A. An administrator shall provide for the confidentiality of personal data identifying an individual covered by a plan or insurance carrier or data concerning a person that self insures. An administrator shall not disclose records containing personal information that may be associated with an identifiable individual covered by a plan or insurance carrier or data relating to a person that self insures to a person other than the individual to whom the information pertains, except as necessary to comply with the superintendent’s inquiry or a court order. Other than to comply with the superintendent’s inquiry or a court order, an administrator shall not disclose personal data without the prior consent of the covered individual or person that self insures.

Ask an insurance law question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

B. Subsection A of this section does not apply to information disclosed for any of the following reasons or to an indicated entity:

(1)     claims adjudication; (2)     claims verification;

(3)     other proper plan or insurance carrier administration; (4)     an audit conducted pursuant to ERISA;

(5)     an insurer or plan for the purchase of excess loss insurance and for claims under the excess loss insurance, provided, an insurer obtaining information under this paragraph shall be subject to the requirements of Subsection A of this section;

plan;

(6)     the plan, insurance carrier, person that self insures or a fiduciary of the (7)     the superintendent or the superintendent’s designees; provided the information obtained by the superintendent under this subsection is confidential, except that the superintendent may use the information in any proceeding instituted against the administrator; or

(8)     as required by law.