACTION OR EXPERIENCE INFOR-
19 MATION UNDER SECTION 603 OF THE FAIR CREDIT REPORTING ACT, TITLE
20 VI OF THE CONSUMER CREDIT PROTECTION ACT, PUBLIC LAW 90-321, 15
21 U.S.C. 1681a.
22 SEC. 2513. A HEALTH CARE PROVIDER SHALL NOT UNFAIRLY DIS-
23 CRIMINATE AGAINST ANY INDIVIDUAL BECAUSE THAT INDIVIDUAL HAS NOT
24 OPTED IN OR DOES NOT INTEND TO OPT INTO THE DISCLOSURE OF HIS OR
25 HER NONPUBLIC PERSONAL FINANCIAL INFORMATION PURSUANT TO THE PRO-
26 VISIONS OF THIS PART.
06450'02
7
1 SEC. 2515. A PERSON WHO VIOLATES THIS PART IS GUILTY OF A
2 MISDEMEANOR PUNISHABLE BY IMPRISONMENT FOR NOT MORE THAN 1 YEAR,
3 OR A FINE OF NOT MORE THAN $1,000.00, OR BOTH.
06450'02 Final page. DAM