RELATES TO:
KRS
304.1-050,
304.2-110(1),
304.17A-005,
304.17A-700(7),
304.17A-846(1),
45 C.F.R. 160, 45 C.F.R. 164
NECESSITY, FUNCTION, AND CONFORMITY:
KRS
304.2-110(1) authorizes the
commissioner to promulgate reasonable administrative regulations necessary for,
or as an aid to, the effectuation of any provision of the Kentucky Insurance
Code as defined in
KRS
304.1-010.
KRS
304.17A-846 requires the department to
promulgate an administrative regulation to implement its provisions and define
the extent that health benefit plan information shall be provided to an
employer-organized association. This administrative regulation establishes
requirements for the provision of health benefit plan information to an
employer-organized association by an insurer offering a health benefit
plan.
Section 1. Definitions.
(1) "Aggregate claims experience" means the
total dollar amount paid to health care providers of medical and pharmacy
services for persons covered under an employer-organized association health
benefit plan.
(2) "Commissioner" is
defined by
KRS
304.1-050(1).
(3) "Complete request" means a written
request for employer-organized association health benefit plan information,
including:
(a) A certification by a
designated representative of the employer-organized association stating the:
1. Employer-organized association health
benefit plan has adopted safeguards and standards for the treatment of health
information pursuant to
45 C.F.R.
164.504(f); and
2. Information requested is the minimum
amount necessary to accomplish the intended purpose of the use or disclosure
pursuant to
45
C.F.R.
164.502(b) and
164.514(d);
and
(b) Specific and
sufficient details relating to the requested health benefit plan
information.
(4)
"Department" is defined by
KRS
304.1-050(2).
(5) "Electronically" is defined by
KRS
304.17A-700(7).
(6) "Employer-organized association" is
defined by
KRS
304.17A-005(12).
(7) "Employer-organized association health
benefit plan" means a health benefit plan issued to an employer-organized
association or trust established by one (1) or more employer-organized
associations.
(8) "Health benefit
plan" is defined by
KRS
304.17A-005(22).
(9) "HIPAA" means Health Insurance
Portability and Accountability Act of 1996,
Pub.L.
104-191.
Section 2. Requirements for Provision of
Information.
(1) Within five (5) business days
of receipt of a written request for information relating to an
employer-organized association health benefit plan, an insurer shall in
writing:
(a) Acknowledge receipt of the
request; and
(b) If the request
fails to be a complete request, identify the items necessary to constitute a
complete request in the acknowledgment of receipt letter.
(2) Pursuant to
KRS
304.17A-846(1), an insurer
shall provide an employer-organized association with its health benefit plan
information, as requested:
(a) Including:
1. Total aggregate claims experience by
month;
2. Total premiums paid by
month by the employer-organized association;
3. Total number of persons on a monthly basis
covered under the employer-organized association health benefit plan, by
coverage tier, as follows:
a.
Family;
b. Individual;
c. Individual and spouse;
d. Individual and domestic partner;
and
e. Parent plus; and
4. Information required under
KRS
304.17A-846(1)(d);
and
(b) Within thirty
(30) calendar days of receipt of a complete request.
(3) An insurer may:
(a) Except if an employer-organized
association specifies the method for the delivery of its health benefit plan
information, provide the requested information in one (1) of the following
formats:
1. Electronically, pursuant to the
requirements for electronic transmission of information as established in 45
C.F.R.
160 and
164; or
2. Hard
copy;
(b) Request an
extension of the timeframe for providing an employer-organized association with
its health benefit plan information in whole or in part, if the insurer:
1. Provides evidence to the
employer-organized association that a disruption in electricity and
communication connections beyond its control has occurred; or
2. Establishes that an unusual circumstance
exists that precludes the provision of health benefit plan information
electronically or in hard copy format; and
(c) Deny a complete request if:
1. A determination is made by the United
States Department of Health and Human Services Office for Civil Rights that
provision of health benefit plan information as requested by the
employer-organized association is prohibited under HIPAA; and
2. A copy of the determination, as
established under subparagraph 1. of this paragraph, is provided to the
employer-organized association which submits a complete request.
(4) The disclosure of
information under this administrative regulation is subject to the HIPAA
limitations established in
KRS
304.17A-846(2) and any
applicable administrative regulations.
Section 3. Preemption. This administrative
regulation shall not:
(1) Preempt or
supersede an existing Kentucky law relating to a medical record, health, or
insurance information privacy; or
(2) Infringe upon the jurisdiction of the
United States Department of Health and Human Services Office for Civil Rights
in its:
(a) Enforcement of 45 C.F.R.
160 and
164; and
(b) Responding to a
complaint relating to privacy of health information.
