SP0447, LD 1242, item 1, An Act To Protect Maine Consumers from Medical Identity Theft

An Act To Protect Maine Consumers from Medical Identity Theft

Emergency preamble. Whereas, acts and resolves of the Legislature do not become effective until 90 days after adjournment unless enacted as emergencies; and

Whereas, protection of personally identifying data has become important since the advent of digital record keeping and the Internet, with theft and misuse of the data occurring at an ever-increasing rate; and

Whereas, theft and misuse of personally identifying data can lead to invasion of privacy and financial loss and, in the case of medical identity theft, to possible erroneous and dangerous medical care; and

Whereas, residents of the State are presently vulnerable to medical identity theft, as evinced by the recent data breach at Anthem Blue Cross and Blue Shield, in which potentially up to 500,000 residents of the State were affected; and

Whereas, in the judgment of the Legislature, these facts create an emergency within the meaning of the Constitution of Maine and require the following legislation as immediately necessary for the preservation of the public peace, health and safety; now, therefore,

Be it enacted by the People of the State of Maine as follows:

Sec. 1. 24-A MRSA §4320-J is enacted to read:

§ 4320-J. Data protection

1. Data protection. A carrier shall protect from theft or unauthorized taking the personal and medical data of an enrollee of the carrier, including:

A. Encrypting to standards required by the bureau all medical and personal data of the enrollee;

B. If a database or records of a carrier including information concerning an enrollee's identity is breached, providing medical identity theft protection with a guarantee of recompense to standards required by the bureau for 10 years following the breach;

C. Aligning all policies and contracts with data protection standards of a medical identity fraud alliance composed of public and private sector entities that jointly develop best practices and solutions for fighting medical identity fraud, as approved by the bureau; and

D. Developing and implementing a policy approved by the bureau that ensures strict adherence to the compliance rules under the federal Health Insurance Portability and Accountability Act of 1996.

2. Rules. The bureau may adopt routine technical rules as defined by Title 5, chapter 375, subchapter 2-A to carry out the provisions of this section.

3. Application. This section applies to all data of an enrollee collected by or in the possession of a carrier on or after January 1, 2004.

Sec. 2. Department of Professional and Financial Regulation, Bureau of Insurance to adopt rules. The Department of Professional and Financial Regulation, Bureau of Insurance shall adopt rules to implement the Maine Revised Statutes, Title 24-A, section 4320-J, subsection 1, paragraph B to require medical identity theft protection with recompense to include, at no cost to the enrollee, at a minimum:

1. Identity repair assistance. If an enrollee experiences fraud, providing an investigator to work to recover the enrollee's financial losses, restore the enrollee's credit and ensure information concerning the enrollee's identity is returned to its proper condition;

2. Credit monitoring. Providing credit monitoring to alert an enrollee when a bank or creditor opens a new credit account in the enrollee's name;

3. Child identity protection. Providing child-specific identity protection services for an enrollee whose child is insured under the enrollee's health plan;

4. Identity theft insurance. Providing for an enrollee at least $1,000,000 in identity theft insurance;

5. Identity theft monitoring and fraud detection. Scanning an enrollee's data, such as credit card numbers, social security numbers and e-mail, against aggregated data sources maintained by top security researchers that contain stolen and compromised individual data to look for any indication that the enrollee's data has been compromised; and

6. Phone or e-mail alerts. Alerting an enrollee by telephone or e-mail upon receipt of a notification from a credit bureau or when it appears from identity theft monitoring activities that the enrollee's data or identity may have been compromised.

Emergency clause. In view of the emergency cited in the preamble, this legislation takes effect when approved.

SUMMARY

This bill directs an insurance carrier that provides insurance in the State to take certain measures to protect the data and identity of a person insured by the carrier on or after January 1, 2004, including encrypting all medical and personal data of the insured, providing medical identify theft protection and a guarantee of recompense for 10 years following the breach, aligning all policies with a national medical fraud alliance approved by the Department of Professional and Financial Regulation, Bureau of Insurance and requiring all carriers to develop and implement a policy approved by the bureau that ensures strict adherence to the compliance rules under the federal Health Insurance Portability and Accountability Act of 1996.

SP0447 LD 1242	Session - 127th Maine Legislature		LR 1921 Item 1
	Bill Tracking, Additional Documents	Chamber Status

Bill Tracking		Chamber Status
Amendments	Testimony, Public Hearings & Work Sessions		Committee Information for this Bill
Other Documents			Title & Section

Search Bill Text		Search Bill Status
Bill Directory	Current Committees		Legislative Information
Download MS-Word, Printed PDF		Maine Legislature

Office of Legislative Information 100 State House Station Augusta, ME 04333		voice: (207) 287-1692 fax: (207) 287-1580 tty: (207) 287-6826
Word Viewer for Windows		Disclaimer